hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

310 Commits

Author SHA1 Message Date
Tony Torralba
eef4fc3a0a Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-11-08 15:44:26 +01:00
Geoffrey White
25b4296045 Swift: Rename predicate to avoid confusion. 2022-11-08 13:52:33 +00:00
Geoffrey White
e669754d0b Swift: Also add local flow sources to summary queries. 2022-11-08 13:05:41 +00:00
Nora Dimitrijević
7585541514 Merge branch 'main' into swift/js-injection 2022-11-08 11:25:54 +01:00
Nora Dimitrijević
d37ed02e79 Swift: basic Data-related taint flow in query 
Still TODO: a more comprehensive taint flow model for Data in the libs.
 2022-11-08 11:24:53 +01:00
Nora Dimitrijević
66291d3575 Swift: sync tests pass with additional flow steps 
TODO: Convert those flow steps to taint flow models in the library.
 2022-11-08 11:09:55 +01:00
Karim Ali
c794fef9cb update qhelp with more details about the use of constant passwords 2022-11-08 11:26:52 +02:00
Karim Ali
b1679df3d2 tighten check against the "iv" argument only 2022-11-08 11:22:18 +02:00
Karim Ali
b077fc5e91 add more details in qhelp about the use of hardcoded/constant IVs 2022-11-08 11:19:41 +02:00
Karim Ali
5766ff21d0 Merge pull request #10993 from karimhamdanali/swift-pbe-constant-salts 
Swift: detect the use of constant salts
 2022-11-07 16:22:41 +02:00
Karim Ali
53055bc8b6 add another reference to RFC 2898 2022-11-07 13:44:25 +02:00
Karim Ali
1756feae71 address docs review 2022-11-07 13:20:02 +02:00
Geoffrey White
7b62bed9db Merge pull request #10947 from karimhamdanali/swift-pbe-iterations 
Swift: detect hash functions with low # of iterations
 2022-11-07 10:38:29 +00:00
Mathias Vorreiter Pedersen
60ac031db4 Merge pull request #11036 from geoffw0/simplify3 2022-11-05 00:31:05 +00:00
Nora Dimitrijević
fdd7d76ffd Swift: use FreeFunctionDecl/.has(Qualified)Name 
Instead of hand-rolled predicates.
 2022-11-03 16:14:43 +01:00
Tony Torralba
f4047e016c Address QL-for-QL alert 
Use an alert message consistent with the other languages
 2022-11-03 12:01:42 +01:00
Tony Torralba
dc6f60a501 Add new XXE query 
Only XMLParser sinks for the time being
 2022-11-03 12:01:42 +01:00
Nora Dimitrijević
7b599f5fef Swift: Add async varant of WKWebView evaluateJavaScript(_:) 
See concurrency note here: https://developer.apple.com/documentation/webkit/wkwebview/1415017-evaluatejavascript

See also https://developer.apple.com/documentation/swift/calling-objective-c-apis-asynchronously
 2022-11-03 11:16:48 +01:00
Nora Dimitrijević
5c905c42b2 Swift: Initial UnsafeJsEval query 2022-11-03 11:16:48 +01:00
Karim Ali
f6484e6e6b cleanup old code comments 2022-11-02 16:21:51 +02:00
Karim Ali
eefda61445 add a query that checks for the use of static IVs 2022-11-02 16:09:00 +02:00
Geoffrey White
85e99feb49 Swift: Have swift/unsafe-webview-fetch use indices instead of parameter names. 2022-11-01 22:58:48 +00:00
Geoffrey White
d87117f623 Swift: Have swift/string-length-conflation use indices instead of parameter names. 2022-11-01 22:51:10 +00:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Karim Ali
8be4d47178 fix typos 2022-11-01 16:03:36 +02:00
Geoffrey White
84c754e007 Merge pull request #11062 from geoffw0/rename 
Swift: Rename ECB-Encryption directory
 2022-11-01 12:59:53 +00:00
Karim Ali
fe408cfb41 add a query that detects the use of constant passwords 2022-11-01 14:03:27 +02:00
Geoffrey White
7d80c5c7f7 Swift: Rename query directory. 2022-11-01 09:21:10 +00:00
Karim Ali
3911f3b202 update query description following docs review 2022-10-31 13:54:35 +02:00
Karim Ali
76a330d4b9 update code example to be OWASP compliant 2022-10-31 13:52:49 +02:00
Karim Ali
723ca8ed88 update documentation following docs review 2022-10-31 13:50:30 +02:00
Geoffrey White
ca586b4f3d Merge remote-tracking branch 'upstream/main' into global 2022-10-31 10:28:29 +00:00
Geoffrey White
0dd8f574a7 Swift: Redesign as a FreeFunctionDecl class + add some qldoc. 2022-10-31 10:24:12 +00:00
Geoffrey White
840b74dbb5 Swift: Add and use ApplyExpr.getArgumentByParamName. 2022-10-28 17:55:11 +01:00
Geoffrey White
f122005aaf Swift: Simplify out some variables. 2022-10-28 17:26:17 +01:00
Geoffrey White
b4d939a620 Swift: Correct a comment. 2022-10-28 17:11:24 +01:00
Geoffrey White
648c2d09f9 Swift: Simplify InsecureTLS.ql. 2022-10-28 15:56:03 +01:00
Geoffrey White
cf9c3afc86 Swift: Add and use AbstractFunctionDecl.hasGlobalName predicate. 2022-10-28 13:57:24 +01:00
Geoffrey White
368f37a27e Swift: And another. 2022-10-28 11:46:27 +01:00
Geoffrey White
1f3ed1cec7 Merge remote-tracking branch 'upstream/main' into simplify 2022-10-28 11:42:05 +01:00
Geoffrey White
6fca350714 Use MethodDecl.hasQualifiedName. 2022-10-28 11:41:42 +01:00
Geoffrey White
ca279f4073 Merge pull request #10996 from geoffw0/methods 
Swift: Add MethodDecl.hasQualifiedName
 2022-10-27 19:18:48 +01:00
Geoffrey White
a32b08f56a Swift: remove redundant line. 2022-10-26 16:39:33 +01:00
Geoffrey White
5d21c51deb Swift: use hasQualifiedName in UnsafeWebViewFetch.ql. 2022-10-26 16:12:29 +01:00
Karim Ali
420c35d4a2 add a query that detects the use of constant salts 2022-10-26 15:32:59 +02:00
Geoffrey White
3d025ea77e Merge pull request #10903 from geoffw0/review 
Swift: Add some summary queries.
 2022-10-25 14:47:09 +01:00
Geoffrey White
b59f01f968 Swift: Use UnknownFile. 2022-10-25 13:44:13 +01:00
Karim Ali
18dd0f650c update iterations threshold to most recent OWASP recommendation 
which is at least 120,000 iterations for secure password hashing
 2022-10-25 14:01:40 +02:00
Karim Ali
e8f55b9f0d update output message 2022-10-25 13:24:37 +02:00
Karim Ali
c0ac29db16 clarify qhelp + add references to it 2022-10-25 13:24:37 +02:00