hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

221 Commits

Author SHA1 Message Date
Geoffrey White
cb11524dde Merge pull request #12154 from geoffw0/pathinjectionext 
Swift: More path injection sinks
 2023-02-16 16:00:31 +00:00
Geoffrey White
ad85b37585 Swift: Tidy up indenting. 2023-02-10 18:06:56 +00:00
Geoffrey White
d0efbbf5b8 Swift: More path injection models. 2023-02-10 18:02:50 +00:00
Geoffrey White
82f09b8511 Swift: More path injection test cases. 2023-02-10 17:55:06 +00:00
Geoffrey White
15b8aa1979 Swift: Effect on other tests :) 2023-02-10 14:16:48 +00:00
Geoffrey White
996536b08e Swift: Remove a no-longer-needed special case from swift/unsafe-js-eval. 2023-02-06 17:35:21 +00:00
Geoffrey White
364c173fc3 Swift: Accept additional taint flow in UnsafeJsEval test. 2023-02-03 19:21:10 +00:00
Geoffrey White
794ba428a7 Merge pull request #11942 from geoffw0/rncrypt4 
Swift: add RNCryptor sinks to swift/static-initialization-vector
 2023-01-27 14:33:06 +00:00
Geoffrey White
e92a5eb467 Merge pull request #11911 from geoffw0/rncrypt2 
Swift: Add RNCryptor sinks to swift/hardcoded-key
 2023-01-25 15:11:16 +00:00
Geoffrey White
f6fe627f4b Merge pull request #11914 from geoffw0/rncrypt3 
Swift: Add RNCryptor sinks to swift/constant-salt
 2023-01-25 13:05:33 +00:00
Geoffrey White
f05be77a0b Swift: Recognize more array sources. 2023-01-20 15:25:00 +00:00
Geoffrey White
7648e8f6a3 Swift: Recognize more sources. 2023-01-20 15:08:12 +00:00
Geoffrey White
581c478872 Swift: Model RNCryptor. 2023-01-20 14:50:23 +00:00
Geoffrey White
bb59d055ff Swift: Add tests for RNCryptor library. 2023-01-20 14:50:21 +00:00
Geoffrey White
5d6f2436e4 Merge branch 'main' into coredata 2023-01-18 13:39:02 +00:00
Geoffrey White
71c1ca53a9 Merge branch 'main' into rncrypt 2023-01-18 11:09:09 +00:00
Geoffrey White
a568d0af7f Swift: Remove unused variable. 2023-01-17 18:10:02 +00:00
Geoffrey White
b3d30bfc4f Swift: Add NumberLiteral sources as well. 2023-01-17 18:04:26 +00:00
Geoffrey White
d1cfdb97ee Swift: Model RNCryptor. 2023-01-17 17:55:52 +00:00
Geoffrey White
a92e1c7ea0 Swift: Add tests for RNCryptor library. 2023-01-17 17:31:49 +00:00
Geoffrey White
9911dd53e1 Merge branch 'main' into coredata 2023-01-17 16:22:53 +00:00
Geoffrey White
ea06ad1933 Merge pull request #11529 from geoffw0/format 
Swift: Uncontrolled format string query
 2023-01-17 16:16:10 +00:00
Geoffrey White
3c55cdd5be Swift: Catch the last two test results as well. 2023-01-17 16:04:58 +00:00
Geoffrey White
d42848bb7e Swift: Upgrade the query from dataflow to taint tracking, so as to support more flows. 2023-01-17 16:04:58 +00:00
Geoffrey White
a8ef9cc987 Swift: Add tests for RNCryptor library. 2023-01-17 16:04:57 +00:00
Geoffrey White
037b49b454 Update swift/ql/test/query-tests/Security/CWE-259/rncryptor.swift 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-01-17 14:16:52 +00:00
Geoffrey White
74a37475db Swift: Model RNCryptor. 2023-01-17 11:54:12 +00:00
Geoffrey White
449ebb8a12 Swift: Add tests for RNCryptor library. 2023-01-17 09:03:07 +00:00
Tony Torralba
bd5619147d Merge pull request #11590 from atorralba/atorralba/swift/sensitive-info-logs 
Swift: Add Cleartext Logging query
 2023-01-16 16:22:20 +01:00
Geoffrey White
6a0b56bf40 Swift: Fix for extensions. 2023-01-11 18:32:07 +00:00
Geoffrey White
2622de9747 Swift: Improve Core Data coverage. 2023-01-11 18:26:34 +00:00
Geoffrey White
82f9903bf0 Swift: Additional test cases for swift/cleartext-storage-database on Core Data. 2023-01-11 18:22:32 +00:00
Tony Torralba
c115a9fee4 Add more path injection sinks 2023-01-11 14:28:24 +01:00
Tony Torralba
a4f813183e Merge pull request #11785 from atorralba/atorralba/swift/grdb-sinks 
Swift: Add sinks for the GRDB library
 2023-01-11 11:49:37 +01:00
Tony Torralba
49a41c98ee Test that hashed passwords are 'safe' to log 
This doesn't seem completely right, but the heuristic approach we have regarding sensitive expressions has to draw the line somewhere.
 2023-01-09 18:01:07 +01:00
Tony Torralba
7e0869965c Uncomment tests 2023-01-09 18:01:07 +01:00
Tony Torralba
c1f19dd145 Add stub so that tests work on Linux 2023-01-09 18:01:07 +01:00
Tony Torralba
b203a9eb6e Add a sanitizer for OSLogPrivacy options 
Add test cases to verify how the sanitizer behaves depending on the argument type and the privacy option being used.
 2023-01-09 18:01:07 +01:00
Tony Torralba
aad56097ac Add Cleartext Loggin query for Swift. 
With some caveats: see TODO comments and failing tests.
 2023-01-09 18:01:07 +01:00
Tony Torralba
eb78661c1f Add missing SQL injection tests for the GRDB SQL class 2023-01-09 17:36:54 +01:00
Geoffrey White
9333e80def Swift: Add getVaList stub to the test. 2023-01-09 10:29:37 +00:00
Mathias Vorreiter Pedersen
9be9636816 Merge pull request #11670 from atorralba/atorralba/swift/predicate-injection 
Swift: Add predicate injection query
 2023-01-09 08:54:13 +00:00
Geoffrey White
fc646a6d48 Swift: Update .expected following a toString change in main. 2023-01-03 16:25:14 +00:00
Geoffrey White
e05bb7fcee Merge branch 'main' into format 2023-01-03 15:14:55 +00:00
Tony Torralba
07d99bd643 Add path injection sinks 2022-12-23 17:16:06 +01:00
Tony Torralba
4215a89bc8 Add cleartext storage database sinks 2022-12-23 17:15:59 +01:00
Tony Torralba
ac39aeb6b6 Add SQLi sinks 2022-12-23 17:03:31 +01:00
Mathias Vorreiter Pedersen
b330b628e3 Merge pull request #11595 from d10c/swift/extract-mainactor 
Swift: MethodRefExpr -> MethodLookupExpr
 2022-12-22 10:22:33 +00:00
Arthur Baars
7111d950c1 Swift: add AlertSuppression.ql 2022-12-21 13:15:26 +01:00
Nora Dimitrijević
8b0da01e0d Swift: allow self./super. sinks in StaticInitializationVector 
Assumption: the extra path is not an issue in practice as the body of
the cryptographic library's init methods are not normally extracted,
only the stubs in this test are.
 2022-12-19 17:39:44 -05:00