hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

221 Commits

Author SHA1 Message Date
Geoffrey White
213cd94047 Swift: Update the test. 2022-09-16 13:24:37 +01:00
Geoffrey White
dc47771937 Swift: Fix locationless results. 2022-09-14 20:43:24 +01:00
Geoffrey White
25840996f6 Swift: Use a slightly different approach to fix false positive. 2022-09-14 20:43:23 +01:00
Geoffrey White
7b96cb071a Swift: Remove the original sink cases as they are no longer required. 2022-09-14 20:43:22 +01:00
Geoffrey White
e0100d7b98 Swift: Expand sinks and fix issue with post-update notes to catch the missing test results. 2022-09-14 20:43:22 +01:00
Geoffrey White
eb2a0af4cc Swift: Additional test case. 2022-09-14 20:43:21 +01:00
Mathias Vorreiter Pedersen
6074f22d3f Merge pull request #10335 from github/redsun82/swift-weak-hashing-phase-1 
Swift: first version of query targeting weak hashing
 2022-09-14 08:29:47 +01:00
AlexDenisov
be21b26d46 Merge pull request #10045 from github/alexdenisov/swift-cwe-757 
Swift: CWE-757: insecure TLS configuration
 2022-09-12 15:25:15 +02:00
Paolo Tranquilli
776df33f55 Swift: fix typos and comments in testCrypto.swift 2022-09-12 08:47:43 +02:00
Paolo Tranquilli
a8a34addde Merge branch 'main' into redsun82/swift-weak-hashing-phase-1 2022-09-09 11:07:41 +02:00
Paolo Tranquilli
6223103bbd Swift: add more testing to WeakSensitiveDataHashing 2022-09-09 11:02:08 +02:00
Paolo Tranquilli
c739bbb051 Swift: bake in isProbablySafe in SensitiveExpr 
Also restructured the code a bit in the weak hashing query.
 2022-09-09 11:00:02 +02:00
Alex Denisov
d455a557be Swift: CWE-757: update docs and user facing text 2022-09-08 10:31:23 +02:00
Alex Denisov
d18ad665b6 Swift: CWE-757: Insecure TLS configuration 2022-09-08 09:34:04 +02:00
Mathias Vorreiter Pedersen
417b2152d8 Merge pull request #10319 from geoffw0/cleartextbarrier 2022-09-08 00:30:57 +01:00
Paolo Tranquilli
19b13ee4e3 Swift: first draft of query targeting weak hashing 2022-09-07 15:58:35 +02:00
Geoffrey White
0741266cea Swift: Switch from isSanitizerIn to isSanitizer. 2022-09-06 13:37:49 +01:00
Geoffrey White
8281d92e71 Swift: Add barriers for encryption. 2022-09-06 13:37:49 +01:00
Geoffrey White
9683a95162 Swift: Add a few more test cases. 2022-09-06 13:37:48 +01:00
Geoffrey White
a14efcfb69 Merge branch 'main' into stringlengthcleanup 2022-09-02 19:26:28 +01:00
Geoffrey White
c3a8da4570 Swift: Use getABaseTypeDecl() to improve StringLengthConflation.ql. 2022-09-02 19:21:50 +01:00
Geoffrey White
129ed426a0 Swift: Use allowImplicitRead as a better solution replacing one of the special flow cases. 2022-08-31 17:58:18 +01:00
Geoffrey White
c0bc0d78cc Swift: Accept test changes after merging main (again). 2022-08-31 17:58:10 +01:00
Geoffrey White
60fad4d652 Merge remote-tracking branch 'upstream/main' into swiftcleanup 2022-08-31 16:04:39 +01:00
Mathias Vorreiter Pedersen
a4209df239 Merge branch 'main' into swift-field-flow-2 2022-08-30 18:52:23 +01:00
Geoffrey White
3e4a6be53f Swift: Add missing test annotations. 2022-08-30 18:12:26 +01:00
Geoffrey White
430a8e141d Swift: Fix issues. 2022-08-30 18:04:12 +01:00
Paolo Tranquilli
38d65d3fae Swift: make ConstructorDecl's name include params 
In order to distinguish overloads of the constructor and for consistency
with other function calls, `ConstructorDecl` string representation uses
the name which includes parentheses and parameter labels.

For consistency also the destructor got the same change, which means
all `DestructorDecl`s will now show as `deinit()` rather than `deinit`.
 2022-08-30 11:11:50 +02:00
Geoffrey White
2d57786dae Merge branch 'main' into cleartext 2022-08-25 23:10:36 +01:00
Geoffrey White
2690732c75 Swift: Special cases to get taint flow working. 2022-08-25 22:15:19 +01:00
Geoffrey White
3126fb930d Swift: Core Data support. 2022-08-25 22:15:18 +01:00
Geoffrey White
456ab980a5 Swift: Fix duplicate results. 2022-08-25 22:15:17 +01:00
Geoffrey White
0cd2efc1b1 Swift: CleartextTransmission query. 2022-08-25 22:15:16 +01:00
Geoffrey White
dacb7f5f25 Swift: Add a SensitiveExprs lib (and test it). 2022-08-25 22:15:15 +01:00
Geoffrey White
2aa6dd20ff Swift: Make tests more accurate and don't use 'pwd' as a variable name (it has alternative meanings so is not a good test). 2022-08-25 22:15:14 +01:00
Geoffrey White
1c5283628b Swift: Additional test cases. 2022-08-25 22:15:13 +01:00
Mathias Vorreiter Pedersen
80bf22cf6f Swift: Accept test changes in query tests. 2022-08-24 14:52:36 +01:00
Mathias Vorreiter Pedersen
06a39d2b93 Swift: Accept test change. 2022-08-24 13:29:17 +01:00
Paolo Tranquilli
9b50336e47 Swift: synthesize MethodRefExpr 
This introduces a `MethodRefExpr` node synthesized out of
`DotSyntaxCallExpr` under the `LookupExpr` hierarchy. This means that
much like
```free_function(1, 2)```
is a `CallExpr` with `getFunction` giving a `DeclRefExpr`,
```foo.method(1, 2)```
is now a `CallExpr` with `getFunction` giving a `MethodRefExpr`.

`ApplyExpr::getStaticTarget` has been made work with it (as well as
`ConstructorRefCallExpr` which for the moment has been left where it
is), a new `MethodApplyExpr` has been introduced deriving from it,
and control and data flow libraries have adapted.

A small but was fixed in `qlgen` where the default constructor for DB
types was not correctly subtracting derived IPA types depending on the
order of definitions in `schema.yml`.

There are still some occurrences of `DotSyntaxCallExpr`, and as already
mentioned the other `SelfApply` class (`ConstructorRefCallExpr`) was
left alone. Their treatment is left for a future PR.
 2022-08-19 14:48:36 +02:00
Geoffrey White
dd51b7f356 Swift: Add many tests. 2022-08-16 10:04:00 +01:00
Geoffrey White
c1be060ef8 Swift: Create query + test stubs. 2022-08-11 16:10:18 +01:00
Mathias Vorreiter Pedersen
5ee11c3d7b Swift: Accept test changes. 2022-08-09 15:12:42 +01:00
Mathias Vorreiter Pedersen
946b8c68a6 Swift: Accept test changes. 2022-08-05 11:19:00 +01:00
Mathias Vorreiter Pedersen
1c8090fa04 Merge pull request #9964 from geoffw0/cwe95 
Swift: Query for CWE-79 / CWE-95
 2022-08-05 10:38:33 +01:00
Geoffrey White
1ce06accbd Swift: Fix capitalization issue? 2022-08-05 10:20:51 +01:00
Geoffrey White
39f1352847 Swift: Complete the rename. 2022-08-03 14:45:20 +01:00
Geoffrey White
81bd61288c Swift: I think CWE-079 is the more accurate CWE for this query. 2022-08-03 14:45:19 +01:00
Geoffrey White
c635895644 Swift: Documentation. 2022-08-03 14:45:18 +01:00
Geoffrey White
651b73e21e Swift: Check for tainted baseURL. 2022-08-03 09:42:48 +01:00
Geoffrey White
53ea65b045 Swift: Implement query. 2022-08-03 09:41:28 +01:00