hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

556 Commits

Author SHA1 Message Date
Geoffrey White
990c40c8c8 Swift: Barrier for duplicate results in constant queries, resulting from sources like [1, 2, 3]. 2023-10-16 18:28:51 +01:00
Geoffrey White
6108f787dd Swift: Effect on query tests. 2023-10-16 18:28:51 +01:00
Geoffrey White
d0f214a9a7 Swift: Widen the model to include things that are not strictly RawRepresentable but which appear similar. This fixes the XXE test cases. Unclear whether xmlParserOption in the test should in fact extend RawRepresentable, or not. 2023-10-13 17:35:05 +01:00
Mathias Vorreiter Pedersen
fb0016e4f6 Merge pull request #14485 from geoffw0/logging 
Swift: Add more sinks to `swift/cleartext-logging`
 2023-10-13 16:09:19 +01:00
Mathias Vorreiter Pedersen
9a2ac65f53 Merge pull request #14394 from geoffw0/sqlpathinject3 
Swift: Add sinks for sqlite3 and SQLite.swift to swift/hardcoded-key
 2023-10-13 16:07:09 +01:00
Geoffrey White
9e473ebda4 Swift: Remove the 'rawValue' step as well. 2023-10-13 14:02:15 +01:00
Geoffrey White
9f683b8630 Swift: Remove duplicate results. 2023-10-12 17:38:58 +01:00
Geoffrey White
cf7f355fc4 Swift: Additional test cases. 2023-10-12 17:11:56 +01:00
Geoffrey White
e2a8569940 Swift: Clean up indentation. 2023-10-12 13:05:20 +01:00
Geoffrey White
8f852f2e7d Swift: Turn sink models into flow summary models, where appropriate. 2023-10-12 12:57:05 +01:00
Geoffrey White
09974b5176 Swift: Extend sink models. 2023-10-12 09:17:04 +01:00
Geoffrey White
0e4cd7f52f Swift: Additional test cases. 2023-10-11 18:37:24 +01:00
Geoffrey White
48ee4add08 Merge branch 'main' into sqlpathinject3 2023-10-10 08:54:44 +01:00
Geoffrey White
62b0ebf2fe Merge pull request #14407 from geoffw0/grdbsinks 
Swift: Add sinks for the GRDB database library to swift/hardcoded-key
 2023-10-09 12:58:17 +01:00
Geoffrey White
c492b5f2dd Swift: Model sinks. 2023-10-07 23:19:09 +01:00
Geoffrey White
8bf6fd67d1 Swift: Add a test for GRDB hardcoded key sinks. 2023-10-07 23:07:32 +01:00
Geoffrey White
676179620a Swift: Get sqlite3 C API results (model Data.withUnsafeBytes, Data.withUnsafeMutableBytes, permit flow out of collections at the query sink) 2023-10-06 18:26:20 +01:00
Geoffrey White
bc9d8cc40f Swift: Get another SQLite.swift result. 2023-10-06 18:26:20 +01:00
Geoffrey White
691665fca8 Swift: Add models for SQLite.swift. 2023-10-06 18:26:19 +01:00
Geoffrey White
9a628d4165 Swift: Add test for sqlite3 C API. 2023-10-06 18:26:18 +01:00
Geoffrey White
8006996f46 Swift: Add test for SQLite.swift. 2023-10-06 18:26:18 +01:00
Geoffrey White
7ddece1560 Swift: Update .expected after merge. 2023-10-05 16:20:56 +01:00
Geoffrey White
6bea7f89a8 Merge branch 'main' into sqlpathinject2 2023-10-05 16:15:37 +01:00
Geoffrey White
b5ff104a00 Swift: Naive model for regular expression evaluations through NSString and StringProtocol methods. 2023-10-04 19:19:29 +01:00
Geoffrey White
0f1711fe1e Swift: Test insertMany. 2023-10-02 23:04:07 +01:00
Geoffrey White
bbd3c66d5a Swift: Update for CollectionContent. 2023-10-02 20:32:24 +01:00
Geoffrey White
81b358a711 Swift: Replace a similar additional taint step in another query. 2023-10-02 20:19:40 +01:00
Geoffrey White
27bdee8058 Swift: Replace additional taint step with implict read. 
Now that we have array content, this is a more principled approach than having a special case data step.
 2023-10-02 20:19:30 +01:00
Geoffrey White
49d47a3da4 Merge pull request #14209 from geoffw0/regexport 
Swift: Port regex mode flag fix from Python to Swift
 2023-09-26 15:41:10 +01:00
Geoffrey White
51ed824adf Swift: Add more SQLite.swift models. 2023-09-25 20:30:59 +01:00
Geoffrey White
6be01eac04 Swift: Add implict read steps for dictionary content. 2023-09-25 20:30:59 +01:00
Geoffrey White
4350060b0f Swift: Add SQLite.swift models. 2023-09-25 20:30:59 +01:00
Geoffrey White
839b9635b9 Swift: Effect of fixing string interpolation bug. 2023-09-25 20:30:58 +01:00
Geoffrey White
16ae637238 Swift: Add sqlite3 models. 2023-09-25 20:30:48 +01:00
Geoffrey White
4245a38de9 Swift: Add SQLite.swift and sqlite3 C API test cases for swift/cleartext-storage-database. 2023-09-25 20:30:48 +01:00
Geoffrey White
32a2930c2f Swift: Accept bad tag filter test fixes. 2023-09-19 14:47:56 +01:00
Geoffrey White
2983295ba3 Swift: Add numeric barrier for uncontrolled format string query. 2023-09-19 14:33:23 +01:00
Geoffrey White
903b0f5bab Swift: Add numeric barrier for the SQL Injinjection query. 2023-09-19 14:33:23 +01:00
Geoffrey White
ee9a5c751c Swift: Add numeric barrier for to the JS eval query. 2023-09-19 14:33:22 +01:00
Geoffrey White
158008ac4f Swift: New results in tests. 2023-09-19 13:08:08 +01:00
Geoffrey White
535a69cd8b Merge branch 'main' into logfix 2023-09-13 19:01:52 +01:00
Geoffrey White
e109892388 Merge pull request #14189 from geoffw0/protocol2 
Swift: Consistent additional taint steps between the cleartext-* queries
 2023-09-13 18:44:20 +01:00
Geoffrey White
200d9a4dfb Swift: Port regex mode flag character fix from Python. 2023-09-13 18:19:02 +01:00
Geoffrey White
df60f560a2 Swift: Add demonstrative test case. 2023-09-13 18:11:40 +01:00
Geoffrey White
3bf0d66d6c Merge pull request #13906 from geoffw0/commandinject2 
Swift: Add tests and develop command injection query
 2023-09-13 08:59:06 +01:00
Geoffrey White
ae0fcf791b Swift: Expand the additional taint step from the cleartext storage database query to the other sensitive data queries. 2023-09-11 22:25:17 +01:00
Geoffrey White
aa5820c061 Swift: Add some test cases. 2023-09-11 19:33:37 +01:00
Geoffrey White
1cde183005 Merge branch 'main' into logfix 2023-09-11 13:14:58 +01:00
Geoffrey White
3fd5de83cb Merge branch 'main' into sqlpathinject 2023-09-11 12:42:49 +01:00
Mathias Vorreiter Pedersen
6a21fa04cd Merge pull request #14034 from geoffw0/hostname 
Swift: New query: Incomplete regular expression for hostnames
 2023-08-30 11:33:36 +01:00