hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

695 Commits

Author SHA1 Message Date
Tony Torralba
f4047e016c Address QL-for-QL alert 
Use an alert message consistent with the other languages
 2022-11-03 12:01:42 +01:00
Tony Torralba
dc6f60a501 Add new XXE query 
Only XMLParser sinks for the time being
 2022-11-03 12:01:42 +01:00
Nora Dimitrijević
7b599f5fef Swift: Add async varant of WKWebView evaluateJavaScript(_:) 
See concurrency note here: https://developer.apple.com/documentation/webkit/wkwebview/1415017-evaluatejavascript

See also https://developer.apple.com/documentation/swift/calling-objective-c-apis-asynchronously
 2022-11-03 11:16:48 +01:00
Nora Dimitrijević
5c905c42b2 Swift: Initial UnsafeJsEval query 2022-11-03 11:16:48 +01:00
Karim Ali
f6484e6e6b cleanup old code comments 2022-11-02 16:21:51 +02:00
Karim Ali
eefda61445 add a query that checks for the use of static IVs 2022-11-02 16:09:00 +02:00
Geoffrey White
85e99feb49 Swift: Have swift/unsafe-webview-fetch use indices instead of parameter names. 2022-11-01 22:58:48 +00:00
Geoffrey White
d87117f623 Swift: Have swift/string-length-conflation use indices instead of parameter names. 2022-11-01 22:51:10 +00:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Karim Ali
8be4d47178 fix typos 2022-11-01 16:03:36 +02:00
Geoffrey White
84c754e007 Merge pull request #11062 from geoffw0/rename 
Swift: Rename ECB-Encryption directory
 2022-11-01 12:59:53 +00:00
Karim Ali
fe408cfb41 add a query that detects the use of constant passwords 2022-11-01 14:03:27 +02:00
Geoffrey White
7d80c5c7f7 Swift: Rename query directory. 2022-11-01 09:21:10 +00:00
Karim Ali
3911f3b202 update query description following docs review 2022-10-31 13:54:35 +02:00
Karim Ali
76a330d4b9 update code example to be OWASP compliant 2022-10-31 13:52:49 +02:00
Karim Ali
723ca8ed88 update documentation following docs review 2022-10-31 13:50:30 +02:00
Geoffrey White
ca586b4f3d Merge remote-tracking branch 'upstream/main' into global 2022-10-31 10:28:29 +00:00
Geoffrey White
0dd8f574a7 Swift: Redesign as a FreeFunctionDecl class + add some qldoc. 2022-10-31 10:24:12 +00:00
Geoffrey White
840b74dbb5 Swift: Add and use ApplyExpr.getArgumentByParamName. 2022-10-28 17:55:11 +01:00
Geoffrey White
f122005aaf Swift: Simplify out some variables. 2022-10-28 17:26:17 +01:00
Geoffrey White
b4d939a620 Swift: Correct a comment. 2022-10-28 17:11:24 +01:00
Geoffrey White
648c2d09f9 Swift: Simplify InsecureTLS.ql. 2022-10-28 15:56:03 +01:00
Geoffrey White
cf9c3afc86 Swift: Add and use AbstractFunctionDecl.hasGlobalName predicate. 2022-10-28 13:57:24 +01:00
Geoffrey White
368f37a27e Swift: And another. 2022-10-28 11:46:27 +01:00
Geoffrey White
1f3ed1cec7 Merge remote-tracking branch 'upstream/main' into simplify 2022-10-28 11:42:05 +01:00
Geoffrey White
6fca350714 Use MethodDecl.hasQualifiedName. 2022-10-28 11:41:42 +01:00
Geoffrey White
ca279f4073 Merge pull request #10996 from geoffw0/methods 
Swift: Add MethodDecl.hasQualifiedName
 2022-10-27 19:18:48 +01:00
Geoffrey White
a32b08f56a Swift: remove redundant line. 2022-10-26 16:39:33 +01:00
Geoffrey White
5d21c51deb Swift: use hasQualifiedName in UnsafeWebViewFetch.ql. 2022-10-26 16:12:29 +01:00
Karim Ali
420c35d4a2 add a query that detects the use of constant salts 2022-10-26 15:32:59 +02:00
Geoffrey White
3d025ea77e Merge pull request #10903 from geoffw0/review 
Swift: Add some summary queries.
 2022-10-25 14:47:09 +01:00
Geoffrey White
b59f01f968 Swift: Use UnknownFile. 2022-10-25 13:44:13 +01:00
Karim Ali
18dd0f650c update iterations threshold to most recent OWASP recommendation 
which is at least 120,000 iterations for secure password hashing
 2022-10-25 14:01:40 +02:00
Karim Ali
e8f55b9f0d update output message 2022-10-25 13:24:37 +02:00
Karim Ali
c0ac29db16 clarify qhelp + add references to it 2022-10-25 13:24:37 +02:00
Karim Ali
4b7cb706f6 fix error in checking # of iterations 
plus also simplify the pattern matching of the sink classes
 2022-10-25 13:24:37 +02:00
Karim Ali
c4b2519e6c initial draft of the Swift query for CWE-916 2022-10-25 13:24:37 +02:00
Geoffrey White
8a8b1aff7f Swift: Restrict expressions count to expressions with locations. 2022-10-21 18:57:15 +01:00
Geoffrey White
3215295d06 Swift: simpkify SummaryStats.ql description. 2022-10-21 18:48:08 +01:00
Geoffrey White
138643519c Merge pull request #10757 from geoffw0/sqlinject 
Swift: Query for SQL injection
 2022-10-20 18:55:38 +01:00
Geoffrey White
661106c1a0 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-10-20 17:54:40 +01:00
Geoffrey White
5a3577679d Swift: Improve metadata. 2022-10-20 12:44:56 +01:00
Geoffrey White
adeef309f3 Swift: Add some queries to help examine databases. 2022-10-20 12:34:07 +01:00
Geoffrey White
5b1e138300 Swift: Another qhelp edit. 2022-10-19 20:49:26 +01:00
Geoffrey White
495f744cd3 Swift: Attempt to address qhelp suggestions. 2022-10-19 20:44:27 +01:00
Geoffrey White
05d9c7b892 Swift: More 'an SQL' -> 'a SQL'. 2022-10-19 19:44:59 +01:00
Geoffrey White
83dc6d1564 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-10-19 19:42:35 +01:00
Geoffrey White
0281bfedda Merge pull request #10689 from d10c/swift/cleartext-storage-nsuserdefaults 
Swift: Query for CWE-312: Exposure of sensitive information using NSUserDefaults
 2022-10-17 14:05:17 +01:00
Geoffrey White
9767064310 Swift: Fix bug for sqlite3_prepare_v3. 2022-10-17 13:40:35 +01:00
Geoffrey White
13018150ed Merge branch 'main' into sqlinject 2022-10-17 13:30:14 +01:00