hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

1617 Commits

Author SHA1 Message Date
Nora Dimitrijević
7585541514 Merge branch 'main' into swift/js-injection 2022-11-08 11:25:54 +01:00
Nora Dimitrijević
d37ed02e79 Swift: basic Data-related taint flow in query 
Still TODO: a more comprehensive taint flow model for Data in the libs.
 2022-11-08 11:24:53 +01:00
Nora Dimitrijević
66291d3575 Swift: sync tests pass with additional flow steps 
TODO: Convert those flow steps to taint flow models in the library.
 2022-11-08 11:09:55 +01:00
Paolo Tranquilli
072edad0fd Swift: accept new test changes 2022-11-08 09:30:25 +01:00
Paolo Tranquilli
21adcca065 Swift: add bitwise ops to PrintAst test 2022-11-08 08:53:36 +01:00
Karim Ali
5766ff21d0 Merge pull request #10993 from karimhamdanali/swift-pbe-constant-salts 
Swift: detect the use of constant salts
 2022-11-07 16:22:41 +02:00
Geoffrey White
645906a7d7 Merge branch 'main' into tuples 2022-11-07 13:17:12 +00:00
Karim Ali
2a22c69a64 remove unused variable from test + updated expected output 2022-11-07 13:31:55 +02:00
Paolo Tranquilli
b30a6d36b5 Swift: extract AwaitExpr 2022-11-07 12:08:51 +01:00
Paolo Tranquilli
b94066acd8 Merge pull request #11094 from github/redsun82/swift-translators 
Swift: refactor visitors to use translations
 2022-11-07 12:01:44 +01:00
Geoffrey White
7b62bed9db Merge pull request #10947 from karimhamdanali/swift-pbe-iterations 
Swift: detect hash functions with low # of iterations
 2022-11-07 10:38:29 +00:00
Geoffrey White
3c07ff592a Swift: Fix result expectations. 2022-11-04 09:44:48 +00:00
Paolo Tranquilli
fdde84ac35 Merge branch 'main' into redsun82/swift-filtered-debugging 2022-11-04 10:42:48 +01:00
Paolo Tranquilli
c8cb30f76e Swift: refactor StmtVisitor to use translations 
Also make `visit` in `SwiftDispatcher` work on `const` pointers.

Also, fixed a bug where the guard of a `CaseLabelItem` was not being
extracted, hence the test updates.
 2022-11-03 18:16:53 +01:00
Paolo Tranquilli
4702271102 Swift: add cfg.swift to AST tests 2022-11-03 18:16:53 +01:00
Geoffrey White
24f0eeb6df Swift: Better assigning to tuple values. 2022-11-03 15:52:01 +00:00
Geoffrey White
6dc51edb4c Swift: Assigning to tuple values. 2022-11-03 15:51:58 +00:00
Geoffrey White
472ece45e7 Swift: Basic content flow through tuples. 2022-11-03 15:51:33 +00:00
Geoffrey White
a7ecdef2a6 Swift: Add dataflow tests for tuples. 2022-11-03 15:50:27 +00:00
Tony Torralba
3e1819f25d Model XMLParser constructor init(contentsOf:) 2022-11-03 12:01:42 +01:00
Tony Torralba
fe138dc0a1 Add explicitly safe test cases 2022-11-03 12:01:42 +01:00
Tony Torralba
0c6957ea78 Adjust test expectations of a query affected by new summaries 2022-11-03 12:01:42 +01:00
Tony Torralba
dc6f60a501 Add new XXE query 
Only XMLParser sinks for the time being
 2022-11-03 12:01:42 +01:00
Nora Dimitrijević
28b7f0884f Swift: UnsafeJsEval test finally compiles 2022-11-03 11:16:48 +01:00
Dave Bartolomeo
a475e5758d Merge remote-tracking branch 'upstream/main' into dbartol/use-workspace-versions 2022-11-02 12:38:03 -04:00
Karim Ali
27d2dc6d9e update expected results 2022-11-02 16:13:50 +02:00
Karim Ali
eefda61445 add a query that checks for the use of static IVs 2022-11-02 16:09:00 +02:00
Paolo Tranquilli
3acd4486a3 Swift: add tests for RUN_UNDER support 
While I would have preferred to add a proper unit test, this required
more infrastructure for mocking system calls. Instead I made `qltest.sh`
accept a `//codeql-extractor-env` header and used that to write a QL
test exercising the `RUN_UNDER` functionality.
 2022-11-02 12:09:13 +01:00
Tony Torralba
759ffc4743 Merge pull request #11027 from atorralba/atorralba/swift/webview-js-native-bridge-sources 
Swift: WebView JS-native bridge sources
 2022-11-02 09:32:57 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Karim Ali
fe408cfb41 add a query that detects the use of constant passwords 2022-11-01 14:03:27 +02:00
Geoffrey White
c3577b2256 Swift: Rename test directory. 2022-11-01 09:21:50 +00:00
Geoffrey White
7d80c5c7f7 Swift: Rename query directory. 2022-11-01 09:21:10 +00:00
Tony Torralba
b62ede1544 Fix issue in JsExportedSource 
Model the source as an access to the tainted field, instead of the field itself (which didn't work)
 2022-10-31 12:08:03 +01:00
Tony Torralba
2402504a4c Add missing SummaryPostUpdateNode 2022-10-28 18:24:17 +02:00
Tony Torralba
baf7986cfa Rework types exported through JSContext 
Better model the JSExport protocol logic
 2022-10-28 15:56:05 +02:00
Tony Torralba
48b0cc0229 Add models for JSContext and JSValue 2022-10-28 13:01:25 +02:00
Tony Torralba
81701547b2 Add taint sources for WKScriptMessage 
This is what contains externally-provided data in Webview JS-native bridges
 2022-10-28 12:58:27 +02:00
Mathias Vorreiter Pedersen
142e50008e Merge pull request #10967 from MathiasVP/fix-swift-summary 
Swift: Fix flow out of summarized callables
 2022-10-28 12:57:52 +02:00
Mathias Vorreiter Pedersen
062a0abceb Swift: Fix flow out of summarized callables. 2022-10-28 12:09:05 +02:00
Rasmus Wriedt Larsen
8628ff5e52 Merge pull request #10999 from RasmusWL/inline-fail-tag 
InlineExpectationsTest: Fail if missing `getARelevantTag`
 2022-10-28 10:35:49 +02:00
Geoffrey White
ca279f4073 Merge pull request #10996 from geoffw0/methods 
Swift: Add MethodDecl.hasQualifiedName
 2022-10-27 19:18:48 +01:00
Rasmus Wriedt Larsen
fc7eb5b4fc InlineExpectationsTest: sync 2022-10-27 09:02:28 +02:00
Rasmus Wriedt Larsen
5e9897d150 InlineExpectationsTest: sync 2022-10-26 18:21:13 +02:00
Geoffrey White
e981a28b0f Swift: autoformat test. 2022-10-26 16:32:52 +01:00
Geoffrey White
0d41d4e90c Swift: for consistancy, lets have a simple hasName function as well. 2022-10-26 16:11:01 +01:00
Geoffrey White
b24a27d4ae Swift: Add hasQualifiedName methods and tests. 2022-10-26 16:03:49 +01:00
Karim Ali
420c35d4a2 add a query that detects the use of constant salts 2022-10-26 15:32:59 +02:00
Karim Ali
18dd0f650c update iterations threshold to most recent OWASP recommendation 
which is at least 120,000 iterations for secure password hashing
 2022-10-25 14:01:40 +02:00
Karim Ali
408c7bebe5 fix .expected file 2022-10-25 13:24:37 +02:00