4333 Commits

Author	SHA1	Message	Date
Geoffrey White	539f8f0f70	Swift: Add mid-level CryptoSwift sinks and prevent duplication that results. Overall this doesn't give us any new results in tests, but makes paths shorter, and in the real world I expect it to add reliability.	2023-04-11 19:54:55 +01:00
Geoffrey White	51a62b54ee	Swift: Add low-level CryptoSwift sinks.	2023-04-11 19:54:48 +01:00
Geoffrey White	d299d92025	Swift: Prevent potentially misleading duplicate results.	2023-04-11 19:39:09 +01:00
Geoffrey White	4995f13234	Swift: Add tests for swift/weak-sensitive-data-hashing on CryptoSwift.	2023-04-11 18:46:38 +01:00
Geoffrey White	03a4084c11	Swift: Update some sinks to CSV format.	2023-04-11 18:10:54 +01:00
Geoffrey White	256c3f66ca	Swift: Various minor fixes / consistency improvements to sinks.	2023-04-11 17:04:09 +01:00
Alexandre Boulgakov	b900185ae3	Swift: Add db upgrade/downgrade scripts for key-path component extraction. ... I've marked both scripts as "partial" since we're extracting different AST components for key-paths and don't have a good way to convert between them in QL. Each deletes the corresponding tables, but leaves non-key-path functionality intact.	2023-04-11 14:00:13 +01:00
Alexandre Boulgakov	35a2d55d18	Swift: Extract structured keypath components. ... Changes in swift/ql/lib are generated by swift/codegen without manual intervention.	2023-04-11 13:34:17 +01:00
Alexandre Boulgakov	2b1dea56b5	Swift: Add error query to AST tests. ... Preexisting errors are left to be fixed later.	2023-04-11 13:34:16 +01:00
Geoffrey White	7ddfcb28e5	Swift: Rename DefaultConstantPasswordSink -> CryptoSwiftPasswordSink.	2023-04-11 11:49:21 +01:00
Geoffrey White	d4cc86cd05	Swift: Make the RNCryptor sources wider (actual usage seems to vary).	2023-04-06 20:36:12 +01:00
Geoffrey White	81b0dbffbd	Swift: Add CSV extension points to the encryption queries.	2023-04-06 14:07:41 +01:00
Geoffrey White	3baba70903	Merge pull request #12764 from geoffw0/modernsec ... Swift: Modernize the encryption queries	2023-04-06 13:26:32 +01:00
Paolo Tranquilli	acaa6a5ea7	Swift: make trap domain logger names more informative	2023-04-06 12:53:47 +02:00
Paolo Tranquilli	a5162b0b7d	Swift: remove Log::configure	2023-04-06 12:53:13 +02:00
Geoffrey White	fa23d9c1e4	Swift: Clean up and autoformat.	2023-04-05 15:18:40 +01:00
Geoffrey White	501848bd46	Swift: Convert dataflow / taint tests to DataFlow::ConfigSig.	2023-04-05 15:07:02 +01:00
Geoffrey White	07cae40985	Swift: More autoformatting.	2023-04-05 11:32:26 +01:00
Geoffrey White	a7038017da	Swift: Improve QLDoc.	2023-04-05 11:08:27 +01:00
Geoffrey White	1c75729598	Swift: Autoformat.	2023-04-05 11:08:27 +01:00
Geoffrey White	0d14835feb	Swift: Clean up sources / make some of them extendable as well.	2023-04-05 11:08:26 +01:00
Geoffrey White	fc5e958c8d	Swift: Add extendible sinks, sanitizers etc and use them.	2023-04-05 11:08:26 +01:00
Jeroen Ketema	cae1892ab4	Swift: Update StringLengthConflation to use DataFlow::StateConfigSig	2023-04-05 09:12:15 +02:00
Paolo Tranquilli	6ef9088076	Swift: rename LOG_IMPL->LOG_WITH_LEVEL and strengthen it	2023-04-05 06:30:49 +02:00
Jeroen Ketema	3bd6fd0f51	Swift: Update CleartextStorageDatabase to use DataFlow::ConfigSig	2023-04-04 21:53:29 +02:00
Paolo Tranquilli	5a01feca6c	Swift: expand Logger doc comment	2023-04-04 10:37:59 +02:00
Paolo Tranquilli	6c932bc807	Swift: address logging review comments	2023-04-04 10:28:11 +02:00
Jeroen Ketema	dd85d00579	Swift: Fix formatting	2023-04-04 09:10:21 +02:00
Jeroen Ketema	cb8568f6fd	Swift: Rewrite PathInjection to use DataFlow::ConfigSig	2023-04-04 09:10:21 +02:00
Jeroen Ketema	97575807df	Swift: Rewrite CleartextTransmission to use DataFlow::ConfigSig	2023-04-04 09:10:21 +02:00
Jeroen Ketema	e8bfb87f67	Swift: Rewrite CleartextStoragePreferences to use DataFlow::ConfigSig	2023-04-04 09:10:21 +02:00
Jeroen Ketema	a45f381ab9	Swift: Rewrite CleartextLogging to use DataFlow::ConfigSig	2023-04-04 09:10:21 +02:00
Jeroen Ketema	5deafeaf9e	Swift: Rewrite UnsafeWebViewFetch to use DataFlow::ConfigSig	2023-04-04 09:10:21 +02:00
Jeroen Ketema	56156cfa36	Swift: Rewrite UnsafeJsEval to use `DataFlow::ConfigSig	2023-04-04 09:10:21 +02:00
Jeroen Ketema	db641e508a	Swift: Rewrite UncontrolledFormatString to use DataFlow::ConfigSig	2023-04-04 09:10:21 +02:00
Jeroen Ketema	0ff607c930	Swift: Rewrite XXEQuery to use DataFlow::ConfigSig	2023-04-04 09:10:21 +02:00
Jeroen Ketema	9220bea3ec	Swift: Rewrite SqlInjectionQuery to use DataFlow::ConfigSig	2023-04-04 09:10:15 +02:00
Geoffrey White	e62a6a037c	Swift: Split encryption queries into three parts (trivial re-organization of existing code).	2023-04-03 17:20:34 +01:00
Jeroen Ketema	70d0e987c4	Swift: Rewrite PredicateInjection to use DataFlow::ConfigSig	2023-04-03 16:19:30 +02:00
Geoffrey White	4d3fc02d7e	Merge pull request #11965 from geoffw0/realmfix ... Swift: Test and fix missing swift/cleartext-storage-database results	2023-04-03 14:02:18 +01:00
Paolo Tranquilli	abc0c7cf24	Swift: add trace logging of all trap emission	2023-04-03 11:47:24 +02:00
Paolo Tranquilli	a386c58371	Swift: add preliminary logging to dispatcher	2023-04-03 11:47:23 +02:00
Paolo Tranquilli	3fc488167f	Swift: add logging to main	2023-04-03 11:47:23 +02:00
Paolo Tranquilli	ed48065c2d	Swift: add logging infrastructure	2023-04-03 11:47:23 +02:00
Paolo Tranquilli	5e45377ad7	Merge pull request #12725 from github/redsun82/swift-successfully-extracted-lines ... Swift: add `SuccessfullyExtractedLines` query	2023-04-03 09:12:41 +02:00
Geoffrey White	7f69fe6e8c	Swift: Autoformat.	2023-03-31 16:32:49 +01:00
Geoffrey White	91f6b0ba4f	Swift: Correct test expectations.	2023-03-31 15:50:59 +01:00
Geoffrey White	c88bea7080	Update swift/ql/lib/codeql/swift/elements/type/TypeAliasType.qll ... Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2023-03-31 15:29:49 +01:00
Geoffrey White	b3e0c49435	Swift: Remove unnecessary imports.	2023-03-31 15:03:01 +01:00
Geoffrey White	8a805bb7a3	Swift: Replace getABaseOrAliasedType with slightly more sophisticated getABaseType.	2023-03-31 14:16:42 +01:00