hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

551 Commits

Author SHA1 Message Date
Geoffrey White
c49f05aa2b Swift: Fix false positive / result overlap. 2023-11-16 09:00:35 +00:00
Geoffrey White
96b4a12af7 Swift: Add heuristic sinks. 2023-11-16 09:00:35 +00:00
Geoffrey White
697c3df74a Swift: Model C printf variants. 2023-11-16 09:00:34 +00:00
Geoffrey White
1040561ec1 Swift: Model formatting append methods. 2023-11-16 09:00:34 +00:00
Geoffrey White
a6fe620bcb Swift: Fix Swift warnings in the test. 2023-11-15 18:06:38 +00:00
Geoffrey White
3a38f3b947 Swift: Add test cases. 2023-11-15 18:06:37 +00:00
Geoffrey White
0ae04de7f0 Swift: Test stubs / classes. 2023-11-15 17:23:22 +00:00
Geoffrey White
3a13759f10 Swift: Clean up the test. 2023-11-15 13:35:18 +00:00
Geoffrey White
6783707e2c Swift: Add heuristic sink. We don't catch everything, but the simple heuristic was better than anything else I tried. 2023-11-14 10:07:12 +00:00
Geoffrey White
80cfb934ce Swift: Add some tests. 2023-11-14 09:52:53 +00:00
Geoffrey White
c327f0f0a7 Merge branch 'main' into pathinjectionsinks 2023-11-10 16:04:56 +00:00
Geoffrey White
5a09a325f2 Swift: Add heuristic path injection sinks. 2023-11-10 15:13:51 +00:00
Geoffrey White
ebf7231be7 Swift: Make the 'completePath' models work. 2023-11-09 18:21:12 +00:00
Geoffrey White
9b5556e245 Swift: Test 'completePath' more carefully. 2023-11-09 18:21:12 +00:00
Geoffrey White
2d313ef4c7 Swift: Add some path injection sink models. 2023-11-09 18:21:12 +00:00
Geoffrey White
cd147038cd Swift: Fill some gaps in the URL, NSURL models. 2023-11-09 11:51:18 +00:00
Geoffrey White
a86862d578 Swift: Add test cases (heuristic). 2023-11-09 11:33:10 +00:00
Geoffrey White
04016ebd20 Swift: Add test cases (more library functions). 2023-11-09 11:31:58 +00:00
Geoffrey White
f99df55e94 Swift: Add test stubs. 2023-11-09 11:28:33 +00:00
Mathias Vorreiter Pedersen
68e7f84c23 Merge pull request #14661 from geoffw0/commandinject4 
Swift: Fix defaultImplicitTaintRead on fields
 2023-11-08 15:52:18 +00:00
Geoffrey White
6b434d10ce Merge pull request #14701 from geoffw0/promotecmdline 
Swift: Promote the command injection query out of experimental
 2023-11-08 15:46:29 +00:00
Geoffrey White
4ce8d953d2 Merge pull request #14698 from geoffw0/realmswift 
Swift: Fix an issue with Realm sinks for swift/cleartext-storage-database
 2023-11-07 08:37:27 +00:00
Geoffrey White
1c6a4b8cbf Swift: Update the test .qlref. 2023-11-06 17:32:25 +00:00
Geoffrey White
77e48f72ec Swift: Detect Realm sinks more reliably. 2023-11-06 15:54:17 +00:00
Geoffrey White
424046d238 Swift: Add test case. 2023-11-06 15:54:17 +00:00
Geoffrey White
b99e44c3ca Swift: Fix the Data test. 2023-11-06 09:18:27 +00:00
Geoffrey White
431d9d58f1 Merge pull request #14639 from geoffw0/anchorquery 
Swift: New query for Missing Regular Expression Anchor
 2023-11-02 09:20:19 +00:00
Geoffrey White
206acea41c Swift: Fix defaultImplicitTaintRead for sinks that are field accesses on a subclass of the type containing the field. 2023-11-01 17:49:25 +00:00
Geoffrey White
554007b305 Swift: Add a couple more test cases close to the failures. 2023-10-31 17:19:28 +00:00
Geoffrey White
c82eb4dff3 Swift: Test spacing. 2023-10-31 17:18:08 +00:00
Geoffrey White
b259a0ff6a Swift: get rid of getRemoteData() in the tests, it's obfuscating results. 2023-10-30 17:48:51 +00:00
Geoffrey White
c8706e2ad7 Swift: Add some annotations to the clarify UnsafeJSEval.swift test. 2023-10-30 17:43:37 +00:00
Geoffrey White
c09df2e3f1 Swift: Add test cases for the isLineAnchoredHostnameRegExp query case. 2023-10-30 14:33:42 +00:00
Geoffrey White
8f115bfd06 Swift: Implement 'isUsedAsReplace'. 2023-10-30 14:33:42 +00:00
Geoffrey White
435638a5bb Swift: Port the JS tests to Swift. 2023-10-30 13:08:11 +00:00
Geoffrey White
954b0612d5 Swift: Initial state of the existing test. 2023-10-30 13:08:10 +00:00
Geoffrey White
14db0dfcc7 Swift: Fairly minimal fix to get the query and test working for Swift. 2023-10-30 13:08:10 +00:00
Geoffrey White
c040d4847b Swift: Copy MissingRegexAnchor query from JS. 2023-10-30 13:08:10 +00:00
Mathias Vorreiter Pedersen
6062fbb475 Merge pull request #14383 from geoffw0/nsstringregex 
Swift: Add regular expression evaluation models for StringProtocol and NSString methods
 2023-10-27 15:49:23 +01:00
Mathias Vorreiter Pedersen
4aed638066 Merge pull request #14577 from MathiasVP/capture-flow-swift 
Swift: Add variable-capture flow
 2023-10-27 14:09:04 +01:00
Mathias Vorreiter Pedersen
93234c0b5c Swift: Add model for 'withVaList' and accept test changes. 2023-10-27 10:21:12 +01:00
Mathias Vorreiter Pedersen
9e2dd09ddc Swift: Accept test regression (caused by no model for 'withVaList'). 2023-10-27 10:20:07 +01:00
Geoffrey White
06b1cd939c Merge pull request #14502 from geoffw0/xmlquery 
Swift: Model RawRepresentable
 2023-10-24 16:25:15 +01:00
Mathias Vorreiter Pedersen
6f37d7c374 Swift: Accept changes in paths. 2023-10-24 15:39:19 +01:00
Nora Dimitrijević
af49a3aa64 Swift: accept new results in old tests 2023-10-24 13:56:31 +01:00
Geoffrey White
990c40c8c8 Swift: Barrier for duplicate results in constant queries, resulting from sources like [1, 2, 3]. 2023-10-16 18:28:51 +01:00
Geoffrey White
6108f787dd Swift: Effect on query tests. 2023-10-16 18:28:51 +01:00
Geoffrey White
d0f214a9a7 Swift: Widen the model to include things that are not strictly RawRepresentable but which appear similar. This fixes the XXE test cases. Unclear whether xmlParserOption in the test should in fact extend RawRepresentable, or not. 2023-10-13 17:35:05 +01:00
Mathias Vorreiter Pedersen
fb0016e4f6 Merge pull request #14485 from geoffw0/logging 
Swift: Add more sinks to `swift/cleartext-logging`
 2023-10-13 16:09:19 +01:00
Mathias Vorreiter Pedersen
9a2ac65f53 Merge pull request #14394 from geoffw0/sqlpathinject3 
Swift: Add sinks for sqlite3 and SQLite.swift to swift/hardcoded-key
 2023-10-13 16:07:09 +01:00