codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00

Author	SHA1	Message	Date
Tony Torralba	85b3092b16	Add security-severity and fix alert message	2022-12-13 12:01:01 +01:00
Tony Torralba	d72d096c86	Add predicate injection query	2022-12-13 10:27:29 +01:00
Geoffrey White	e288b07099	Update swift/ql/src/queries/Summary/SummaryStats.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-12-08 13:02:58 +00:00
Geoffrey White	80cd994e36	Swift: Add taint reach to SummaryStats.ql.	2022-12-07 16:17:24 +00:00
Tony Torralba	7dca1b4b06	Merge branch 'main' into atorralba/swift/path-injection	2022-12-05 16:21:22 +01:00
Tony Torralba	bf8084080b	Apply suggestions from code review Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2022-12-05 15:37:40 +01:00
Tony Torralba	9d2b04928d	Fix qhelp after suggestions	2022-12-05 09:16:27 +01:00
Tony Torralba	6e7c7c245b	Update swift/ql/src/queries/Security/CWE-022/PathInjection.qhelp Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2022-12-05 08:47:18 +01:00
Geoffrey White	cf3345ee8f	Swift: Revert security-severity on CWE-321, for now.	2022-12-02 12:01:43 +00:00
Geoffrey White	85a0a42da9	Swift: try again to satisfy ql-for-ql.	2022-12-02 10:15:11 +00:00
Geoffrey White	f7ebd1312e	Swift: Corrections.	2022-12-01 20:13:56 +00:00
Geoffrey White	157a7829ca	Swift: correct the example.	2022-12-01 18:35:10 +00:00
Geoffrey White	43596869e7	Swift: Move query logic to a .qll.	2022-12-01 18:09:45 +00:00
Geoffrey White	87fa159384	Swift: Add security-severity, and correct one for another query that apparently wasn't right.	2022-12-01 18:09:39 +00:00
Geoffrey White	58e9a0436e	Swift: Add metadata.	2022-12-01 18:09:33 +00:00
Tony Torralba	6bb54f07bf	Apply suggestions from code review Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>	2022-12-01 18:08:47 +01:00
Geoffrey White	2b61f26a64	Swift: Add doc.	2022-12-01 16:32:34 +00:00
Geoffrey White	a2210959b5	Swift: Uncontrolled format string query (initial version).	2022-12-01 16:32:33 +00:00
Tony Torralba	8cc66172c3	Add path injection query	2022-11-29 11:55:03 +01:00
Geoffrey White	96e04e7f63	Swift: Use ConstructorDecl in place of name matching.	2022-11-28 17:39:45 +00:00
Geoffrey White	edb6325117	Swift: Fix comment.	2022-11-28 17:07:34 +00:00
Geoffrey White	aa5c893d5e	Swift: Further simplify.	2022-11-28 17:07:34 +00:00
Geoffrey White	97bd91ed19	Swift: Simplify using ApplyExpr.getArgumentWithLabel.	2022-11-28 16:51:46 +00:00
Mathias Vorreiter Pedersen	3716d67cc9	Merge pull request #11451 from geoffw0/wkuserscript Swift: models for WKUserScript	2022-11-28 14:24:19 +00:00
Geoffrey White	116d9667e7	Swift: Remove special case from query.	2022-11-28 12:15:38 +00:00
Geoffrey White	b3d2e759a6	Swift: Update swift/sql-injection to include local flow sources.	2022-11-28 10:11:44 +00:00
Geoffrey White	a5a459fe0a	Swift: Update swift/unsafe-js-eval to include local flow sources.	2022-11-28 10:11:44 +00:00
Tony Torralba	fc7c66dab2	Remove now unnecessary additional taint step in UnsafeJsEval	2022-11-24 12:35:52 +01:00
Nora Dimitrijević	8f065e9483	Merge pull request #11001 from d10c/swift/js-injection	2022-11-24 10:52:05 +01:00
Geoffrey White	556d68aeed	Update swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2022-11-23 09:17:18 +00:00
Nora Dimitrijević	8f5af3fca6	Merge branch 'main' into swift/js-injection	2022-11-18 17:07:20 +01:00
Nora Dimitrijević	8b332778e3	Swift: update `@security-severity`	2022-11-17 18:08:06 +01:00
Nora Dimitrijević	52e5d541ef	Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2022-11-15 21:15:04 +01:00
Nora Dimitrijević	fccb581765	Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2022-11-15 21:14:56 +01:00
Nora Dimitrijević	cb7d9d5f3f	Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2022-11-15 21:14:50 +01:00
Nora Dimitrijević	8db8f14f99	Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2022-11-15 21:14:37 +01:00
Nora Dimitrijević	b42482c960	Update swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.qhelp Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>	2022-11-15 21:14:18 +01:00
Geoffrey White	5460004223	Merge branch 'main' into HEAD	2022-11-14 13:44:39 +00:00
Tony Torralba	a21db3b3c2	Merge pull request #11086 from atorralba/atorralba/swift/xxe-query Swift: Add new query for XML External Entities (XML) vulnerabilities	2022-11-14 12:34:30 +01:00
Nora Dimitrijević	16ba5b1bb5	Swift: update doctests	2022-11-14 12:30:16 +01:00
Paolo Tranquilli	3de650e19d	Swift: make `toBeTested` and `shouldPrint` propagate to children	2022-11-11 12:49:18 +01:00
Nora Dimitrijević	4b7a89e754	Merge branch 'main' into swift/js-injection	2022-11-11 12:23:26 +01:00
Geoffrey White	d97682991d	Swift: Add Alamofire sink for cpp/cleartext-transmission.	2022-11-10 15:33:00 +00:00
Karim Ali	b209cac2e2	Merge pull request #11063 from karimhamdanali/swift-pbe-constant-password Swift: detect the use of constant passwords for password-based encryption	2022-11-10 16:36:27 +02:00
Karim Ali	e18b2cfa39	Merge pull request #11084 from karimhamdanali/swift-static-iv Swift: detect the use of static initialization vectors	2022-11-10 16:35:21 +02:00
Karim Ali	7d473fb265	address docs review	2022-11-10 15:01:05 +02:00
Karim Ali	d229d6a7cb	address docs review	2022-11-10 14:30:04 +02:00
Nora Dimitrijević	5940f17b83	Swift: Docs + doctests	2022-11-09 13:10:08 +01:00
Alex Denisov	dacbf4e798	Swift: use more common name for the query	2022-11-09 12:29:50 +01:00
Alex Denisov	a1fa424ec1	Swift: add an internal query-suite for listing all the compiler errors	2022-11-09 12:05:41 +01:00

1 2 3 4 5 ...

310 Commits