hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

549 Commits

Author SHA1 Message Date
maikypedia
1a499cf388 Update expected 2024-02-07 14:38:21 +01:00
Maiky
7c0f80ff7d Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2024-02-07 14:32:42 +01:00
GitHub Security Lab
00d1f8e84a Merge branch 'main' into maikypedia/swift-zip 2024-01-25 11:05:46 +01:00
Geoffrey White
a39bb8c037 Swift: Rename the query file. 2024-01-19 17:58:58 +00:00
Geoffrey White
ed602642b6 Swift: Basic test for getRelativePath. 2024-01-19 17:58:58 +00:00
Geoffrey White
8cf691a477 Swift: Add File.getRelativePath and update swift/diagnostics/successfully-extracted-files. 2024-01-19 17:58:58 +00:00
Alex Denisov
0e73531aa9 Swift: upgrade to 5.9.2 2024-01-09 09:23:32 +01:00
Geoffrey White
2f6f376d2d Merge pull request #15230 from geoffw0/swiftui 
Swift: Add dataflow tests for property wrappers and SwiftUI
 2024-01-08 17:41:43 +00:00
Geoffrey White
6636c76af8 Merge pull request #15122 from geoffw0/pwhash 
Swift: Query for Use of an inappropriate cryptographic hashing algorithm on passwords
 2024-01-08 14:11:02 +00:00
Geoffrey White
fb77e3733b Swift: Add a test of SwiftUI secure fields as a sensitive data source. 2024-01-04 12:34:33 +00:00
Geoffrey White
0ff84b467f Swift: Create examples for the .qhelp in Swift, and test them. 2023-12-15 11:14:05 +00:00
Geoffrey White
3a900f1f8b Swift: Fix some inconsistencies in the test cases. 2023-12-14 18:04:34 +00:00
Geoffrey White
7ba18e64a0 Swift: Add sinks for algorithms that are OK for sensitive data hashing but not for password hashing. 2023-12-14 18:04:34 +00:00
Geoffrey White
c2d49c0fff Swift: Address a weakness in the sensitive data regexs. 2023-12-14 18:04:34 +00:00
Geoffrey White
87eb96ed3b Swift: Add more cases to test. 2023-12-14 18:04:34 +00:00
Geoffrey White
22ed20dd7c Swift: Upgrade SecKeyCopyExternalRepresentation source to be considered a password / key rather than a miscellaneous credential. 2023-12-14 18:04:34 +00:00
Geoffrey White
10b4c98e80 Swift: Move password sources to be reported by the new query. 2023-12-14 16:09:47 +00:00
Geoffrey White
5faa25fc6c Swift: Make passwords their own sensitive data type. 2023-12-14 16:09:47 +00:00
Mathias Vorreiter Pedersen
04ca36f9b0 Merge pull request #15106 from geoffw0/revrevtest 
Swift: Revert:Revert "Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query"
 2023-12-14 15:56:46 +00:00
Geoffrey White
7e6ff7c826 Swift: Disable the part of the test that triggers an extraction issue. 2023-12-14 15:04:48 +00:00
Geoffrey White
987cdff862 Revert "Revert "Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query"" 
This reverts commit a478980e48.
 2023-12-14 13:56:35 +00:00
Geoffrey White
e8f8aa266f Merge remote-tracking branch 'upstream/main' into pointermodels 2023-12-13 16:43:15 +00:00
Mathias Vorreiter Pedersen
a478980e48 Revert "Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query" 2023-12-13 15:40:09 +00:00
Geoffrey White
023d72b6fb Merge remote-tracking branch 'upstream/main' into pointermodels 2023-12-13 14:07:17 +00:00
Geoffrey White
609f92c7ac Merge pull request #13870 from geoffw0/commoncrypto1 
Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query
 2023-12-12 15:26:02 +00:00
Geoffrey White
f2e3391a33 Swift: Accept test regression. 2023-12-12 11:37:05 +00:00
Mathias Vorreiter Pedersen
2e4fe49d61 Swift: Accept test changes. 2023-12-11 10:41:07 +00:00
Geoffrey White
32fdf4fc9f Merge pull request #15007 from geoffw0/sensitivekeytests 
Swift: Add some tests and model SecKeyCopyExternalRepresentation
 2023-12-07 10:50:13 +00:00
Geoffrey White
4cec14657e Merge pull request #14853 from geoffw0/logsinks 
Swift: More sinks for swift/cleartext-logging
 2023-12-06 09:00:26 +00:00
Geoffrey White
5095031110 Swift: Model SecKeyCopyExternalRepresentation as an explicit sensitive data source. 2023-12-05 13:35:44 +00:00
Geoffrey White
1d903c56ad Swift: Add a test with SecKeyCopyExternalRepresentation. 2023-12-05 13:35:44 +00:00
Geoffrey White
a5dd4a4e2a Swift: More tests of keys as sensitive data. 2023-12-04 19:05:15 +00:00
Robert Marsh
4df25f4f7f Merge pull request #14797 from geoffw0/sqlsinks 
Swift: Heuristic sinks for swift/sql-injection
 2023-11-28 11:18:10 -05:00
Geoffrey White
5f4213004b Merge branch 'main' into logsinks 2023-11-28 11:51:56 +00:00
Mathias Vorreiter Pedersen
70e0b33ce6 Merge pull request #14807 from geoffw0/formatsinks 
Swift: More sinks for swift/uncontrolled-format-string
 2023-11-27 11:10:04 +00:00
Maiky
6739750d2a Add Unsafe Unpacking Query (CWE-022) 2023-11-23 12:48:33 +01:00
Geoffrey White
c89be6a1de Swift: Refine the heuristic (mostly narrower). 2023-11-21 13:49:53 +00:00
Geoffrey White
5bbc61e83c Swift: Add a few more test cases. 2023-11-21 11:32:40 +00:00
Geoffrey White
b4b78a1bce Swift: Minor corrections. 2023-11-20 19:29:35 +00:00
Geoffrey White
3cecf69818 Swift: Fix spurious results for 'login' functions. 2023-11-20 18:38:47 +00:00
Geoffrey White
aa93165d24 Swift: Add heuristic sinks. 2023-11-20 18:38:47 +00:00
Geoffrey White
d91c5c0486 Swift: Model NSException sinks. 2023-11-20 18:38:46 +00:00
Geoffrey White
7e02c05164 Swift: Address the sprintf case. 2023-11-20 18:38:46 +00:00
Geoffrey White
835967a33e Swift: Fix for autoclosure sinks. 2023-11-20 18:15:16 +00:00
Geoffrey White
795f16ba56 Swift: Model 'printf' variants as cleartext logging sinks. 2023-11-20 18:15:06 +00:00
Geoffrey White
06c2c423b3 Swift: Clean up the test logic slightly. 2023-11-20 18:12:15 +00:00
Geoffrey White
b348dc2a32 Swift: Extend cleartext logging tests (test cases). 2023-11-20 18:11:52 +00:00
Geoffrey White
2a69b03092 Swift: Extend cleartext logging tests (stubs). 2023-11-20 18:11:41 +00:00
Geoffrey White
c49f05aa2b Swift: Fix false positive / result overlap. 2023-11-16 09:00:35 +00:00
Geoffrey White
96b4a12af7 Swift: Add heuristic sinks. 2023-11-16 09:00:35 +00:00