hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

695 Commits

Author SHA1 Message Date
Tony Torralba
6bb54f07bf Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-12-01 18:08:47 +01:00
Geoffrey White
2b61f26a64 Swift: Add doc. 2022-12-01 16:32:34 +00:00
Geoffrey White
a2210959b5 Swift: Uncontrolled format string query (initial version). 2022-12-01 16:32:33 +00:00
Tony Torralba
8cc66172c3 Add path injection query 2022-11-29 11:55:03 +01:00
Geoffrey White
96e04e7f63 Swift: Use ConstructorDecl in place of name matching. 2022-11-28 17:39:45 +00:00
Geoffrey White
edb6325117 Swift: Fix comment. 2022-11-28 17:07:34 +00:00
Geoffrey White
aa5c893d5e Swift: Further simplify. 2022-11-28 17:07:34 +00:00
Geoffrey White
97bd91ed19 Swift: Simplify using ApplyExpr.getArgumentWithLabel. 2022-11-28 16:51:46 +00:00
Mathias Vorreiter Pedersen
3716d67cc9 Merge pull request #11451 from geoffw0/wkuserscript 
Swift: models for WKUserScript
 2022-11-28 14:24:19 +00:00
Geoffrey White
116d9667e7 Swift: Remove special case from query. 2022-11-28 12:15:38 +00:00
Geoffrey White
b3d2e759a6 Swift: Update swift/sql-injection to include local flow sources. 2022-11-28 10:11:44 +00:00
Geoffrey White
a5a459fe0a Swift: Update swift/unsafe-js-eval to include local flow sources. 2022-11-28 10:11:44 +00:00
Tony Torralba
fc7c66dab2 Remove now unnecessary additional taint step in UnsafeJsEval 2022-11-24 12:35:52 +01:00
Nora Dimitrijević
8f065e9483 Merge pull request #11001 from d10c/swift/js-injection 2022-11-24 10:52:05 +01:00
Geoffrey White
556d68aeed Update swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-11-23 09:17:18 +00:00
Nora Dimitrijević
8f5af3fca6 Merge branch 'main' into swift/js-injection 2022-11-18 17:07:20 +01:00
Nora Dimitrijević
8b332778e3 Swift: update @security-severity 2022-11-17 18:08:06 +01:00
Nora Dimitrijević
52e5d541ef Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-15 21:15:04 +01:00
Nora Dimitrijević
fccb581765 Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-15 21:14:56 +01:00
Nora Dimitrijević
cb7d9d5f3f Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-15 21:14:50 +01:00
Nora Dimitrijević
8db8f14f99 Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-15 21:14:37 +01:00
Nora Dimitrijević
b42482c960 Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2022-11-15 21:14:18 +01:00
Geoffrey White
5460004223 Merge branch 'main' into HEAD 2022-11-14 13:44:39 +00:00
Tony Torralba
a21db3b3c2 Merge pull request #11086 from atorralba/atorralba/swift/xxe-query 
Swift: Add new query for XML External Entities (XML) vulnerabilities
 2022-11-14 12:34:30 +01:00
Nora Dimitrijević
16ba5b1bb5 Swift: update doctests 2022-11-14 12:30:16 +01:00
Paolo Tranquilli
3de650e19d Swift: make toBeTested and shouldPrint propagate to children 2022-11-11 12:49:18 +01:00
Nora Dimitrijević
4b7a89e754 Merge branch 'main' into swift/js-injection 2022-11-11 12:23:26 +01:00
Geoffrey White
d97682991d Swift: Add Alamofire sink for cpp/cleartext-transmission. 2022-11-10 15:33:00 +00:00
Karim Ali
b209cac2e2 Merge pull request #11063 from karimhamdanali/swift-pbe-constant-password 
Swift: detect the use of constant passwords for password-based encryption
 2022-11-10 16:36:27 +02:00
Karim Ali
e18b2cfa39 Merge pull request #11084 from karimhamdanali/swift-static-iv 
Swift: detect the use of static initialization vectors
 2022-11-10 16:35:21 +02:00
Karim Ali
7d473fb265 address docs review 2022-11-10 15:01:05 +02:00
Karim Ali
d229d6a7cb address docs review 2022-11-10 14:30:04 +02:00
Nora Dimitrijević
5940f17b83 Swift: Docs + doctests 2022-11-09 13:10:08 +01:00
Alex Denisov
dacbf4e798 Swift: use more common name for the query 2022-11-09 12:29:50 +01:00
Alex Denisov
a1fa424ec1 Swift: add an internal query-suite for listing all the compiler errors 2022-11-09 12:05:41 +01:00
Tony Torralba
eef4fc3a0a Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-11-08 15:44:26 +01:00
Geoffrey White
25b4296045 Swift: Rename predicate to avoid confusion. 2022-11-08 13:52:33 +00:00
Geoffrey White
e669754d0b Swift: Also add local flow sources to summary queries. 2022-11-08 13:05:41 +00:00
Nora Dimitrijević
7585541514 Merge branch 'main' into swift/js-injection 2022-11-08 11:25:54 +01:00
Nora Dimitrijević
d37ed02e79 Swift: basic Data-related taint flow in query 
Still TODO: a more comprehensive taint flow model for Data in the libs.
 2022-11-08 11:24:53 +01:00
Nora Dimitrijević
66291d3575 Swift: sync tests pass with additional flow steps 
TODO: Convert those flow steps to taint flow models in the library.
 2022-11-08 11:09:55 +01:00
Karim Ali
c794fef9cb update qhelp with more details about the use of constant passwords 2022-11-08 11:26:52 +02:00
Karim Ali
b1679df3d2 tighten check against the "iv" argument only 2022-11-08 11:22:18 +02:00
Karim Ali
b077fc5e91 add more details in qhelp about the use of hardcoded/constant IVs 2022-11-08 11:19:41 +02:00
Karim Ali
5766ff21d0 Merge pull request #10993 from karimhamdanali/swift-pbe-constant-salts 
Swift: detect the use of constant salts
 2022-11-07 16:22:41 +02:00
Karim Ali
53055bc8b6 add another reference to RFC 2898 2022-11-07 13:44:25 +02:00
Karim Ali
1756feae71 address docs review 2022-11-07 13:20:02 +02:00
Geoffrey White
7b62bed9db Merge pull request #10947 from karimhamdanali/swift-pbe-iterations 
Swift: detect hash functions with low # of iterations
 2022-11-07 10:38:29 +00:00
Mathias Vorreiter Pedersen
60ac031db4 Merge pull request #11036 from geoffw0/simplify3 2022-11-05 00:31:05 +00:00
Nora Dimitrijević
fdd7d76ffd Swift: use FreeFunctionDecl/.has(Qualified)Name 
Instead of hand-rolled predicates.
 2022-11-03 16:14:43 +01:00