codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00

Author	SHA1	Message	Date
Geoffrey White	fc646a6d48	Swift: Update .expected following a toString change in main.	2023-01-03 16:25:14 +00:00
Geoffrey White	e05bb7fcee	Merge branch 'main' into format	2023-01-03 15:14:55 +00:00
Tony Torralba	07d99bd643	Add path injection sinks	2022-12-23 17:16:06 +01:00
Tony Torralba	4215a89bc8	Add cleartext storage database sinks	2022-12-23 17:15:59 +01:00
Tony Torralba	ac39aeb6b6	Add SQLi sinks	2022-12-23 17:03:31 +01:00
Mathias Vorreiter Pedersen	b330b628e3	Merge pull request #11595 from d10c/swift/extract-mainactor Swift: MethodRefExpr -> MethodLookupExpr	2022-12-22 10:22:33 +00:00
Arthur Baars	7111d950c1	Swift: add AlertSuppression.ql	2022-12-21 13:15:26 +01:00
Nora Dimitrijević	8b0da01e0d	Swift: allow self./super. sinks in StaticInitializationVector Assumption: the extra path is not an issue in practice as the body of the cryptographic library's init methods are not normally extracted, only the stubs in this test are.	2022-12-19 17:39:44 -05:00
Geoffrey White	1f7d96a74a	Merge branch 'main' into format	2022-12-15 15:17:54 +00:00
Tony Torralba	11c03fb8c9	Add 'good' test cases	2022-12-15 12:35:47 +01:00
Nora Dimitrijević	5faa44389e	Swift: Basic acceptance of UnsafeJsEval test TODO: Fix remaining problem in a separate PR: - path found to one async `@MainActor` evaluateJavaScript call, but not others. Investigate why. - Remove duplicate paths and those with unnecessary [summary] nodes.	2022-12-14 15:02:15 -05:00
Nora Dimitrijević	95d4c304da	Swift: Fix .expected tests Only UnsafeJsEval remains.	2022-12-14 15:02:15 -05:00
Tony Torralba	d72d096c86	Add predicate injection query	2022-12-13 10:27:29 +01:00
Tony Torralba	7dca1b4b06	Merge branch 'main' into atorralba/swift/path-injection	2022-12-05 16:21:22 +01:00
Geoffrey White	85a0a42da9	Swift: try again to satisfy ql-for-ql.	2022-12-02 10:15:11 +00:00
Geoffrey White	f7ebd1312e	Swift: Corrections.	2022-12-01 20:13:56 +00:00
Geoffrey White	32c4728f83	Swift: Add tests.	2022-12-01 16:32:33 +00:00
Karim Ali	f6bc88471a	update the expected output for CWE-079 Now that we have support for taint through fields of String, we can now detect certain flows that we previously marked as [NOT DETECTED]. This commit updates the expected output of CWE-079 (and the in-code annotation of the accompanying test case) to reflect that update.	2022-11-30 16:34:24 +02:00
Tony Torralba	e222807693	Remove dubious sinks	2022-11-30 13:25:17 +01:00
Tony Torralba	bf023b0aed	Use dominance in path injection sanitizer to avoid FNs	2022-11-29 13:33:27 +01:00
Tony Torralba	52ebf66d21	Add basic path sanitizer	2022-11-29 11:55:04 +01:00
Tony Torralba	1576ee9410	Add additional stub to avoid errors when building on Linux	2022-11-29 11:55:03 +01:00
Tony Torralba	8cc66172c3	Add path injection query	2022-11-29 11:55:03 +01:00
Geoffrey White	ffbd201450	Swift: Implement basic model of WKUserScript.	2022-11-28 12:20:29 +00:00
Geoffrey White	116d9667e7	Swift: Remove special case from query.	2022-11-28 12:15:38 +00:00
Tony Torralba	fc7c66dab2	Remove now unnecessary additional taint step in UnsafeJsEval	2022-11-24 12:35:52 +01:00
Nora Dimitrijević	8f065e9483	Merge pull request #11001 from d10c/swift/js-injection	2022-11-24 10:52:05 +01:00
Geoffrey White	2b52a44024	Merge pull request #11210 from geoffw0/alamofire2 Swift: Add Alamofire model to swift/cleartext-transmission	2022-11-23 18:23:44 +00:00
Geoffrey White	ef837f72e4	Swift: Test .expected changes resulting from merge.	2022-11-23 14:57:08 +00:00
Tony Torralba	16a76853f4	Add libxml2 sinks	2022-11-21 16:25:51 +01:00
Nora Dimitrijević	8f5af3fca6	Merge branch 'main' into swift/js-injection	2022-11-18 17:07:20 +01:00
Geoffrey White	127888f3c1	Merge branch 'main' into alamofire2	2022-11-16 13:32:13 +00:00
Nora Dimitrijević	09b669a584	Swift: Add direct call to remote source to a test Strangely, there are two separate paths to each of the JSEvaluateScript sinks: one passing through the JSString constructor, one omitting this step.	2022-11-15 21:57:46 +01:00
Geoffrey White	9887e2b53b	Merge branch 'main' into alamofire2	2022-11-15 12:19:54 +00:00
Tony Torralba	f2888dcb1e	Add sinks and tests for the AEXML library.	2022-11-14 15:46:44 +01:00
Geoffrey White	3e6eedec30	Swift: Fix test output after merge.	2022-11-14 14:42:56 +00:00
Geoffrey White	5460004223	Merge branch 'main' into HEAD	2022-11-14 13:44:39 +00:00
Tony Torralba	52bd140213	Fix test expectations	2022-11-14 12:41:13 +01:00
Tony Torralba	c03eab2410	Add XMLDocument sinks	2022-11-14 12:41:13 +01:00
Tony Torralba	a21db3b3c2	Merge pull request #11086 from atorralba/atorralba/swift/xxe-query Swift: Add new query for XML External Entities (XML) vulnerabilities	2022-11-14 12:34:30 +01:00
Nora Dimitrijević	16ba5b1bb5	Swift: update doctests	2022-11-14 12:30:16 +01:00
Nora Dimitrijević	4b7a89e754	Merge branch 'main' into swift/js-injection	2022-11-11 12:23:26 +01:00
Geoffrey White	d97682991d	Swift: Add Alamofire sink for cpp/cleartext-transmission.	2022-11-10 15:33:00 +00:00
Karim Ali	b209cac2e2	Merge pull request #11063 from karimhamdanali/swift-pbe-constant-password Swift: detect the use of constant passwords for password-based encryption	2022-11-10 16:36:27 +02:00
Karim Ali	e18b2cfa39	Merge pull request #11084 from karimhamdanali/swift-static-iv Swift: detect the use of static initialization vectors	2022-11-10 16:35:21 +02:00
Geoffrey White	23ff3769ac	Swift: Add Alamofire tests for swift/cleartext-transmission.	2022-11-10 14:31:53 +00:00
Nora Dimitrijević	5940f17b83	Swift: Docs + doctests	2022-11-09 13:10:08 +01:00
Nora Dimitrijević	7585541514	Merge branch 'main' into swift/js-injection	2022-11-08 11:25:54 +01:00
Nora Dimitrijević	d37ed02e79	Swift: basic Data-related taint flow in query Still TODO: a more comprehensive taint flow model for Data in the libs.	2022-11-08 11:24:53 +01:00
Nora Dimitrijević	66291d3575	Swift: sync tests pass with additional flow steps TODO: Convert those flow steps to taint flow models in the library.	2022-11-08 11:09:55 +01:00

1 2 3 4 5 ...

279 Commits