hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,383 Commits 1,673 Branches 157 Tags
ad05cc3cb1533a56710bcaa5fd762f712b670ba9
Commit Graph

979 Commits

Author SHA1 Message Date
Geoffrey White
ad05cc3cb1 Swift: Separate out a FormatString library as well. 2022-12-01 18:09:46 +00:00
Geoffrey White
43596869e7 Swift: Move query logic to a .qll. 2022-12-01 18:09:45 +00:00
Geoffrey White
87fa159384 Swift: Add security-severity, and correct one for another query that apparently wasn't right. 2022-12-01 18:09:39 +00:00
Geoffrey White
58e9a0436e Swift: Add metadata. 2022-12-01 18:09:33 +00:00
Geoffrey White
2b61f26a64 Swift: Add doc. 2022-12-01 16:32:34 +00:00
Geoffrey White
32c4728f83 Swift: Add tests. 2022-12-01 16:32:33 +00:00
Geoffrey White
a2210959b5 Swift: Uncontrolled format string query (initial version). 2022-12-01 16:32:33 +00:00
Mathias Vorreiter Pedersen
3716d67cc9 Merge pull request #11451 from geoffw0/wkuserscript 
Swift: models for WKUserScript
 2022-11-28 14:24:19 +00:00
Geoffrey White
30468dd419 Swift: Implement field content as well. 2022-11-28 12:27:33 +00:00
Geoffrey White
ffbd201450 Swift: Implement basic model of WKUserScript. 2022-11-28 12:20:29 +00:00
Geoffrey White
116d9667e7 Swift: Remove special case from query. 2022-11-28 12:15:38 +00:00
Geoffrey White
3971cbf294 Swift: Extend the taint test with WKUserScript. 2022-11-28 12:11:38 +00:00
Geoffrey White
b3d2e759a6 Swift: Update swift/sql-injection to include local flow sources. 2022-11-28 10:11:44 +00:00
Geoffrey White
a5a459fe0a Swift: Update swift/unsafe-js-eval to include local flow sources. 2022-11-28 10:11:44 +00:00
Tony Torralba
1d57663343 Merge pull request #11345 from atorralba/atorralba/swift/data-models 
Swift: Add taint models for the Data class
 2022-11-24 14:23:41 +01:00
Geoffrey White
32442a33de Merge pull request #11270 from geoffw0/optionals2 
Swift: Dataflow through ?? and ? :
 2022-11-24 13:20:54 +00:00
Tony Torralba
e4e5291511 Fix more test expectations after rebase 2022-11-24 13:03:12 +01:00
Tony Torralba
fc7c66dab2 Remove now unnecessary additional taint step in UnsafeJsEval 2022-11-24 12:35:52 +01:00
Tony Torralba
e67b72d954 Update test expectations 2022-11-24 12:35:51 +01:00
Tony Torralba
25354d2dd8 Apply code review suggestions 2022-11-24 12:35:51 +01:00
Tony Torralba
6a8b9fde78 Add data flowsources test 2022-11-24 12:35:51 +01:00
Tony Torralba
d6b14a1395 Update test expectations 2022-11-24 12:35:50 +01:00
Tony Torralba
2284127650 Add MaD rows for the Data class 2022-11-24 12:35:50 +01:00
Geoffrey White
c6835cd270 Swift: Update .generated.list. 2022-11-24 11:16:56 +00:00
Tony Torralba
4f8ef13cd8 Fix expectation in NSData tests 2022-11-24 12:13:46 +01:00
Tony Torralba
04450c5173 Merge pull request #11378 from atorralba/atorralba/swift/nsdata-models 
Swift: Add models for NSData and NSMutableData
 2022-11-24 11:19:14 +01:00
Tony Torralba
2ac06b8db9 Turns out lambda flow is already supported 2022-11-24 10:52:27 +01:00
Nora Dimitrijević
8f065e9483 Merge pull request #11001 from d10c/swift/js-injection 2022-11-24 10:52:05 +01:00
Geoffrey White
2b52a44024 Merge pull request #11210 from geoffw0/alamofire2 
Swift: Add Alamofire model to swift/cleartext-transmission
 2022-11-23 18:23:44 +00:00
Geoffrey White
ef837f72e4 Swift: Test .expected changes resulting from merge. 2022-11-23 14:57:08 +00:00
Geoffrey White
556d68aeed Update swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-11-23 09:17:18 +00:00
Geoffrey White
7d45ca6293 Merge branch 'main' into optionals2 2022-11-22 17:35:27 +00:00
Tony Torralba
2e1a78e1bf Add models for NSData and NSMutableData 2022-11-22 15:48:58 +01:00
Geoffrey White
949cfb758d Merge branch 'main' into alamofire2 2022-11-22 09:29:53 +00:00
Tony Torralba
16a76853f4 Add libxml2 sinks 2022-11-21 16:25:51 +01:00
Tom Hvitved
d189ba52c0 Merge pull request #11341 from hvitved/cfg/multi-edge-workaround 
CFG: Workaround in test output for origin/target pairs with multiple edges
 2022-11-21 14:34:17 +01:00
Tom Hvitved
0d89f57680 Swift: Update expected test output 2022-11-21 12:55:40 +01:00
Tom Hvitved
e7ed056b6f Sync files 2022-11-21 12:00:36 +01:00
Nora Dimitrijević
8f5af3fca6 Merge branch 'main' into swift/js-injection 2022-11-18 17:07:20 +01:00
Paolo Tranquilli
2cd58817d7 Swift: skip QL code generation on untouched files 
This is a developer QoL improvement, where running codegen will skip
writing (and especially formatting) any files that were not changed.

**Why?** While code generation in itself was pretty much instant, QL
formatting of generated code was starting to take a long time. This made
unconditionally running codegen quite annoying, for example before each
test run as part of an IDE workflow or as part of the pre-commit hook.

**How?** This was not completely straightforward as we could not work
with the contents of the file prior to code generation as that was
already post-processed by the QL formatting, so we had no chance of
comparing the output of template rendering with that. We therefore store
the hashes of the files _prior_ to QL formatting in a checked-in file
(`swift/ql/.generated.list`). We can therefore load those hashes at
the beginning of code generation, use them to compare the template
rendering output and update them in this special registry file.

**What else?** We also extend this mechanism to detect accidental
modification of generated files in a more robust way. Before this patch,
we were doing it with a rough regexp based heuristic. Now, we just store
the hashes of the files _after_ QL formatting in the same checked file,
so we can check that and stop generation if a generated file was
modified, or a stub was modified without removing the `// generated`
header.
 2022-11-18 16:56:01 +01:00
Geoffrey White
16a84bd94a Merge branch 'main' into alamofire2 2022-11-18 09:28:46 +00:00
Geoffrey White
2780d9a9a3 Merge branch 'main' into optionals2 2022-11-17 18:16:46 +00:00
Nora Dimitrijević
8b332778e3 Swift: update @security-severity 2022-11-17 18:08:06 +01:00
Mathias Vorreiter Pedersen
2796c46598 Merge pull request #11292 from github/redsun82/swift-remove-ipa-from-dbscheme-cpp 
Swift: remove synthesized classes from the dbscheme
 2022-11-16 16:00:58 +00:00
Tom Hvitved
67b6a82cf1 Merge pull request #11198 from hvitved/ssa/expose-phi-reads 
SSA: Expose phi-read nodes
 2022-11-16 15:11:58 +01:00
Geoffrey White
127888f3c1 Merge branch 'main' into alamofire2 2022-11-16 13:32:13 +00:00
Geoffrey White
c8630bbe4f Merge branch 'main' into optionals2 2022-11-16 13:31:08 +00:00
Tom Hvitved
67e8ec1a5f Swift: Update expected test output 2022-11-16 13:36:03 +01:00
Anders Schack-Mulligen
94bca4399a Merge pull request #11183 from aschackmull/dataflow/groupflow 
Dataflow: Introduce support for src/sink grouping in path results.
 2022-11-16 12:59:01 +01:00
Paolo Tranquilli
bafb9ae020 Swift: add upgrade/downgrade scripts 2022-11-16 12:00:26 +01:00