Paolo Tranquilli
fccf07c5bc
Swift: tweak qhelp file for WeakSensitiveDataHashing
2022-09-09 11:01:24 +02:00
Paolo Tranquilli
c739bbb051
Swift: bake in isProbablySafe in SensitiveExpr
...
Also restructured the code a bit in the weak hashing query.
2022-09-09 11:00:02 +02:00
erik-krogh
26d8553f6e
ensure consistent casing of names
2022-09-09 10:34:14 +02:00
Alex Denisov
a8a2c9e212
Swift: CWE-757: update severity
2022-09-08 10:40:16 +02:00
Alex Denisov
d455a557be
Swift: CWE-757: update docs and user facing text
2022-09-08 10:31:23 +02:00
Alex Denisov
d18ad665b6
Swift: CWE-757: Insecure TLS configuration
2022-09-08 09:34:04 +02:00
Mathias Vorreiter Pedersen
417b2152d8
Merge pull request #10319 from geoffw0/cleartextbarrier
2022-09-08 00:30:57 +01:00
Paolo Tranquilli
a5233c0d01
Swift: fix @id
2022-09-07 16:17:45 +02:00
Paolo Tranquilli
19b13ee4e3
Swift: first draft of query targeting weak hashing
2022-09-07 15:58:35 +02:00
Geoffrey White
0741266cea
Swift: Switch from isSanitizerIn to isSanitizer.
2022-09-06 13:37:49 +01:00
Geoffrey White
8281d92e71
Swift: Add barriers for encryption.
2022-09-06 13:37:49 +01:00
Geoffrey White
a14efcfb69
Merge branch 'main' into stringlengthcleanup
2022-09-02 19:26:28 +01:00
Geoffrey White
e96e965bf9
Swift: Rename 'member' -> 'memberRef' for readability.
2022-09-02 19:21:58 +01:00
Geoffrey White
361ddb844e
Swift: Simplify isSource (behaviour preserving).
2022-09-02 19:21:52 +01:00
Geoffrey White
5b528573ce
Swift: Update similar cases.
2022-09-02 19:21:51 +01:00
Geoffrey White
c3a8da4570
Swift: Use getABaseTypeDecl() to improve StringLengthConflation.ql.
2022-09-02 19:21:50 +01:00
Geoffrey White
aad77c2388
Swift: Use TypeDecl.getABaseTypeDecl().
2022-09-01 10:42:09 +01:00
Geoffrey White
d3250a7e16
Swift: Fix finding base classes.
2022-09-01 09:01:56 +01:00
Geoffrey White
92a927efa7
Swift: Remove special case (no longer required).
2022-09-01 08:53:51 +01:00
Geoffrey White
129ed426a0
Swift: Use allowImplicitRead as a better solution replacing one of the special flow cases.
2022-08-31 17:58:18 +01:00
Geoffrey White
60fad4d652
Merge remote-tracking branch 'upstream/main' into swiftcleanup
2022-08-31 16:04:39 +01:00
Paolo Tranquilli
bb845c6d7f
Swift: rename printast.ql->printAst.ql
2022-08-31 08:55:40 +02:00
Paolo Tranquilli
cd632dcfee
Swift: minor tweaks
...
Replace string singleton with a newtype-based one, and fix some doc
comment cosmetics.
2022-08-31 06:39:35 +02:00
Geoffrey White
430a8e141d
Swift: Fix issues.
2022-08-30 18:04:12 +01:00
Paolo Tranquilli
47b905bfaf
Swift: add PrintAst
2022-08-30 18:04:55 +02:00
Geoffrey White
4984d8f6f2
Apply suggestions from code review
...
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com >
2022-08-30 12:26:06 +01:00
Geoffrey White
645364e8b8
Update swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.qhelp
...
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com >
2022-08-30 12:24:49 +01:00
Geoffrey White
2d57786dae
Merge branch 'main' into cleartext
2022-08-25 23:10:36 +01:00
Geoffrey White
7fd64f1d9c
Swift: Make QL-for-QL happy.
2022-08-25 23:06:03 +01:00
Geoffrey White
926da4bedc
Swift: Query descriptions and metadata.
2022-08-25 22:52:19 +01:00
Geoffrey White
9a53a40ac6
Swift: Qhelp and examples for both queries.
2022-08-25 22:52:18 +01:00
Geoffrey White
2690732c75
Swift: Special cases to get taint flow working.
2022-08-25 22:15:19 +01:00
Geoffrey White
698a9e2e2e
Swift: Realm database support.
2022-08-25 22:15:18 +01:00
Geoffrey White
3126fb930d
Swift: Core Data support.
2022-08-25 22:15:18 +01:00
Geoffrey White
456ab980a5
Swift: Fix duplicate results.
2022-08-25 22:15:17 +01:00
Geoffrey White
0cd2efc1b1
Swift: CleartextTransmission query.
2022-08-25 22:15:16 +01:00
Paolo Tranquilli
9b50336e47
Swift: synthesize MethodRefExpr
...
This introduces a `MethodRefExpr` node synthesized out of
`DotSyntaxCallExpr` under the `LookupExpr` hierarchy. This means that
much like
```free_function(1, 2)```
is a `CallExpr` with `getFunction` giving a `DeclRefExpr`,
```foo.method(1, 2)```
is now a `CallExpr` with `getFunction` giving a `MethodRefExpr`.
`ApplyExpr::getStaticTarget` has been made work with it (as well as
`ConstructorRefCallExpr` which for the moment has been left where it
is), a new `MethodApplyExpr` has been introduced deriving from it,
and control and data flow libraries have adapted.
A small but was fixed in `qlgen` where the default constructor for DB
types was not correctly subtracting derived IPA types depending on the
order of definitions in `schema.yml`.
There are still some occurrences of `DotSyntaxCallExpr`, and as already
mentioned the other `SelfApply` class (`ConstructorRefCallExpr`) was
left alone. Their treatment is left for a future PR.
2022-08-19 14:48:36 +02:00
Geoffrey White
c1be060ef8
Swift: Create query + test stubs.
2022-08-11 16:10:18 +01:00
Geoffrey White
36f410b9f7
Swift: Move taint logic from isAdditionalTaintStep to defaultAdditionalTaintStep.
2022-08-09 17:42:28 +01:00
Mathias Vorreiter Pedersen
24c9ab8015
Swift: Fix MaD for methods
2022-08-05 10:52:28 +01:00
Mathias Vorreiter Pedersen
1c8090fa04
Merge pull request #9964 from geoffw0/cwe95
...
Swift: Query for CWE-79 / CWE-95
2022-08-05 10:38:33 +01:00
Geoffrey White
997068a9cb
Swift: Fix a suggestion merge conflict.
2022-08-03 18:16:31 +01:00
Geoffrey White
873c62ef78
Swift: Apply another code review suggestion.
2022-08-03 18:16:01 +01:00
Geoffrey White
e4dab17318
Apply suggestions from code review
...
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com >
2022-08-03 18:14:14 +01:00
Geoffrey White
9d49986345
Swift: Make QL-for-QL happy.
2022-08-03 17:18:57 +01:00
Geoffrey White
39f1352847
Swift: Complete the rename.
2022-08-03 14:45:20 +01:00
Geoffrey White
81bd61288c
Swift: I think CWE-079 is the more accurate CWE for this query.
2022-08-03 14:45:19 +01:00
Geoffrey White
c635895644
Swift: Documentation.
2022-08-03 14:45:18 +01:00
Geoffrey White
8d9653a999
Swift: Generated security-severity tag.
2022-08-03 09:54:54 +01:00
Geoffrey White
651b73e21e
Swift: Check for tainted baseURL.
2022-08-03 09:42:48 +01:00
