Mathias Vorreiter Pedersen
f2767eb03a
Merge pull request #9972 from MathiasVP/swift-taint-through-interpolated-strings
...
Swift: Taint through interpolated strings
2022-08-05 15:55:35 +01:00
Robert Marsh
10710e27df
Merge pull request #9978 from MathiasVP/swift-fix-mad
...
Swift: Fix flow summaries for methods
2022-08-05 09:53:16 -04:00
Mathias Vorreiter Pedersen
6cfeb24d94
Swift: More comments.
2022-08-05 13:30:45 +01:00
Mathias Vorreiter Pedersen
46ec7a9b82
Swift: Add the InlineExpectationsTest framework.
2022-08-05 11:49:15 +01:00
Mathias Vorreiter Pedersen
69564d2192
Swift: Add a couple of standard Comment subclasses.
2022-08-05 11:48:29 +01:00
Mathias Vorreiter Pedersen
946b8c68a6
Swift: Accept test changes.
2022-08-05 11:19:00 +01:00
Mathias Vorreiter Pedersen
a302570349
Merge branch 'main' into swift-taint-through-interpolated-strings
2022-08-05 11:17:54 +01:00
Mathias Vorreiter Pedersen
24c9ab8015
Swift: Fix MaD for methods
2022-08-05 10:52:28 +01:00
Alex Denisov
5e69adb0a9
Swift: extract comments
2022-08-05 11:50:48 +02:00
Mathias Vorreiter Pedersen
1c8090fa04
Merge pull request #9964 from geoffw0/cwe95
...
Swift: Query for CWE-79 / CWE-95
2022-08-05 10:38:33 +01:00
Geoffrey White
1ce06accbd
Swift: Fix capitalization issue?
2022-08-05 10:20:51 +01:00
Mathias Vorreiter Pedersen
ac26371de0
Merge pull request #9909 from geoffw0/stringlengthconflation6
...
Swift: Understand String.utf8.count etc in the string length conflation CVE query
2022-08-05 10:13:25 +01:00
Mathias Vorreiter Pedersen
2f13c65ad7
Update swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll
...
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com >
2022-08-04 22:45:45 +01:00
Mathias Vorreiter Pedersen
05e6dd85d4
Swift: Add taint tests for flow through interpolated strings.
2022-08-04 21:57:05 +01:00
Mathias Vorreiter Pedersen
9c48ce1bf2
Swift: Flow (1) through the internal function calls generated by the compiler during string interpolation, and (2) out of the internal 'TapExpr' and into the interpolated string result.
2022-08-04 21:57:05 +01:00
Mathias Vorreiter Pedersen
52b78b6e68
Swift: Don't assume we know the call target statically in 'TInOutUpdateNode'.
2022-08-04 21:57:04 +01:00
Mathias Vorreiter Pedersen
ff6b8c5c9c
Swift: Replace 'CallExpr' with 'ApplyExpr'. This is needed because not all the calls inside the interpolated string computations are 'CallExpr's.
2022-08-04 21:57:04 +01:00
Mathias Vorreiter Pedersen
3028b80e46
Swift: Control-flow through interpolated strings.
2022-08-04 21:57:04 +01:00
Geoffrey White
997068a9cb
Swift: Fix a suggestion merge conflict.
2022-08-03 18:16:31 +01:00
Geoffrey White
873c62ef78
Swift: Apply another code review suggestion.
2022-08-03 18:16:01 +01:00
Geoffrey White
e4dab17318
Apply suggestions from code review
...
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com >
2022-08-03 18:14:14 +01:00
Geoffrey White
9d49986345
Swift: Make QL-for-QL happy.
2022-08-03 17:18:57 +01:00
Geoffrey White
39f1352847
Swift: Complete the rename.
2022-08-03 14:45:20 +01:00
Geoffrey White
81bd61288c
Swift: I think CWE-079 is the more accurate CWE for this query.
2022-08-03 14:45:19 +01:00
Geoffrey White
c635895644
Swift: Documentation.
2022-08-03 14:45:18 +01:00
Mathias Vorreiter Pedersen
be7ba925f9
Swift: Cache 'lastRefRedef'.
2022-08-03 11:14:55 +01:00
Geoffrey White
8d9653a999
Swift: Generated security-severity tag.
2022-08-03 09:54:54 +01:00
Geoffrey White
ea17b852b4
Swift: Explain ExternalRemoteFlowSource.
2022-08-03 09:42:51 +01:00
Geoffrey White
651b73e21e
Swift: Check for tainted baseURL.
2022-08-03 09:42:48 +01:00
Geoffrey White
53ea65b045
Swift: Implement query.
2022-08-03 09:41:28 +01:00
Geoffrey White
2d76d6d51a
Swift: Tests for CWE-95.
2022-08-03 09:36:22 +01:00
Geoffrey White
bada5bf7c1
Swift: Placeholder query + docs for CWE-95.
2022-08-02 10:47:06 +01:00
Mathias Vorreiter Pedersen
e29676af72
Swift: Add 'TaintTracking.qll'.
2022-08-01 16:48:02 +01:00
Paolo Tranquilli
45e14c96f2
Swift: extract ModuleType
2022-07-29 16:48:45 +02:00
Paolo Tranquilli
76ea63ffbe
Swift: deduplicate VarDecl
...
Deduplication of `ConcreteVarDecl` is triggered only if its
`DeclContext` is not local. This avoids a mangled name conflict.
Also added more thourough tests for `ConcreteVarDecl` and `ParamDecl`.
2022-07-28 12:28:52 +02:00
Geoffrey White
6cd6f74be9
Swift: Repair predicate lost in merge.
2022-07-28 10:13:04 +01:00
Geoffrey White
72fd7179f6
Merge branch 'main' into stringlengthconflation6
2022-07-28 10:01:28 +01:00
Geoffrey White
e5342867c6
Swift: Add a note to the qhelp.
2022-07-28 09:52:33 +01:00
Paolo Tranquilli
9b26921cb6
Control flow: add order disambuigation customization
2022-07-28 09:11:42 +02:00
Geoffrey White
fe69bbf17c
Swift: It turns out NSString.length always exactly matches String.utf16.count.
2022-07-27 17:54:57 +01:00
Geoffrey White
70ca37a3d0
Swift: Model utf8, utf16 a\nd unicodeScalars sources.
2022-07-27 17:39:04 +01:00
Geoffrey White
89d5bbb8e0
Swift: Generalize the flow states in this query.
2022-07-27 17:39:01 +01:00
Geoffrey White
9e773302ed
Swift: Extend test cases.
2022-07-27 17:39:01 +01:00
Paolo Tranquilli
ebf650c0c0
Control Flow: add more ordering for edges
2022-07-27 15:01:17 +02:00
Paolo Tranquilli
fe73601a4e
Merge pull request #9805 from github/redsun82/swift-type-repr-collapse
...
Swift: collapse `TypeRepr` hierarchy
2022-07-25 09:31:41 +02:00
Jeroen Ketema
c2b7300709
Merge pull request #9848 from geoffw0/stringlengthconflation5
...
Swift: More improvements for the string length conflation query
2022-07-20 14:05:05 +02:00
Paolo Tranquilli
3527897eff
Swift: make type optional in TypeRepr
...
A type representation may not have a type in unresolved things, which
for example pop up in inactive `#if` clauses.
2022-07-20 09:13:34 +02:00
Geoffrey White
541df9b550
Swift: Remove TODO comment. We have a test for this problem now.
2022-07-18 14:26:12 +01:00
Geoffrey White
336548f746
Swift: Improve comments.
2022-07-18 14:24:16 +01:00
Geoffrey White
9474e63faf
Swift: Clean up isSink (4 - move common code out).
2022-07-18 14:24:15 +01:00
