codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00

Author	SHA1	Message	Date
Geoffrey White	6a0b56bf40	Swift: Fix for extensions.	2023-01-11 18:32:07 +00:00
Geoffrey White	2622de9747	Swift: Improve Core Data coverage.	2023-01-11 18:26:34 +00:00
Geoffrey White	82f9903bf0	Swift: Additional test cases for swift/cleartext-storage-database on Core Data.	2023-01-11 18:22:32 +00:00
Tony Torralba	c115a9fee4	Add more path injection sinks	2023-01-11 14:28:24 +01:00
Tony Torralba	a4f813183e	Merge pull request #11785 from atorralba/atorralba/swift/grdb-sinks Swift: Add sinks for the GRDB library	2023-01-11 11:49:37 +01:00
Tony Torralba	49a41c98ee	Test that hashed passwords are 'safe' to log This doesn't seem completely right, but the heuristic approach we have regarding sensitive expressions has to draw the line somewhere.	2023-01-09 18:01:07 +01:00
Tony Torralba	7e0869965c	Uncomment tests	2023-01-09 18:01:07 +01:00
Tony Torralba	c1f19dd145	Add stub so that tests work on Linux	2023-01-09 18:01:07 +01:00
Tony Torralba	b203a9eb6e	Add a sanitizer for OSLogPrivacy options Add test cases to verify how the sanitizer behaves depending on the argument type and the privacy option being used.	2023-01-09 18:01:07 +01:00
Tony Torralba	aad56097ac	Add Cleartext Loggin query for Swift. With some caveats: see TODO comments and failing tests.	2023-01-09 18:01:07 +01:00
Tony Torralba	eb78661c1f	Add missing SQL injection tests for the GRDB SQL class	2023-01-09 17:36:54 +01:00
Geoffrey White	9333e80def	Swift: Add getVaList stub to the test.	2023-01-09 10:29:37 +00:00
Mathias Vorreiter Pedersen	9be9636816	Merge pull request #11670 from atorralba/atorralba/swift/predicate-injection Swift: Add predicate injection query	2023-01-09 08:54:13 +00:00
Geoffrey White	fc646a6d48	Swift: Update .expected following a toString change in main.	2023-01-03 16:25:14 +00:00
Geoffrey White	e05bb7fcee	Merge branch 'main' into format	2023-01-03 15:14:55 +00:00
Tony Torralba	07d99bd643	Add path injection sinks	2022-12-23 17:16:06 +01:00
Tony Torralba	4215a89bc8	Add cleartext storage database sinks	2022-12-23 17:15:59 +01:00
Tony Torralba	ac39aeb6b6	Add SQLi sinks	2022-12-23 17:03:31 +01:00
Nora Dimitrijević	8b0da01e0d	Swift: allow self./super. sinks in StaticInitializationVector Assumption: the extra path is not an issue in practice as the body of the cryptographic library's init methods are not normally extracted, only the stubs in this test are.	2022-12-19 17:39:44 -05:00
Geoffrey White	1f7d96a74a	Merge branch 'main' into format	2022-12-15 15:17:54 +00:00
Tony Torralba	11c03fb8c9	Add 'good' test cases	2022-12-15 12:35:47 +01:00
Nora Dimitrijević	5faa44389e	Swift: Basic acceptance of UnsafeJsEval test TODO: Fix remaining problem in a separate PR: - path found to one async `@MainActor` evaluateJavaScript call, but not others. Investigate why. - Remove duplicate paths and those with unnecessary [summary] nodes.	2022-12-14 15:02:15 -05:00
Nora Dimitrijević	95d4c304da	Swift: Fix .expected tests Only UnsafeJsEval remains.	2022-12-14 15:02:15 -05:00
Tony Torralba	d72d096c86	Add predicate injection query	2022-12-13 10:27:29 +01:00
Tony Torralba	7dca1b4b06	Merge branch 'main' into atorralba/swift/path-injection	2022-12-05 16:21:22 +01:00
Geoffrey White	85a0a42da9	Swift: try again to satisfy ql-for-ql.	2022-12-02 10:15:11 +00:00
Geoffrey White	f7ebd1312e	Swift: Corrections.	2022-12-01 20:13:56 +00:00
Geoffrey White	32c4728f83	Swift: Add tests.	2022-12-01 16:32:33 +00:00
Karim Ali	f6bc88471a	update the expected output for CWE-079 Now that we have support for taint through fields of String, we can now detect certain flows that we previously marked as [NOT DETECTED]. This commit updates the expected output of CWE-079 (and the in-code annotation of the accompanying test case) to reflect that update.	2022-11-30 16:34:24 +02:00
Tony Torralba	e222807693	Remove dubious sinks	2022-11-30 13:25:17 +01:00
Tony Torralba	bf023b0aed	Use dominance in path injection sanitizer to avoid FNs	2022-11-29 13:33:27 +01:00
Tony Torralba	52ebf66d21	Add basic path sanitizer	2022-11-29 11:55:04 +01:00
Tony Torralba	1576ee9410	Add additional stub to avoid errors when building on Linux	2022-11-29 11:55:03 +01:00
Tony Torralba	8cc66172c3	Add path injection query	2022-11-29 11:55:03 +01:00
Geoffrey White	ffbd201450	Swift: Implement basic model of WKUserScript.	2022-11-28 12:20:29 +00:00
Geoffrey White	116d9667e7	Swift: Remove special case from query.	2022-11-28 12:15:38 +00:00
Tony Torralba	fc7c66dab2	Remove now unnecessary additional taint step in UnsafeJsEval	2022-11-24 12:35:52 +01:00
Nora Dimitrijević	8f065e9483	Merge pull request #11001 from d10c/swift/js-injection	2022-11-24 10:52:05 +01:00
Geoffrey White	2b52a44024	Merge pull request #11210 from geoffw0/alamofire2 Swift: Add Alamofire model to swift/cleartext-transmission	2022-11-23 18:23:44 +00:00
Geoffrey White	ef837f72e4	Swift: Test .expected changes resulting from merge.	2022-11-23 14:57:08 +00:00
Tony Torralba	16a76853f4	Add libxml2 sinks	2022-11-21 16:25:51 +01:00
Nora Dimitrijević	8f5af3fca6	Merge branch 'main' into swift/js-injection	2022-11-18 17:07:20 +01:00
Geoffrey White	127888f3c1	Merge branch 'main' into alamofire2	2022-11-16 13:32:13 +00:00
Nora Dimitrijević	09b669a584	Swift: Add direct call to remote source to a test Strangely, there are two separate paths to each of the JSEvaluateScript sinks: one passing through the JSString constructor, one omitting this step.	2022-11-15 21:57:46 +01:00
Geoffrey White	9887e2b53b	Merge branch 'main' into alamofire2	2022-11-15 12:19:54 +00:00
Tony Torralba	f2888dcb1e	Add sinks and tests for the AEXML library.	2022-11-14 15:46:44 +01:00
Geoffrey White	3e6eedec30	Swift: Fix test output after merge.	2022-11-14 14:42:56 +00:00
Geoffrey White	5460004223	Merge branch 'main' into HEAD	2022-11-14 13:44:39 +00:00
Tony Torralba	52bd140213	Fix test expectations	2022-11-14 12:41:13 +01:00
Tony Torralba	c03eab2410	Add XMLDocument sinks	2022-11-14 12:41:13 +01:00

... 6 7 8 9 10 ...

540 Commits