hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
46,021 Commits 1,671 Branches 157 Tags
ad0b36a0c901b694ba5d4e1f586128305ebcd28b
Commit Graph

381 Commits

Author SHA1 Message Date
Tony Torralba
759ffc4743 Merge pull request #11027 from atorralba/atorralba/swift/webview-js-native-bridge-sources 
Swift: WebView JS-native bridge sources
 2022-11-02 09:32:57 +01:00
Geoffrey White
c3577b2256 Swift: Rename test directory. 2022-11-01 09:21:50 +00:00
Geoffrey White
7d80c5c7f7 Swift: Rename query directory. 2022-11-01 09:21:10 +00:00
Tony Torralba
b62ede1544 Fix issue in JsExportedSource 
Model the source as an access to the tainted field, instead of the field itself (which didn't work)
 2022-10-31 12:08:03 +01:00
Tony Torralba
2402504a4c Add missing SummaryPostUpdateNode 2022-10-28 18:24:17 +02:00
Tony Torralba
baf7986cfa Rework types exported through JSContext 
Better model the JSExport protocol logic
 2022-10-28 15:56:05 +02:00
Tony Torralba
48b0cc0229 Add models for JSContext and JSValue 2022-10-28 13:01:25 +02:00
Tony Torralba
81701547b2 Add taint sources for WKScriptMessage 
This is what contains externally-provided data in Webview JS-native bridges
 2022-10-28 12:58:27 +02:00
Mathias Vorreiter Pedersen
142e50008e Merge pull request #10967 from MathiasVP/fix-swift-summary 
Swift: Fix flow out of summarized callables
 2022-10-28 12:57:52 +02:00
Mathias Vorreiter Pedersen
062a0abceb Swift: Fix flow out of summarized callables. 2022-10-28 12:09:05 +02:00
Rasmus Wriedt Larsen
8628ff5e52 Merge pull request #10999 from RasmusWL/inline-fail-tag 
InlineExpectationsTest: Fail if missing `getARelevantTag`
 2022-10-28 10:35:49 +02:00
Geoffrey White
ca279f4073 Merge pull request #10996 from geoffw0/methods 
Swift: Add MethodDecl.hasQualifiedName
 2022-10-27 19:18:48 +01:00
Rasmus Wriedt Larsen
fc7eb5b4fc InlineExpectationsTest: sync 2022-10-27 09:02:28 +02:00
Rasmus Wriedt Larsen
5e9897d150 InlineExpectationsTest: sync 2022-10-26 18:21:13 +02:00
Geoffrey White
e981a28b0f Swift: autoformat test. 2022-10-26 16:32:52 +01:00
Geoffrey White
0d41d4e90c Swift: for consistancy, lets have a simple hasName function as well. 2022-10-26 16:11:01 +01:00
Geoffrey White
b24a27d4ae Swift: Add hasQualifiedName methods and tests. 2022-10-26 16:03:49 +01:00
Tony Torralba
30f5fb6d83 Update expectations after merge 2022-10-24 14:24:13 +02:00
Tony Torralba
f523fbc9d0 Merge branch 'main' into atorralba/swift/customurlschemes 2022-10-24 11:41:50 +02:00
Tony Torralba
3973e1ce04 Update swift/ql/test/library-tests/dataflow/dataflow/FlowConfig.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-10-24 11:37:51 +02:00
Tony Torralba
80f7d58fae Add missing tests for not-quite-working flow steps 2022-10-24 09:37:22 +02:00
Paolo Tranquilli
408968a417 Swift: fix swift compilation in QL tests 2022-10-21 15:20:38 +02:00
Geoffrey White
138643519c Merge pull request #10757 from geoffw0/sqlinject 
Swift: Query for SQL injection
 2022-10-20 18:55:38 +01:00
Tony Torralba
c2a2d6b379 Fix LaunchOptionsUrlVarDecl 
Update test expectations
 2022-10-19 17:42:28 +02:00
Tony Torralba
e2c9240973 Add a new Custom URL Scheme source 
Also adds a couple of data flow steps to model flow through `?` expressions.
 2022-10-19 16:55:14 +02:00
Geoffrey White
027b71381a Swift: annotate all cases. 2022-10-18 16:38:02 +01:00
Tony Torralba
1d745a6365 Merge pull request #10774 from atorralba/atorralba/swift/url-field-summaries 
Swift: Add summaries for tainted URL fields
 2022-10-18 15:32:23 +02:00
Tony Torralba
0eeaf71716 Simplify models by introducing TaintInheritingContent 2022-10-18 12:36:18 +02:00
Geoffrey White
040d72e7f1 Merge pull request #10857 from geoffw0/locationstring 
Swift: Give Location a useful toString
 2022-10-17 18:10:51 +01:00
Paolo Tranquilli
3a99b9845e Merge pull request #10856 from github/redsun82/swift-show-ql-class-in-collapsed-hierarchy-tests 
Swift: show QL class in generated tests on collapsed hierarchies
 2022-10-17 16:38:24 +02:00
Geoffrey White
0281bfedda Merge pull request #10689 from d10c/swift/cleartext-storage-nsuserdefaults 
Swift: Query for CWE-312: Exposure of sensitive information using NSUserDefaults
 2022-10-17 14:05:17 +01:00
Geoffrey White
13f9834fde Merge pull request #10780 from karimhamdanali/swift-hardcoded-key 
Swift: detect hardcoded encryption keys
 2022-10-17 14:02:31 +01:00
Geoffrey White
9767064310 Swift: Fix bug for sqlite3_prepare_v3. 2022-10-17 13:40:35 +01:00
Geoffrey White
1221cbaee7 Swift: Updated results after merge with main. 2022-10-17 13:35:46 +01:00
Geoffrey White
13018150ed Merge branch 'main' into sqlinject 2022-10-17 13:30:14 +01:00
Geoffrey White
3b9151cb24 Swift: Restore UnknownLocation.toString(), it seems helpful. 2022-10-17 13:11:22 +01:00
Paolo Tranquilli
e49268d036 Swift: show QL class in generated tests on collapsed hierarchies 
In those kinds of tests the results may have different final classes
that are not necessarily visible (or tested) solely through the string
representation. For better testing and reading of expected results,
`getQlPrimaryClasses` is added in these cases.
 2022-10-17 14:08:04 +02:00
Geoffrey White
9c8bbe384b Swift: Add Location.toString. 2022-10-17 12:48:17 +01:00
Geoffrey White
4d0c23c4da Swift: Add a test of Location.qll. 2022-10-17 12:45:26 +01:00
Paolo Tranquilli
789be9a1ad Swift: add ImplicitConversionExpr test 2022-10-17 12:57:44 +02:00
Karim Ali
bbc03a1578 add false negatives to the test case 2022-10-17 12:54:34 +02:00
Karim Ali
d56c82ff75 add a query that detects hardcoded keys 2022-10-17 12:54:34 +02:00
Tony Torralba
81d38132cf Fix test expectations 2022-10-17 12:00:51 +02:00
Tony Torralba
1e4850044c Increase precision of the URL(string:relativeTo:) models 2022-10-17 11:29:30 +02:00
Geoffrey White
f96e4eb87e Swift: One more go at getting the query message how ql-for-ql wants it. 2022-10-14 15:28:14 +01:00
Geoffrey White
24c6bb4c52 Swift: More modern (?) phrasing. 2022-10-14 14:41:02 +01:00
Geoffrey White
3da3a278ab Swift: Query metadata. 2022-10-14 14:31:38 +01:00
Geoffrey White
76ff593cc5 Swift: Bring it all together into a query. 2022-10-13 16:06:44 +01:00
Josh Soref
893c5457a8 spelling: disambiguation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:40 -04:00
Geoffrey White
7d78df25bf Swift: Define SQL sinks. 2022-10-13 15:50:57 +01:00