hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,584 Commits 1,672 Branches 157 Tags
530b29ccdfb42bcb8173f270e2f89d76bc20c2bc
Commit Graph

64 Commits

Author SHA1 Message Date
Tony Torralba
1d745a6365 Merge pull request #10774 from atorralba/atorralba/swift/url-field-summaries 
Swift: Add summaries for tainted URL fields
 2022-10-18 15:32:23 +02:00
Tony Torralba
0eeaf71716 Simplify models by introducing TaintInheritingContent 2022-10-18 12:36:18 +02:00
Tony Torralba
81d38132cf Fix test expectations 2022-10-17 12:00:51 +02:00
Tony Torralba
1e4850044c Increase precision of the URL(string:relativeTo:) models 2022-10-17 11:29:30 +02:00
Tony Torralba
4b2aa93a05 Update test expectations after rebase 2022-10-11 17:54:59 +02:00
Mathias Vorreiter Pedersen
fc810ddbf4 Merge pull request #10775 from atorralba/atorralba/swift/custom-url-scheme-sources 
Swift: Add taint sources for custom URL scheme URLs
 2022-10-11 16:47:52 +01:00
Tony Torralba
8525db5af6 Add summaries for tainted URL fields 2022-10-11 17:24:26 +02:00
Tony Torralba
f4d43deec4 Add taint sources for custom URL scheme URLs 2022-10-11 17:19:04 +02:00
Tony Torralba
0892a5795d Add taint step for subscript expressions 2022-10-11 15:33:45 +02:00
Mathias Vorreiter Pedersen
0065a5af96 Swift: Accept path-explanation test changes. 2022-10-06 10:30:18 +01:00
Mathias Vorreiter Pedersen
1edd4d855a Swift: Add an example with flow through a callback function. 2022-10-06 10:30:11 +01:00
Mathias Vorreiter Pedersen
0b6ea703ea Swift: Create explicit parameter nodes for source parameters and MaD parameters. 2022-10-06 10:29:52 +01:00
Mathias Vorreiter Pedersen
2593120300 Merge pull request #10597 from geoffw0/swifttaintsource 
Swift: URL taint sources
 2022-10-04 09:22:27 +01:00
Geoffrey White
1248810e35 Swift: Add model for URL.resourceBytes and URL.lines. 2022-09-27 18:58:56 +01:00
Geoffrey White
fa5e03a53d Swift: Add tests of URL.resourceBytes and URL.lines. 2022-09-27 18:58:56 +01:00
Geoffrey White
69dd2c0eec Swift: Add a test of taint sources. 2022-09-27 18:58:56 +01:00
Geoffrey White
3ffb2a3ee6 Swift: Fix. 2022-09-27 18:39:03 +01:00
Geoffrey White
286fcb672c Swift: Additional test results. 2022-09-27 18:31:43 +01:00
Mathias Vorreiter Pedersen
a4209df239 Merge branch 'main' into swift-field-flow-2 2022-08-30 18:52:23 +01:00
Paolo Tranquilli
38d65d3fae Swift: make ConstructorDecl's name include params 
In order to distinguish overloads of the constructor and for consistency
with other function calls, `ConstructorDecl` string representation uses
the name which includes parentheses and parameter labels.

For consistency also the destructor got the same change, which means
all `DestructorDecl`s will now show as `deinit()` rather than `deinit`.
 2022-08-30 11:11:50 +02:00
Mathias Vorreiter Pedersen
f2d9393928 Swift: Only test local-flow step relations for nodes with proper location information. 2022-08-24 17:14:11 +01:00
Mathias Vorreiter Pedersen
2d90940111 Swift: Add field flow. 2022-08-24 14:52:36 +01:00
Mathias Vorreiter Pedersen
edb29b498d Swift: Teach 'DataFlowDispatch' about property getters, observers and setters. 2022-08-24 13:08:26 +01:00
Mathias Vorreiter Pedersen
de03fbdc49 Swift: Accept test changes. 2022-08-24 10:03:21 +01:00
Mathias Vorreiter Pedersen
6e148a4c3f Swift: Use the inline testing framework for dataflow tests. 2022-08-23 16:31:05 +01:00
Paolo Tranquilli
9b50336e47 Swift: synthesize MethodRefExpr 
This introduces a `MethodRefExpr` node synthesized out of
`DotSyntaxCallExpr` under the `LookupExpr` hierarchy. This means that
much like
```free_function(1, 2)```
is a `CallExpr` with `getFunction` giving a `DeclRefExpr`,
```foo.method(1, 2)```
is now a `CallExpr` with `getFunction` giving a `MethodRefExpr`.

`ApplyExpr::getStaticTarget` has been made work with it (as well as
`ConstructorRefCallExpr` which for the moment has been left where it
is), a new `MethodApplyExpr` has been introduced deriving from it,
and control and data flow libraries have adapted.

A small but was fixed in `qlgen` where the default constructor for DB
types was not correctly subtracting derived IPA types depending on the
order of definitions in `schema.yml`.

There are still some occurrences of `DotSyntaxCallExpr`, and as already
mentioned the other `SelfApply` class (`ConstructorRefCallExpr`) was
left alone. Their treatment is left for a future PR.
 2022-08-19 14:48:36 +02:00
Geoffrey White
1dcc44ff2f Swift: taintedFromLine -> tainted. 2022-08-11 11:01:05 +01:00
Geoffrey White
d16a7754e1 Swift: Take out common code. 2022-08-10 19:04:01 +01:00
Geoffrey White
d7f50eafae Swift: Minor fixes. 2022-08-10 19:03:52 +01:00
Geoffrey White
11f45cf20c Swift: Add expectation annotations. 2022-08-10 18:53:45 +01:00
Geoffrey White
c2ee5fe258 Swift: Add inlineExpectations test. 2022-08-10 18:47:46 +01:00
Geoffrey White
f3499e98a4 Swift: Move try, ! to dataflow. 2022-08-10 15:13:04 +01:00
Geoffrey White
6f696ccc3c Swift: Effect of merging with main to get the AnyTryExpr fix. 2022-08-09 19:02:59 +01:00
Geoffrey White
36f410b9f7 Swift: Move taint logic from isAdditionalTaintStep to defaultAdditionalTaintStep. 2022-08-09 17:42:28 +01:00
Geoffrey White
242dc80907 Swift: Add taint test of try. 2022-08-09 17:42:25 +01:00
Geoffrey White
3bda9af97a Swift: Add taint test of Data. 2022-08-09 17:42:24 +01:00
Geoffrey White
42c3e29a29 Swift: Add taint test of URL. 2022-08-09 17:42:23 +01:00
Geoffrey White
068ec8ea20 Swift: More tests of taint flow through Strings. 2022-08-09 16:43:07 +01:00
Geoffrey White
0141609703 Swift: Rename test. 2022-08-09 16:41:26 +01:00
Mathias Vorreiter Pedersen
05e6dd85d4 Swift: Add taint tests for flow through interpolated strings. 2022-08-04 21:57:05 +01:00
Mathias Vorreiter Pedersen
52b78b6e68 Swift: Don't assume we know the call target statically in 'TInOutUpdateNode'. 2022-08-04 21:57:04 +01:00
Robert Marsh
42929a70e8 Swift: implement LambdaCall in dataflow library 2022-06-22 17:30:54 +00:00
Mathias Vorreiter Pedersen
c049988116 Swift: Accept test changes. 2022-06-20 14:57:16 +01:00
Robert Marsh
d7f839a147 Swift: use ExitNode as CFG for InoutReturnNode 2022-06-13 15:50:30 +00:00
Robert Marsh
9f2abf3d47 Swift: more inout dataflow tests 2022-06-13 15:39:17 +00:00
Robert Marsh
755c56dafe Swift: autoformat 2022-06-09 18:50:39 +00:00
Robert Marsh
fca1afa493 Swift: fix inout parameter conflation at return 2022-06-09 17:09:49 +00:00
Robert Marsh
8d4830cd23 Swift: make dataflow test a path-problem 2022-06-09 17:09:49 +00:00
Robert Marsh
a7663adf90 Swift: add flow through inout parameters 2022-06-09 17:09:49 +00:00
Mathias Vorreiter Pedersen
d8916568b6 Merge branch 'main' into fix-inconsistent-cfg 2022-05-30 14:07:10 +01:00