hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,672 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

653 Commits

Author SHA1 Message Date
Tony Torralba
e9a46c926d Add taint for URLRequest fields 2023-01-31 11:15:45 +01:00
Nora Dimitrijević
9346f4d760 Swift: fix failing tests 2023-01-30 11:39:06 +01:00
Nora Dimitrijević
1396d07662 Swift: subsume IterableDeclContext into Decl [tests] 2023-01-28 00:44:49 +01:00
Nora Dimitrijević
9a5614e8c5 Swift: subsume IterableDeclContext into Decl [codegen'd] 2023-01-28 00:44:49 +01:00
Geoffrey White
794ba428a7 Merge pull request #11942 from geoffw0/rncrypt4 
Swift: add RNCryptor sinks to swift/static-initialization-vector
 2023-01-27 14:33:06 +00:00
Geoffrey White
e92a5eb467 Merge pull request #11911 from geoffw0/rncrypt2 
Swift: Add RNCryptor sinks to swift/hardcoded-key
 2023-01-25 15:11:16 +00:00
Geoffrey White
f6fe627f4b Merge pull request #11914 from geoffw0/rncrypt3 
Swift: Add RNCryptor sinks to swift/constant-salt
 2023-01-25 13:05:33 +00:00
Geoffrey White
f05be77a0b Swift: Recognize more array sources. 2023-01-20 15:25:00 +00:00
Geoffrey White
7648e8f6a3 Swift: Recognize more sources. 2023-01-20 15:08:12 +00:00
Geoffrey White
581c478872 Swift: Model RNCryptor. 2023-01-20 14:50:23 +00:00
Geoffrey White
bb59d055ff Swift: Add tests for RNCryptor library. 2023-01-20 14:50:21 +00:00
Geoffrey White
976b0401be Merge pull request #11876 from geoffw0/coredata 
Swift: Improve Core Data sinks for swift/cleartext-storage-database
 2023-01-20 11:02:03 +00:00
Mathias Vorreiter Pedersen
14468b64fb Merge pull request #11924 from atorralba/atorralba/optbinding-getters 
Swift: Support more CFG node types in optional binding flow
 2023-01-18 16:37:11 +00:00
Geoffrey White
5d6f2436e4 Merge branch 'main' into coredata 2023-01-18 13:39:02 +00:00
Tony Torralba
90517e254a Accept test expectation changes 2023-01-18 13:25:04 +01:00
Mathias Vorreiter Pedersen
48439bc252 Merge pull request #11905 from geoffw0/rncrypt 
Swift: Add RNCryptor sinks to swift/constant-password
 2023-01-18 11:43:23 +00:00
Tony Torralba
4a89a30abd Add failing test 2023-01-18 12:41:59 +01:00
Mathias Vorreiter Pedersen
c8bcfb77b2 Merge pull request #11836 from geoffw0/optbinding 
Swift: Data flow through optional binding
 2023-01-18 11:25:27 +00:00
Geoffrey White
71c1ca53a9 Merge branch 'main' into rncrypt 2023-01-18 11:09:09 +00:00
Geoffrey White
a568d0af7f Swift: Remove unused variable. 2023-01-17 18:10:02 +00:00
Geoffrey White
b3d30bfc4f Swift: Add NumberLiteral sources as well. 2023-01-17 18:04:26 +00:00
Geoffrey White
d1cfdb97ee Swift: Model RNCryptor. 2023-01-17 17:55:52 +00:00
Geoffrey White
a92e1c7ea0 Swift: Add tests for RNCryptor library. 2023-01-17 17:31:49 +00:00
Geoffrey White
9911dd53e1 Merge branch 'main' into coredata 2023-01-17 16:22:53 +00:00
Geoffrey White
ea06ad1933 Merge pull request #11529 from geoffw0/format 
Swift: Uncontrolled format string query
 2023-01-17 16:16:10 +00:00
Geoffrey White
3c55cdd5be Swift: Catch the last two test results as well. 2023-01-17 16:04:58 +00:00
Geoffrey White
d42848bb7e Swift: Upgrade the query from dataflow to taint tracking, so as to support more flows. 2023-01-17 16:04:58 +00:00
Geoffrey White
a8ef9cc987 Swift: Add tests for RNCryptor library. 2023-01-17 16:04:57 +00:00
Geoffrey White
037b49b454 Update swift/ql/test/query-tests/Security/CWE-259/rncryptor.swift 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-01-17 14:16:52 +00:00
Paolo Tranquilli
0d32f00020 Swift: update ExtensionDecl test results 2023-01-17 12:58:02 +01:00
Paolo Tranquilli
f6e26211f9 Swift: add protocols to ExtensionDecl schema 2023-01-17 12:54:50 +01:00
Geoffrey White
74a37475db Swift: Model RNCryptor. 2023-01-17 11:54:12 +00:00
Paolo Tranquilli
8906e101cb Swift: add ExtensionDecl QL test 2023-01-17 12:49:53 +01:00
Geoffrey White
449ebb8a12 Swift: Add tests for RNCryptor library. 2023-01-17 09:03:07 +00:00
Tony Torralba
bd5619147d Merge pull request #11590 from atorralba/atorralba/swift/sensitive-info-logs 
Swift: Add Cleartext Logging query
 2023-01-16 16:22:20 +01:00
Mathias Vorreiter Pedersen
2dbacbc302 Merge pull request #11841 from MathiasVP/swift-add-integral-types 
Swift: Add integral type classes
 2023-01-13 17:30:57 +00:00
Geoffrey White
c9a0067705 Swift: Remove flow in cases with multiple variables. 2023-01-13 16:37:23 +00:00
Geoffrey White
7f31c9c7e5 Swift: Add a test. 2023-01-12 15:19:57 +00:00
Geoffrey White
4e5483744f Swift: Add a test case we're discussing. 2023-01-12 10:52:03 +00:00
Geoffrey White
6a0b56bf40 Swift: Fix for extensions. 2023-01-11 18:32:07 +00:00
Geoffrey White
2622de9747 Swift: Improve Core Data coverage. 2023-01-11 18:26:34 +00:00
Geoffrey White
82f9903bf0 Swift: Additional test cases for swift/cleartext-storage-database on Core Data. 2023-01-11 18:22:32 +00:00
Tony Torralba
c115a9fee4 Add more path injection sinks 2023-01-11 14:28:24 +01:00
Tony Torralba
a4f813183e Merge pull request #11785 from atorralba/atorralba/swift/grdb-sinks 
Swift: Add sinks for the GRDB library
 2023-01-11 11:49:37 +01:00
Tony Torralba
49a41c98ee Test that hashed passwords are 'safe' to log 
This doesn't seem completely right, but the heuristic approach we have regarding sensitive expressions has to draw the line somewhere.
 2023-01-09 18:01:07 +01:00
Tony Torralba
7e0869965c Uncomment tests 2023-01-09 18:01:07 +01:00
Tony Torralba
c1f19dd145 Add stub so that tests work on Linux 2023-01-09 18:01:07 +01:00
Tony Torralba
b203a9eb6e Add a sanitizer for OSLogPrivacy options 
Add test cases to verify how the sanitizer behaves depending on the argument type and the privacy option being used.
 2023-01-09 18:01:07 +01:00
Tony Torralba
aad56097ac Add Cleartext Loggin query for Swift. 
With some caveats: see TODO comments and failing tests.
 2023-01-09 18:01:07 +01:00
Tony Torralba
eb78661c1f Add missing SQL injection tests for the GRDB SQL class 2023-01-09 17:36:54 +01:00