hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
54,729 Commits 1,673 Branches 157 Tags
c2ec1b0a810fcc79a3524f5933e67cbede16f4f0
Commit Graph

279 Commits

Author SHA1 Message Date
Alex Denisov
7c15527300 Swift: add a query showing successfully extracted files 2023-03-17 11:27:03 +01:00
Geoffrey White
170fde5bc0 Swift: Add some more test cases. 2023-03-16 12:53:06 +00:00
Geoffrey White
bfbd3d95f9 Swift: Clean up the result message. 2023-03-14 16:03:55 +00:00
Geoffrey White
ffa279e87b Swift: Add additional taint steps into fields. 
ed
 2023-03-09 17:17:42 +00:00
Geoffrey White
da338c26ba Swift: Add a few more test cases for sensitive data. 2023-03-09 11:39:22 +00:00
Geoffrey White
2d889304bb Swift: Some cases in the SqlInjection test are fixed by this. 2023-03-03 16:49:13 +00:00
Geoffrey White
417d175ff2 Merge branch 'main' into nsstring 2023-02-17 11:32:40 +00:00
Geoffrey White
c692a316b0 Swift: Add new results found in UncontrolledFormatString test. 2023-02-17 10:07:32 +00:00
Geoffrey White
cb11524dde Merge pull request #12154 from geoffw0/pathinjectionext 
Swift: More path injection sinks
 2023-02-16 16:00:31 +00:00
Geoffrey White
ad85b37585 Swift: Tidy up indenting. 2023-02-10 18:06:56 +00:00
Geoffrey White
d0efbbf5b8 Swift: More path injection models. 2023-02-10 18:02:50 +00:00
Geoffrey White
82f09b8511 Swift: More path injection test cases. 2023-02-10 17:55:06 +00:00
Geoffrey White
15b8aa1979 Swift: Effect on other tests :) 2023-02-10 14:16:48 +00:00
Geoffrey White
996536b08e Swift: Remove a no-longer-needed special case from swift/unsafe-js-eval. 2023-02-06 17:35:21 +00:00
Geoffrey White
364c173fc3 Swift: Accept additional taint flow in UnsafeJsEval test. 2023-02-03 19:21:10 +00:00
Geoffrey White
794ba428a7 Merge pull request #11942 from geoffw0/rncrypt4 
Swift: add RNCryptor sinks to swift/static-initialization-vector
 2023-01-27 14:33:06 +00:00
Geoffrey White
e92a5eb467 Merge pull request #11911 from geoffw0/rncrypt2 
Swift: Add RNCryptor sinks to swift/hardcoded-key
 2023-01-25 15:11:16 +00:00
Geoffrey White
f6fe627f4b Merge pull request #11914 from geoffw0/rncrypt3 
Swift: Add RNCryptor sinks to swift/constant-salt
 2023-01-25 13:05:33 +00:00
Geoffrey White
f05be77a0b Swift: Recognize more array sources. 2023-01-20 15:25:00 +00:00
Geoffrey White
7648e8f6a3 Swift: Recognize more sources. 2023-01-20 15:08:12 +00:00
Geoffrey White
581c478872 Swift: Model RNCryptor. 2023-01-20 14:50:23 +00:00
Geoffrey White
bb59d055ff Swift: Add tests for RNCryptor library. 2023-01-20 14:50:21 +00:00
Geoffrey White
5d6f2436e4 Merge branch 'main' into coredata 2023-01-18 13:39:02 +00:00
Geoffrey White
71c1ca53a9 Merge branch 'main' into rncrypt 2023-01-18 11:09:09 +00:00
Geoffrey White
a568d0af7f Swift: Remove unused variable. 2023-01-17 18:10:02 +00:00
Geoffrey White
b3d30bfc4f Swift: Add NumberLiteral sources as well. 2023-01-17 18:04:26 +00:00
Geoffrey White
d1cfdb97ee Swift: Model RNCryptor. 2023-01-17 17:55:52 +00:00
Geoffrey White
a92e1c7ea0 Swift: Add tests for RNCryptor library. 2023-01-17 17:31:49 +00:00
Geoffrey White
9911dd53e1 Merge branch 'main' into coredata 2023-01-17 16:22:53 +00:00
Geoffrey White
ea06ad1933 Merge pull request #11529 from geoffw0/format 
Swift: Uncontrolled format string query
 2023-01-17 16:16:10 +00:00
Geoffrey White
3c55cdd5be Swift: Catch the last two test results as well. 2023-01-17 16:04:58 +00:00
Geoffrey White
d42848bb7e Swift: Upgrade the query from dataflow to taint tracking, so as to support more flows. 2023-01-17 16:04:58 +00:00
Geoffrey White
a8ef9cc987 Swift: Add tests for RNCryptor library. 2023-01-17 16:04:57 +00:00
Geoffrey White
037b49b454 Update swift/ql/test/query-tests/Security/CWE-259/rncryptor.swift 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-01-17 14:16:52 +00:00
Geoffrey White
74a37475db Swift: Model RNCryptor. 2023-01-17 11:54:12 +00:00
Geoffrey White
449ebb8a12 Swift: Add tests for RNCryptor library. 2023-01-17 09:03:07 +00:00
Tony Torralba
bd5619147d Merge pull request #11590 from atorralba/atorralba/swift/sensitive-info-logs 
Swift: Add Cleartext Logging query
 2023-01-16 16:22:20 +01:00
Geoffrey White
6a0b56bf40 Swift: Fix for extensions. 2023-01-11 18:32:07 +00:00
Geoffrey White
2622de9747 Swift: Improve Core Data coverage. 2023-01-11 18:26:34 +00:00
Geoffrey White
82f9903bf0 Swift: Additional test cases for swift/cleartext-storage-database on Core Data. 2023-01-11 18:22:32 +00:00
Tony Torralba
c115a9fee4 Add more path injection sinks 2023-01-11 14:28:24 +01:00
Tony Torralba
a4f813183e Merge pull request #11785 from atorralba/atorralba/swift/grdb-sinks 
Swift: Add sinks for the GRDB library
 2023-01-11 11:49:37 +01:00
Tony Torralba
49a41c98ee Test that hashed passwords are 'safe' to log 
This doesn't seem completely right, but the heuristic approach we have regarding sensitive expressions has to draw the line somewhere.
 2023-01-09 18:01:07 +01:00
Tony Torralba
7e0869965c Uncomment tests 2023-01-09 18:01:07 +01:00
Tony Torralba
c1f19dd145 Add stub so that tests work on Linux 2023-01-09 18:01:07 +01:00
Tony Torralba
b203a9eb6e Add a sanitizer for OSLogPrivacy options 
Add test cases to verify how the sanitizer behaves depending on the argument type and the privacy option being used.
 2023-01-09 18:01:07 +01:00
Tony Torralba
aad56097ac Add Cleartext Loggin query for Swift. 
With some caveats: see TODO comments and failing tests.
 2023-01-09 18:01:07 +01:00
Tony Torralba
eb78661c1f Add missing SQL injection tests for the GRDB SQL class 2023-01-09 17:36:54 +01:00
Geoffrey White
9333e80def Swift: Add getVaList stub to the test. 2023-01-09 10:29:37 +00:00
Mathias Vorreiter Pedersen
9be9636816 Merge pull request #11670 from atorralba/atorralba/swift/predicate-injection 
Swift: Add predicate injection query
 2023-01-09 08:54:13 +00:00