hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

549 Commits

Author SHA1 Message Date
Geoffrey White
3c55cdd5be Swift: Catch the last two test results as well. 2023-01-17 16:04:58 +00:00
Geoffrey White
d42848bb7e Swift: Upgrade the query from dataflow to taint tracking, so as to support more flows. 2023-01-17 16:04:58 +00:00
Geoffrey White
a8ef9cc987 Swift: Add tests for RNCryptor library. 2023-01-17 16:04:57 +00:00
Geoffrey White
037b49b454 Update swift/ql/test/query-tests/Security/CWE-259/rncryptor.swift 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-01-17 14:16:52 +00:00
Geoffrey White
74a37475db Swift: Model RNCryptor. 2023-01-17 11:54:12 +00:00
Geoffrey White
449ebb8a12 Swift: Add tests for RNCryptor library. 2023-01-17 09:03:07 +00:00
Tony Torralba
bd5619147d Merge pull request #11590 from atorralba/atorralba/swift/sensitive-info-logs 
Swift: Add Cleartext Logging query
 2023-01-16 16:22:20 +01:00
Geoffrey White
6a0b56bf40 Swift: Fix for extensions. 2023-01-11 18:32:07 +00:00
Geoffrey White
2622de9747 Swift: Improve Core Data coverage. 2023-01-11 18:26:34 +00:00
Geoffrey White
82f9903bf0 Swift: Additional test cases for swift/cleartext-storage-database on Core Data. 2023-01-11 18:22:32 +00:00
Tony Torralba
c115a9fee4 Add more path injection sinks 2023-01-11 14:28:24 +01:00
Tony Torralba
a4f813183e Merge pull request #11785 from atorralba/atorralba/swift/grdb-sinks 
Swift: Add sinks for the GRDB library
 2023-01-11 11:49:37 +01:00
Tony Torralba
49a41c98ee Test that hashed passwords are 'safe' to log 
This doesn't seem completely right, but the heuristic approach we have regarding sensitive expressions has to draw the line somewhere.
 2023-01-09 18:01:07 +01:00
Tony Torralba
7e0869965c Uncomment tests 2023-01-09 18:01:07 +01:00
Tony Torralba
c1f19dd145 Add stub so that tests work on Linux 2023-01-09 18:01:07 +01:00
Tony Torralba
b203a9eb6e Add a sanitizer for OSLogPrivacy options 
Add test cases to verify how the sanitizer behaves depending on the argument type and the privacy option being used.
 2023-01-09 18:01:07 +01:00
Tony Torralba
aad56097ac Add Cleartext Loggin query for Swift. 
With some caveats: see TODO comments and failing tests.
 2023-01-09 18:01:07 +01:00
Tony Torralba
eb78661c1f Add missing SQL injection tests for the GRDB SQL class 2023-01-09 17:36:54 +01:00
Geoffrey White
9333e80def Swift: Add getVaList stub to the test. 2023-01-09 10:29:37 +00:00
Mathias Vorreiter Pedersen
9be9636816 Merge pull request #11670 from atorralba/atorralba/swift/predicate-injection 
Swift: Add predicate injection query
 2023-01-09 08:54:13 +00:00
Geoffrey White
fc646a6d48 Swift: Update .expected following a toString change in main. 2023-01-03 16:25:14 +00:00
Geoffrey White
e05bb7fcee Merge branch 'main' into format 2023-01-03 15:14:55 +00:00
Tony Torralba
07d99bd643 Add path injection sinks 2022-12-23 17:16:06 +01:00
Tony Torralba
4215a89bc8 Add cleartext storage database sinks 2022-12-23 17:15:59 +01:00
Tony Torralba
ac39aeb6b6 Add SQLi sinks 2022-12-23 17:03:31 +01:00
Mathias Vorreiter Pedersen
b330b628e3 Merge pull request #11595 from d10c/swift/extract-mainactor 
Swift: MethodRefExpr -> MethodLookupExpr
 2022-12-22 10:22:33 +00:00
Arthur Baars
7111d950c1 Swift: add AlertSuppression.ql 2022-12-21 13:15:26 +01:00
Nora Dimitrijević
8b0da01e0d Swift: allow self./super. sinks in StaticInitializationVector 
Assumption: the extra path is not an issue in practice as the body of
the cryptographic library's init methods are not normally extracted,
only the stubs in this test are.
 2022-12-19 17:39:44 -05:00
Geoffrey White
1f7d96a74a Merge branch 'main' into format 2022-12-15 15:17:54 +00:00
Tony Torralba
11c03fb8c9 Add 'good' test cases 2022-12-15 12:35:47 +01:00
Nora Dimitrijević
5faa44389e Swift: Basic acceptance of UnsafeJsEval test 
TODO: Fix remaining problem in a separate PR:
- path found to one async `@MainActor` evaluateJavaScript
  call, but not others. Investigate why.
- Remove duplicate paths and those with unnecessary [summary] nodes.
 2022-12-14 15:02:15 -05:00
Nora Dimitrijević
95d4c304da Swift: Fix .expected tests 
Only UnsafeJsEval remains.
 2022-12-14 15:02:15 -05:00
Tony Torralba
d72d096c86 Add predicate injection query 2022-12-13 10:27:29 +01:00
Tony Torralba
7dca1b4b06 Merge branch 'main' into atorralba/swift/path-injection 2022-12-05 16:21:22 +01:00
Geoffrey White
85a0a42da9 Swift: try again to satisfy ql-for-ql. 2022-12-02 10:15:11 +00:00
Geoffrey White
f7ebd1312e Swift: Corrections. 2022-12-01 20:13:56 +00:00
Geoffrey White
32c4728f83 Swift: Add tests. 2022-12-01 16:32:33 +00:00
Karim Ali
f6bc88471a update the expected output for CWE-079 
Now that we have support for taint through fields of String, we can now detect certain flows that we previously marked as [NOT DETECTED]. This commit updates the expected output of CWE-079 (and the in-code annotation of the accompanying test case) to reflect that update.
 2022-11-30 16:34:24 +02:00
Tony Torralba
e222807693 Remove dubious sinks 2022-11-30 13:25:17 +01:00
Tony Torralba
bf023b0aed Use dominance in path injection sanitizer to avoid FNs 2022-11-29 13:33:27 +01:00
Tony Torralba
52ebf66d21 Add basic path sanitizer 2022-11-29 11:55:04 +01:00
Tony Torralba
1576ee9410 Add additional stub to avoid errors when building on Linux 2022-11-29 11:55:03 +01:00
Tony Torralba
8cc66172c3 Add path injection query 2022-11-29 11:55:03 +01:00
Geoffrey White
ffbd201450 Swift: Implement basic model of WKUserScript. 2022-11-28 12:20:29 +00:00
Geoffrey White
116d9667e7 Swift: Remove special case from query. 2022-11-28 12:15:38 +00:00
Tony Torralba
fc7c66dab2 Remove now unnecessary additional taint step in UnsafeJsEval 2022-11-24 12:35:52 +01:00
Nora Dimitrijević
8f065e9483 Merge pull request #11001 from d10c/swift/js-injection 2022-11-24 10:52:05 +01:00
Geoffrey White
2b52a44024 Merge pull request #11210 from geoffw0/alamofire2 
Swift: Add Alamofire model to swift/cleartext-transmission
 2022-11-23 18:23:44 +00:00
Geoffrey White
ef837f72e4 Swift: Test .expected changes resulting from merge. 2022-11-23 14:57:08 +00:00
Tony Torralba
16a76853f4 Add libxml2 sinks 2022-11-21 16:25:51 +01:00