hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

549 Commits

Author SHA1 Message Date
Nora Dimitrijević
8f5af3fca6 Merge branch 'main' into swift/js-injection 2022-11-18 17:07:20 +01:00
Geoffrey White
127888f3c1 Merge branch 'main' into alamofire2 2022-11-16 13:32:13 +00:00
Nora Dimitrijević
09b669a584 Swift: Add direct call to remote source to a test 
Strangely, there are two separate paths to each of the JSEvaluateScript
sinks: one passing through the JSString constructor, one omitting this
step.
 2022-11-15 21:57:46 +01:00
Geoffrey White
9887e2b53b Merge branch 'main' into alamofire2 2022-11-15 12:19:54 +00:00
Tony Torralba
f2888dcb1e Add sinks and tests for the AEXML library. 2022-11-14 15:46:44 +01:00
Geoffrey White
3e6eedec30 Swift: Fix test output after merge. 2022-11-14 14:42:56 +00:00
Geoffrey White
5460004223 Merge branch 'main' into HEAD 2022-11-14 13:44:39 +00:00
Tony Torralba
52bd140213 Fix test expectations 2022-11-14 12:41:13 +01:00
Tony Torralba
c03eab2410 Add XMLDocument sinks 2022-11-14 12:41:13 +01:00
Tony Torralba
a21db3b3c2 Merge pull request #11086 from atorralba/atorralba/swift/xxe-query 
Swift: Add new query for XML External Entities (XML) vulnerabilities
 2022-11-14 12:34:30 +01:00
Nora Dimitrijević
16ba5b1bb5 Swift: update doctests 2022-11-14 12:30:16 +01:00
Nora Dimitrijević
4b7a89e754 Merge branch 'main' into swift/js-injection 2022-11-11 12:23:26 +01:00
Geoffrey White
d97682991d Swift: Add Alamofire sink for cpp/cleartext-transmission. 2022-11-10 15:33:00 +00:00
Karim Ali
b209cac2e2 Merge pull request #11063 from karimhamdanali/swift-pbe-constant-password 
Swift: detect the use of constant passwords for password-based encryption
 2022-11-10 16:36:27 +02:00
Karim Ali
e18b2cfa39 Merge pull request #11084 from karimhamdanali/swift-static-iv 
Swift: detect the use of static initialization vectors
 2022-11-10 16:35:21 +02:00
Geoffrey White
23ff3769ac Swift: Add Alamofire tests for swift/cleartext-transmission. 2022-11-10 14:31:53 +00:00
Nora Dimitrijević
5940f17b83 Swift: Docs + doctests 2022-11-09 13:10:08 +01:00
Nora Dimitrijević
7585541514 Merge branch 'main' into swift/js-injection 2022-11-08 11:25:54 +01:00
Nora Dimitrijević
d37ed02e79 Swift: basic Data-related taint flow in query 
Still TODO: a more comprehensive taint flow model for Data in the libs.
 2022-11-08 11:24:53 +01:00
Nora Dimitrijević
66291d3575 Swift: sync tests pass with additional flow steps 
TODO: Convert those flow steps to taint flow models in the library.
 2022-11-08 11:09:55 +01:00
Karim Ali
5766ff21d0 Merge pull request #10993 from karimhamdanali/swift-pbe-constant-salts 
Swift: detect the use of constant salts
 2022-11-07 16:22:41 +02:00
Karim Ali
2a22c69a64 remove unused variable from test + updated expected output 2022-11-07 13:31:55 +02:00
Geoffrey White
7b62bed9db Merge pull request #10947 from karimhamdanali/swift-pbe-iterations 
Swift: detect hash functions with low # of iterations
 2022-11-07 10:38:29 +00:00
Tony Torralba
3e1819f25d Model XMLParser constructor init(contentsOf:) 2022-11-03 12:01:42 +01:00
Tony Torralba
fe138dc0a1 Add explicitly safe test cases 2022-11-03 12:01:42 +01:00
Tony Torralba
0c6957ea78 Adjust test expectations of a query affected by new summaries 2022-11-03 12:01:42 +01:00
Tony Torralba
dc6f60a501 Add new XXE query 
Only XMLParser sinks for the time being
 2022-11-03 12:01:42 +01:00
Nora Dimitrijević
28b7f0884f Swift: UnsafeJsEval test finally compiles 2022-11-03 11:16:48 +01:00
Karim Ali
27d2dc6d9e update expected results 2022-11-02 16:13:50 +02:00
Karim Ali
eefda61445 add a query that checks for the use of static IVs 2022-11-02 16:09:00 +02:00
Karim Ali
fe408cfb41 add a query that detects the use of constant passwords 2022-11-01 14:03:27 +02:00
Geoffrey White
c3577b2256 Swift: Rename test directory. 2022-11-01 09:21:50 +00:00
Geoffrey White
7d80c5c7f7 Swift: Rename query directory. 2022-11-01 09:21:10 +00:00
Mathias Vorreiter Pedersen
062a0abceb Swift: Fix flow out of summarized callables. 2022-10-28 12:09:05 +02:00
Karim Ali
420c35d4a2 add a query that detects the use of constant salts 2022-10-26 15:32:59 +02:00
Karim Ali
18dd0f650c update iterations threshold to most recent OWASP recommendation 
which is at least 120,000 iterations for secure password hashing
 2022-10-25 14:01:40 +02:00
Karim Ali
408c7bebe5 fix .expected file 2022-10-25 13:24:37 +02:00
Karim Ali
0d2e7d43b9 add expected output 2022-10-25 13:24:37 +02:00
Karim Ali
5179a99abb fix test cases to use the correct class name 2022-10-25 13:24:37 +02:00
Karim Ali
c4b2519e6c initial draft of the Swift query for CWE-916 2022-10-25 13:24:37 +02:00
Paolo Tranquilli
408968a417 Swift: fix swift compilation in QL tests 2022-10-21 15:20:38 +02:00
Geoffrey White
138643519c Merge pull request #10757 from geoffw0/sqlinject 
Swift: Query for SQL injection
 2022-10-20 18:55:38 +01:00
Geoffrey White
027b71381a Swift: annotate all cases. 2022-10-18 16:38:02 +01:00
Geoffrey White
0281bfedda Merge pull request #10689 from d10c/swift/cleartext-storage-nsuserdefaults 
Swift: Query for CWE-312: Exposure of sensitive information using NSUserDefaults
 2022-10-17 14:05:17 +01:00
Geoffrey White
9767064310 Swift: Fix bug for sqlite3_prepare_v3. 2022-10-17 13:40:35 +01:00
Geoffrey White
1221cbaee7 Swift: Updated results after merge with main. 2022-10-17 13:35:46 +01:00
Geoffrey White
13018150ed Merge branch 'main' into sqlinject 2022-10-17 13:30:14 +01:00
Karim Ali
bbc03a1578 add false negatives to the test case 2022-10-17 12:54:34 +02:00
Karim Ali
d56c82ff75 add a query that detects hardcoded keys 2022-10-17 12:54:34 +02:00
Geoffrey White
f96e4eb87e Swift: One more go at getting the query message how ql-for-ql wants it. 2022-10-14 15:28:14 +01:00