hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

4303 Commits

Author SHA1 Message Date
Nora Dimitrijević
0e67100cad Swift: fix bad join order in WebView/JsExportedSource 
The `getName = getName` join was happening too early,
before the methods themselves have been enumerated.
 2022-11-03 15:30:04 +01:00
Tony Torralba
da67b1059c Remove (now unnecessary) import 2022-11-03 12:38:45 +01:00
Tony Torralba
3e1819f25d Model XMLParser constructor init(contentsOf:) 2022-11-03 12:01:42 +01:00
Tony Torralba
fe138dc0a1 Add explicitly safe test cases 2022-11-03 12:01:42 +01:00
Tony Torralba
0c6957ea78 Adjust test expectations of a query affected by new summaries 2022-11-03 12:01:42 +01:00
Tony Torralba
f4047e016c Address QL-for-QL alert 
Use an alert message consistent with the other languages
 2022-11-03 12:01:42 +01:00
Tony Torralba
dc6f60a501 Add new XXE query 
Only XMLParser sinks for the time being
 2022-11-03 12:01:42 +01:00
Tony Torralba
83caf01778 Merge pull request #11096 from atorralba/atorralba/swift/unit 
Swift: Move the Unit class to its own file
 2022-11-03 12:00:57 +01:00
erik-krogh
3159b3d9a1 swift: fix unused variable 2022-11-03 11:20:15 +01:00
Tony Torralba
978ed03e9c Move the Unit class to its own file 2022-11-03 11:19:41 +01:00
Nora Dimitrijević
3d24e0a2eb Swift: enable VSCode to build extractor via CMake 
The `-arch=x86_64` from `swift/rules.bzl` turns out to be unnecessary,
even on Arm-based Macs.
 2022-11-03 11:16:48 +01:00
Nora Dimitrijević
28b7f0884f Swift: UnsafeJsEval test finally compiles 2022-11-03 11:16:48 +01:00
Nora Dimitrijević
7b599f5fef Swift: Add async varant of WKWebView evaluateJavaScript(_:) 
See concurrency note here: https://developer.apple.com/documentation/webkit/wkwebview/1415017-evaluatejavascript

See also https://developer.apple.com/documentation/swift/calling-objective-c-apis-asynchronously
 2022-11-03 11:16:48 +01:00
Nora Dimitrijević
5c905c42b2 Swift: Initial UnsafeJsEval query 2022-11-03 11:16:48 +01:00
Mathias Vorreiter Pedersen
01f3150a70 Merge pull request #11092 from hvitved/swift/avoid-deprecated-ssa-predicates 
Swift: Avoid calls to deprecated SSA predicates
 2022-11-03 09:03:47 +00:00
Paolo Tranquilli
73131cef9e Merge branch 'main' into redsun82/swift-macos-integration-tests 2022-11-03 09:19:07 +01:00
Tom Hvitved
4e3fcc3235 Swift: Avoid calls to deprecated SSA predicates 2022-11-03 09:03:20 +01:00
Dave Bartolomeo
a475e5758d Merge remote-tracking branch 'upstream/main' into dbartol/use-workspace-versions 2022-11-02 12:38:03 -04:00
Karim Ali
f6484e6e6b cleanup old code comments 2022-11-02 16:21:51 +02:00
Karim Ali
27d2dc6d9e update expected results 2022-11-02 16:13:50 +02:00
Karim Ali
eefda61445 add a query that checks for the use of static IVs 2022-11-02 16:09:00 +02:00
Paolo Tranquilli
2c517a3237 Swift: fix codegen test invocation 2022-11-02 14:48:20 +01:00
Paolo Tranquilli
99764450b3 Swift: remove redundant test run 2022-11-02 14:44:33 +01:00
Paolo Tranquilli
bc65d358f2 Swift: fix wrongly exchanged action bodies 2022-11-02 14:43:57 +01:00
Paolo Tranquilli
6ce6d9dc37 Swift: fix quick tests action, again 2022-11-02 14:42:14 +01:00
Paolo Tranquilli
08909e5c69 Swift: fix quick tests action 2022-11-02 14:38:07 +01:00
Paolo Tranquilli
e6d4685109 Swift: split quick tests in separate action 
Also, make the quick test list explicit in the action code, so we can
catch an inadvertant test deletion.
 2022-11-02 14:32:45 +01:00
Paolo Tranquilli
3acd4486a3 Swift: add tests for RUN_UNDER support 
While I would have preferred to add a proper unit test, this required
more infrastructure for mocking system calls. Instead I made `qltest.sh`
accept a `//codeql-extractor-env` header and used that to write a QL
test exercising the `RUN_UNDER` functionality.
 2022-11-02 12:09:13 +01:00
Tony Torralba
759ffc4743 Merge pull request #11027 from atorralba/atorralba/swift/webview-js-native-bridge-sources 
Swift: WebView JS-native bridge sources
 2022-11-02 09:32:57 +01:00
Paolo Tranquilli
82998ce3a3 Merge branch 'main' into redsun82/swift-filtered-debugging 2022-11-02 06:39:16 +01:00
Paolo Tranquilli
57a616262f Swift: fix run cwd 2022-11-02 06:27:09 +01:00
Paolo Tranquilli
0d9ecfc4de Swift: move small bazel tests to build action 2022-11-02 06:23:44 +01:00
Paolo Tranquilli
6e370beb92 Swift: turn on macOS QL tests with slicing 2022-11-02 06:07:55 +01:00
Geoffrey White
85e99feb49 Swift: Have swift/unsafe-webview-fetch use indices instead of parameter names. 2022-11-01 22:58:48 +00:00
Geoffrey White
d87117f623 Swift: Have swift/string-length-conflation use indices instead of parameter names. 2022-11-01 22:51:10 +00:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Dave Bartolomeo
49c4c554c4 Merge from main 2022-11-01 13:22:40 -04:00
Karim Ali
8be4d47178 fix typos 2022-11-01 16:03:36 +02:00
Geoffrey White
84c754e007 Merge pull request #11062 from geoffw0/rename 
Swift: Rename ECB-Encryption directory
 2022-11-01 12:59:53 +00:00
Karim Ali
fe408cfb41 add a query that detects the use of constant passwords 2022-11-01 14:03:27 +02:00
Geoffrey White
c3577b2256 Swift: Rename test directory. 2022-11-01 09:21:50 +00:00
Geoffrey White
7d80c5c7f7 Swift: Rename query directory. 2022-11-01 09:21:10 +00:00
Paolo Tranquilli
59284739dd Swift: reenable ql tests on macos 2022-10-31 17:07:56 +01:00
Paolo Tranquilli
003866621f Swift: rework workflows 
* A unique workflow file has been created merging all `swift-*.yml`
  workflows
* Change filtering at job level was added using [dorny/paths-filter][1]
* only one build of the extractor is made, and then shared via cache
  (not as an artifact because of [this longstading issue][2])
* integration tests are now run on on macOS
* qltests are not run any more on macOS to cut on feedback time
* autobuilder tests were moved to the macOS build step to avoid loading
  bazel twice

[1]: https://github.com/dorny/paths-filter#examples
[2]: https://github.com/actions/upload-artifact/issues/38
 2022-10-31 16:59:11 +01:00
Karim Ali
3911f3b202 update query description following docs review 2022-10-31 13:54:35 +02:00
Karim Ali
76a330d4b9 update code example to be OWASP compliant 2022-10-31 13:52:49 +02:00
Karim Ali
723ca8ed88 update documentation following docs review 2022-10-31 13:50:30 +02:00
Tony Torralba
b62ede1544 Fix issue in JsExportedSource 
Model the source as an access to the tainted field, instead of the field itself (which didn't work)
 2022-10-31 12:08:03 +01:00
Geoffrey White
ca586b4f3d Merge remote-tracking branch 'upstream/main' into global 2022-10-31 10:28:29 +00:00
Geoffrey White
0dd8f574a7 Swift: Redesign as a FreeFunctionDecl class + add some qldoc. 2022-10-31 10:24:12 +00:00