hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,688 Branches 158 Tags
codeql-cli/v2.10.3
Commit Graph

349 Commits

Author SHA1 Message Date
erik-krogh
c778b38a77 delete the dead TypeRepr files 2022-08-11 10:56:58 +02:00
Geoffrey White
6ffe5fcaed Swift: Comment some other cases. 2022-08-10 15:46:32 +01:00
Geoffrey White
537caf85f2 Swift: Fix cartesian product. 2022-08-10 15:46:30 +01:00
Geoffrey White
e09e64ee85 Swift: Restrict taint flow through + to strings. 2022-08-10 15:46:28 +01:00
Geoffrey White
f3499e98a4 Swift: Move try, ! to dataflow. 2022-08-10 15:13:04 +01:00
Geoffrey White
6f696ccc3c Swift: Effect of merging with main to get the AnyTryExpr fix. 2022-08-09 19:02:59 +01:00
Geoffrey White
efcc696e6e Merge branch 'main' into defaulttaint 2022-08-09 18:59:36 +01:00
Geoffrey White
36f410b9f7 Swift: Move taint logic from isAdditionalTaintStep to defaultAdditionalTaintStep. 2022-08-09 17:42:28 +01:00
Geoffrey White
242dc80907 Swift: Add taint test of try. 2022-08-09 17:42:25 +01:00
Geoffrey White
3bda9af97a Swift: Add taint test of Data. 2022-08-09 17:42:24 +01:00
Geoffrey White
42c3e29a29 Swift: Add taint test of URL. 2022-08-09 17:42:23 +01:00
Geoffrey White
068ec8ea20 Swift: More tests of taint flow through Strings. 2022-08-09 16:43:07 +01:00
Geoffrey White
0141609703 Swift: Rename test. 2022-08-09 16:41:26 +01:00
Mathias Vorreiter Pedersen
5ee11c3d7b Swift: Accept test changes. 2022-08-09 15:12:42 +01:00
Mathias Vorreiter Pedersen
06fecf3869 Swift: Include 'any!' in the the CFG tree for 'any' expressions. 2022-08-09 15:12:31 +01:00
Anders Schack-Mulligen
aa3655678e Merge pull request #9823 from aschackmull/dataflow/stage-module 
Dataflow: Replace stage duplication with parameterised modules.
 2022-08-08 10:56:32 +02:00
Mathias Vorreiter Pedersen
f2767eb03a Merge pull request #9972 from MathiasVP/swift-taint-through-interpolated-strings 
Swift: Taint through interpolated strings
 2022-08-05 15:55:35 +01:00
Robert Marsh
10710e27df Merge pull request #9978 from MathiasVP/swift-fix-mad 
Swift: Fix flow summaries for methods
 2022-08-05 09:53:16 -04:00
Mathias Vorreiter Pedersen
6cfeb24d94 Swift: More comments. 2022-08-05 13:30:45 +01:00
Mathias Vorreiter Pedersen
46ec7a9b82 Swift: Add the InlineExpectationsTest framework. 2022-08-05 11:49:15 +01:00
Mathias Vorreiter Pedersen
69564d2192 Swift: Add a couple of standard Comment subclasses. 2022-08-05 11:48:29 +01:00
Mathias Vorreiter Pedersen
946b8c68a6 Swift: Accept test changes. 2022-08-05 11:19:00 +01:00
Mathias Vorreiter Pedersen
a302570349 Merge branch 'main' into swift-taint-through-interpolated-strings 2022-08-05 11:17:54 +01:00
Mathias Vorreiter Pedersen
24c9ab8015 Swift: Fix MaD for methods 2022-08-05 10:52:28 +01:00
Alex Denisov
5e69adb0a9 Swift: extract comments 2022-08-05 11:50:48 +02:00
Mathias Vorreiter Pedersen
1c8090fa04 Merge pull request #9964 from geoffw0/cwe95 
Swift: Query for CWE-79 / CWE-95
 2022-08-05 10:38:33 +01:00
Geoffrey White
1ce06accbd Swift: Fix capitalization issue? 2022-08-05 10:20:51 +01:00
Mathias Vorreiter Pedersen
ac26371de0 Merge pull request #9909 from geoffw0/stringlengthconflation6 
Swift: Understand String.utf8.count etc in the string length conflation CVE query
 2022-08-05 10:13:25 +01:00
Anders Schack-Mulligen
3d47875b60 Dataflow: Generate shorter RA/DIL names. 2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen
d3dcc3ce3a Dataflow: Sync. 2022-08-05 11:00:56 +02:00
Mathias Vorreiter Pedersen
2f13c65ad7 Update swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-08-04 22:45:45 +01:00
Mathias Vorreiter Pedersen
05e6dd85d4 Swift: Add taint tests for flow through interpolated strings. 2022-08-04 21:57:05 +01:00
Mathias Vorreiter Pedersen
9c48ce1bf2 Swift: Flow (1) through the internal function calls generated by the compiler during string interpolation, and (2) out of the internal 'TapExpr' and into the interpolated string result. 2022-08-04 21:57:05 +01:00
Mathias Vorreiter Pedersen
52b78b6e68 Swift: Don't assume we know the call target statically in 'TInOutUpdateNode'. 2022-08-04 21:57:04 +01:00
Mathias Vorreiter Pedersen
ff6b8c5c9c Swift: Replace 'CallExpr' with 'ApplyExpr'. This is needed because not all the calls inside the interpolated string computations are 'CallExpr's. 2022-08-04 21:57:04 +01:00
Mathias Vorreiter Pedersen
3028b80e46 Swift: Control-flow through interpolated strings. 2022-08-04 21:57:04 +01:00
Geoffrey White
997068a9cb Swift: Fix a suggestion merge conflict. 2022-08-03 18:16:31 +01:00
Geoffrey White
873c62ef78 Swift: Apply another code review suggestion. 2022-08-03 18:16:01 +01:00
Geoffrey White
e4dab17318 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-08-03 18:14:14 +01:00
Geoffrey White
9d49986345 Swift: Make QL-for-QL happy. 2022-08-03 17:18:57 +01:00
Geoffrey White
39f1352847 Swift: Complete the rename. 2022-08-03 14:45:20 +01:00
Geoffrey White
81bd61288c Swift: I think CWE-079 is the more accurate CWE for this query. 2022-08-03 14:45:19 +01:00
Geoffrey White
c635895644 Swift: Documentation. 2022-08-03 14:45:18 +01:00
Mathias Vorreiter Pedersen
be7ba925f9 Swift: Cache 'lastRefRedef'. 2022-08-03 11:14:55 +01:00
Geoffrey White
8d9653a999 Swift: Generated security-severity tag. 2022-08-03 09:54:54 +01:00
Geoffrey White
ea17b852b4 Swift: Explain ExternalRemoteFlowSource. 2022-08-03 09:42:51 +01:00
Geoffrey White
651b73e21e Swift: Check for tainted baseURL. 2022-08-03 09:42:48 +01:00
Geoffrey White
53ea65b045 Swift: Implement query. 2022-08-03 09:41:28 +01:00
Geoffrey White
2d76d6d51a Swift: Tests for CWE-95. 2022-08-03 09:36:22 +01:00
Geoffrey White
bada5bf7c1 Swift: Placeholder query + docs for CWE-95. 2022-08-02 10:47:06 +01:00