hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,729 Commits 1,672 Branches 157 Tags
c2ec1b0a810fcc79a3524f5933e67cbede16f4f0
Commit Graph

2418 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
99545420d5 Merge pull request #13177 from MathiasVP/recommend-secure-randomness 
Swift: Recommend a proper source of randomness in `swift/hardcoded-key`
 2023-05-16 18:04:13 +01:00
Mathias Vorreiter Pedersen
9def3dd440 Update swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-05-16 17:42:34 +01:00
Geoffrey White
3bd16fa1d8 Merge pull request #13184 from geoffw0/docconsistency 
Swift: Mirror changes made in the tutorial docs.
 2023-05-16 17:42:03 +01:00
Mathias Vorreiter Pedersen
f5be8cfe58 Merge pull request #13167 from geoffw0/sensitivefps 
Swift: Fix some FPs from the sensitive data library
 2023-05-16 17:12:47 +01:00
Paolo Tranquilli
fc9fe13278 Merge pull request #13181 from github/redsun82/swift-diagnostics-enable-warnings 
Swift: turn internal error into a TSP warning
 2023-05-16 17:20:46 +02:00
Paolo Tranquilli
7e61e99e4a Swift: make help links optional argument more explicit 2023-05-16 16:52:22 +02:00
Geoffrey White
35b35ec377 Swift: Mirror changes made in the docs. 2023-05-16 14:26:16 +01:00
Paolo Tranquilli
8291b2229a Swift: turn internal error into a TSP warning 2023-05-16 15:18:29 +02:00
Mathias Vorreiter Pedersen
03ef18b286 Swift: Recommend a proper source of randomness in 'swift/hardcoded-key'. 2023-05-16 11:59:41 +01:00
Alexandre Boulgakov
8db945a11e Swift: Use ... to find and run all Bazel tests instead of having to list them. 2023-05-15 20:51:31 +01:00
Geoffrey White
4781881a6a Swift: Improve mobile/phone number regexp. 2023-05-15 15:30:30 +01:00
Geoffrey White
a0cba8cb6b Swift: Address boolean value FPs. 2023-05-15 14:24:18 +01:00
Geoffrey White
27c8eb301e Swift: Fix URL-related FPs. 2023-05-15 14:08:43 +01:00
Geoffrey White
e59d7e0345 Swift: Remove assumption that 'username' is not sensitive (in the tests). 2023-05-15 13:58:44 +01:00
Geoffrey White
dba951111a Swift: Add more sensitive data test cases. 2023-05-15 13:58:44 +01:00
Paolo Tranquilli
10d084fbbf Swift: update comment 2023-05-15 13:48:24 +02:00
Paolo Tranquilli
cfcd26cf0d Swift: support markdown TSP diagnostics 2023-05-15 13:48:24 +02:00
Paolo Tranquilli
dbff3e4fa4 Swift: remove unneeded SwiftDiagnosticLogWrapper 2023-05-15 10:08:43 +02:00
Paolo Tranquilli
a2cb331ebe Swift: remove hacky binlog interception 2023-05-15 10:02:24 +02:00
Paolo Tranquilli
9a555aea5f Merge branch 'main' into redsun82/swift-diagnostics-locations 2023-05-15 10:01:45 +02:00
Paolo Tranquilli
95cd948f09 Swift: order help links in integration test checks 
They are currently a set within the codeql cli.
 2023-05-14 22:33:48 +02:00
Paolo Tranquilli
d7cc506080 Merge branch 'main' into sashabu/tsp-incompatible-os 2023-05-12 09:58:36 +02:00
Paolo Tranquilli
9ffada31a8 Swift: make internal error telemetry only for the moment 2023-05-12 09:19:44 +02:00
Paolo Tranquilli
cce9352272 Swift: add visibility customization to diagnostics 2023-05-12 09:05:45 +02:00
Paolo Tranquilli
dedbd9ab63 Swift: remove unneeded SwiftDiagnosticsDumper 2023-05-12 08:30:43 +02:00
Paolo Tranquilli
86777fa4c2 Swift: remove obsolete comment 2023-05-12 08:23:14 +02:00
Paolo Tranquilli
03f4625b5f Swift: go back to explicit DIAGNOSE_ERROR macros 2023-05-12 06:30:58 +02:00
Paolo Tranquilli
3f2a059b3b Swift: add location support to TSP diagnostics 
This required a bit of an overhaul of the original integration of
JSON diagnostics into binlog.

The problem is that it is quite hard to add a kind of metadata to
binlog entries without changing its code. Another problem is that when
wanting to avoid double evaluation of logging macro arguments one
cannot really add a separate "diagnose" step easily.

The proposed solution consists in two things:
* hook into a binlog plumbing function by providing a better overload
  resolution match, which happens after logging macro expansion,
  bypassing the problem of double evaluation
* in that hook, produce the diagnostic directly, without waiting to
  reconstruct the diagnostics entry from the binlog serialized entry.

This allows to forgo the weird category to diagnostic mapping, and now a
diagnostics emission simply happens when a diagnostic source is given
as the first argument after the log format string. A flavour of
diganostics sources with locations is then added with the same
mechanism, allowing to write something like
```cpp
LOG_ERROR("[{}] ouch!", internalError.withLocation("foo.swift", 32));
```
 2023-05-11 17:52:02 +02:00
Alexandre Boulgakov
0915d2ad77 Swift: Emit a diagnostic when attempting to use the autobuilder on Linux. 2023-05-11 14:43:13 +01:00
Geoffrey White
e402c225f4 Merge pull request #13115 from geoffw0/swift-csv-labels 
Swift: Accept standardized CSV sink labels
 2023-05-11 13:34:48 +01:00
Geoffrey White
15a7fdd297 Swift: Update existing CSV sinks to new labels. 2023-05-11 12:48:48 +01:00
Geoffrey White
8fac01e84f Swift: Remove the old sinks. 2023-05-11 11:29:44 +01:00
Geoffrey White
7251e90633 Merge pull request #12941 from geoffw0/textsource 
Swift: Add taint sources for UITextField
 2023-05-11 11:11:45 +01:00
Geoffrey White
f1893dae85 Swift: Repair UIKit framework after merge. 2023-05-11 09:14:52 +01:00
Geoffrey White
68501b0082 Merge branch 'main' into textsource 2023-05-11 09:14:38 +01:00
Paolo Tranquilli
e925365e2d Merge pull request #13087 from github/redsun82/swift-autobuilder-no-swift 
Swift: surface errors about no viable swift targets found
 2023-05-11 10:14:06 +02:00
Paolo Tranquilli
5fcc5e1d4a Swift: initialize char buffer 2023-05-11 08:57:41 +02:00
Kasper Svendsen
1f0cb9eeb8 Swift: Enable implicit this receiver warnings 2023-05-11 08:35:59 +02:00
Kasper Svendsen
082e6a1245 Merge pull request #13108 from kaspersv/kaspersv/swift-explicit-this-receivers1 
Swift: Make implicit this receivers explicit
 2023-05-11 08:34:14 +02:00
Kasper Svendsen
1ee823b0f0 Merge pull request #13111 from kaspersv/kaspersv/swift-explicit-this-receivers3 
Swift: Make implicit this receivers explicit
 2023-05-11 08:33:57 +02:00
Paolo Tranquilli
92a4a798a0 Swift: apply review suggestions 2023-05-11 06:35:38 +02:00
Geoffrey White
100d960ca9 Merge pull request #12940 from geoffw0/swiftdoc 
Swift: Initial language guides documentation for Swift
 2023-05-10 19:00:35 +01:00
Geoffrey White
a3c8515629 Swift: Accept cross-language standardized CSV sink label. 2023-05-10 18:24:59 +01:00
Mathias Vorreiter Pedersen
87325dbfd1 Merge pull request #13112 from geoffw0/swifttodos2 
Swift: Delete some more TODO comments.
 2023-05-10 16:39:37 +01:00
Geoffrey White
81c29799c5 Merge branch 'main' into swiftdoc 2023-05-10 15:47:30 +01:00
Geoffrey White
1820d36a4e Swift: Autoformat. 2023-05-10 15:36:16 +01:00
Kasper Svendsen
d346d1733e Swift: Make implicit this receivers explicit 2023-05-10 16:12:52 +02:00
Geoffrey White
49da113b10 Swift: Delete unwanted TODO comment. 2023-05-10 15:06:39 +01:00
Geoffrey White
e120e84933 Swift: Delete TODOs (move to issues). 2023-05-10 14:59:23 +01:00
Geoffrey White
bbe5f5e0f0 Swift: HACK -> TODO. 2023-05-10 14:49:22 +01:00