hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 03:09:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
42,947 Commits 1,759 Branches 167 Tags
e64f96c1ceb3fadf36ca040ae8731b517334341a
Commit Graph

79 Commits

Author SHA1 Message Date
Geoffrey White
aad77c2388 Swift: Use TypeDecl.getABaseTypeDecl(). 2022-09-01 10:42:09 +01:00
Geoffrey White
d3250a7e16 Swift: Fix finding base classes. 2022-09-01 09:01:56 +01:00
Geoffrey White
92a927efa7 Swift: Remove special case (no longer required). 2022-09-01 08:53:51 +01:00
Geoffrey White
129ed426a0 Swift: Use allowImplicitRead as a better solution replacing one of the special flow cases. 2022-08-31 17:58:18 +01:00
Geoffrey White
60fad4d652 Merge remote-tracking branch 'upstream/main' into swiftcleanup 2022-08-31 16:04:39 +01:00
Paolo Tranquilli
bb845c6d7f Swift: rename printast.ql->printAst.ql 2022-08-31 08:55:40 +02:00
Paolo Tranquilli
cd632dcfee Swift: minor tweaks 
Replace string singleton with a newtype-based one, and fix some doc
comment cosmetics.
 2022-08-31 06:39:35 +02:00
Geoffrey White
430a8e141d Swift: Fix issues. 2022-08-30 18:04:12 +01:00
Paolo Tranquilli
47b905bfaf Swift: add PrintAst 2022-08-30 18:04:55 +02:00
Geoffrey White
4984d8f6f2 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-08-30 12:26:06 +01:00
Geoffrey White
645364e8b8 Update swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-08-30 12:24:49 +01:00
Geoffrey White
2d57786dae Merge branch 'main' into cleartext 2022-08-25 23:10:36 +01:00
Geoffrey White
7fd64f1d9c Swift: Make QL-for-QL happy. 2022-08-25 23:06:03 +01:00
Geoffrey White
926da4bedc Swift: Query descriptions and metadata. 2022-08-25 22:52:19 +01:00
Geoffrey White
9a53a40ac6 Swift: Qhelp and examples for both queries. 2022-08-25 22:52:18 +01:00
Geoffrey White
2690732c75 Swift: Special cases to get taint flow working. 2022-08-25 22:15:19 +01:00
Geoffrey White
698a9e2e2e Swift: Realm database support. 2022-08-25 22:15:18 +01:00
Geoffrey White
3126fb930d Swift: Core Data support. 2022-08-25 22:15:18 +01:00
Geoffrey White
456ab980a5 Swift: Fix duplicate results. 2022-08-25 22:15:17 +01:00
Geoffrey White
0cd2efc1b1 Swift: CleartextTransmission query. 2022-08-25 22:15:16 +01:00
Paolo Tranquilli
9b50336e47 Swift: synthesize MethodRefExpr 
This introduces a `MethodRefExpr` node synthesized out of
`DotSyntaxCallExpr` under the `LookupExpr` hierarchy. This means that
much like
```free_function(1, 2)```
is a `CallExpr` with `getFunction` giving a `DeclRefExpr`,
```foo.method(1, 2)```
is now a `CallExpr` with `getFunction` giving a `MethodRefExpr`.

`ApplyExpr::getStaticTarget` has been made work with it (as well as
`ConstructorRefCallExpr` which for the moment has been left where it
is), a new `MethodApplyExpr` has been introduced deriving from it,
and control and data flow libraries have adapted.

A small but was fixed in `qlgen` where the default constructor for DB
types was not correctly subtracting derived IPA types depending on the
order of definitions in `schema.yml`.

There are still some occurrences of `DotSyntaxCallExpr`, and as already
mentioned the other `SelfApply` class (`ConstructorRefCallExpr`) was
left alone. Their treatment is left for a future PR.
 2022-08-19 14:48:36 +02:00
Geoffrey White
c1be060ef8 Swift: Create query + test stubs. 2022-08-11 16:10:18 +01:00
Geoffrey White
36f410b9f7 Swift: Move taint logic from isAdditionalTaintStep to defaultAdditionalTaintStep. 2022-08-09 17:42:28 +01:00
Mathias Vorreiter Pedersen
24c9ab8015 Swift: Fix MaD for methods 2022-08-05 10:52:28 +01:00
Mathias Vorreiter Pedersen
1c8090fa04 Merge pull request #9964 from geoffw0/cwe95 
Swift: Query for CWE-79 / CWE-95
 2022-08-05 10:38:33 +01:00
Geoffrey White
997068a9cb Swift: Fix a suggestion merge conflict. 2022-08-03 18:16:31 +01:00
Geoffrey White
873c62ef78 Swift: Apply another code review suggestion. 2022-08-03 18:16:01 +01:00
Geoffrey White
e4dab17318 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-08-03 18:14:14 +01:00
Geoffrey White
9d49986345 Swift: Make QL-for-QL happy. 2022-08-03 17:18:57 +01:00
Geoffrey White
39f1352847 Swift: Complete the rename. 2022-08-03 14:45:20 +01:00
Geoffrey White
81bd61288c Swift: I think CWE-079 is the more accurate CWE for this query. 2022-08-03 14:45:19 +01:00
Geoffrey White
c635895644 Swift: Documentation. 2022-08-03 14:45:18 +01:00
Geoffrey White
8d9653a999 Swift: Generated security-severity tag. 2022-08-03 09:54:54 +01:00
Geoffrey White
651b73e21e Swift: Check for tainted baseURL. 2022-08-03 09:42:48 +01:00
Geoffrey White
53ea65b045 Swift: Implement query. 2022-08-03 09:41:28 +01:00
Geoffrey White
bada5bf7c1 Swift: Placeholder query + docs for CWE-95. 2022-08-02 10:47:06 +01:00
Geoffrey White
6cd6f74be9 Swift: Repair predicate lost in merge. 2022-07-28 10:13:04 +01:00
Geoffrey White
72fd7179f6 Merge branch 'main' into stringlengthconflation6 2022-07-28 10:01:28 +01:00
Geoffrey White
e5342867c6 Swift: Add a note to the qhelp. 2022-07-28 09:52:33 +01:00
Geoffrey White
fe69bbf17c Swift: It turns out NSString.length always exactly matches String.utf16.count. 2022-07-27 17:54:57 +01:00
Geoffrey White
70ca37a3d0 Swift: Model utf8, utf16 a\nd unicodeScalars sources. 2022-07-27 17:39:04 +01:00
Geoffrey White
89d5bbb8e0 Swift: Generalize the flow states in this query. 2022-07-27 17:39:01 +01:00
Geoffrey White
541df9b550 Swift: Remove TODO comment. We have a test for this problem now. 2022-07-18 14:26:12 +01:00
Geoffrey White
336548f746 Swift: Improve comments. 2022-07-18 14:24:16 +01:00
Geoffrey White
9474e63faf Swift: Clean up isSink (4 - move common code out). 2022-07-18 14:24:15 +01:00
Geoffrey White
b136790efd Swift: Clean up isSink (3 - rename f -> funcDecl and move that out as well; in the other two cases this variable didn't exist, now it does). 2022-07-18 14:24:14 +01:00
Geoffrey White
0bd94a6307 Swift: Clean up isSink (2 - rename methodName -> funcName and move that out as well). 2022-07-18 14:24:13 +01:00
Geoffrey White
4854679a40 Swift: Clean up isSink (1 - move common variables to an outer exists). 2022-07-18 14:24:13 +01:00
Geoffrey White
e38254c05e Swift: Fix typo. 2022-07-01 17:00:36 +01:00
Geoffrey White
34ffd1aac5 Swift: Support String.Index and flow through * /. 2022-07-01 14:59:50 +01:00