hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 14:34:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,367 Commits 1,680 Branches 158 Tags
codeql-cli/v2.12.1
Commit Graph

1224 Commits

Author SHA1 Message Date
Paolo Tranquilli
490bd051cd Swift: expand ref in autogenerated docs 2023-01-19 09:27:44 +00:00
Mathias Vorreiter Pedersen
14468b64fb Merge pull request #11924 from atorralba/atorralba/optbinding-getters 
Swift: Support more CFG node types in optional binding flow
 2023-01-18 16:37:11 +00:00
Tony Torralba
90517e254a Accept test expectation changes 2023-01-18 13:25:04 +01:00
Mathias Vorreiter Pedersen
48439bc252 Merge pull request #11905 from geoffw0/rncrypt 
Swift: Add RNCryptor sinks to swift/constant-password
 2023-01-18 11:43:23 +00:00
Tony Torralba
d75a5212b2 Support more CFG node types in optional binding flow 2023-01-18 12:42:44 +01:00
Tony Torralba
4a89a30abd Add failing test 2023-01-18 12:41:59 +01:00
Mathias Vorreiter Pedersen
c8bcfb77b2 Merge pull request #11836 from geoffw0/optbinding 
Swift: Data flow through optional binding
 2023-01-18 11:25:27 +00:00
Geoffrey White
71c1ca53a9 Merge branch 'main' into rncrypt 2023-01-18 11:09:09 +00:00
Rasmus Wriedt Larsen
e0ccb9306a Merge pull request #11908 from RasmusWL/dataflow-consistency-more-excludes 
DataFlow: Add `uniqueParameterNodePositionExclude`
 2023-01-18 10:44:51 +01:00
Geoffrey White
5e5c4e9a8c Swift: Accept QL-for-QL recommendation. 2023-01-17 16:25:34 +00:00
Geoffrey White
ea06ad1933 Merge pull request #11529 from geoffw0/format 
Swift: Uncontrolled format string query
 2023-01-17 16:16:10 +00:00
Geoffrey White
037b49b454 Update swift/ql/test/query-tests/Security/CWE-259/rncryptor.swift 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2023-01-17 14:16:52 +00:00
Rasmus Wriedt Larsen
a0b1c2ea79 DataFlow: Add uniqueParameterNodePositionExclude 2023-01-17 14:05:22 +01:00
Rasmus Wriedt Larsen
2b0a5fd5d1 DataFlow: Add uniqueParameterNodeAtPositionExclude 2023-01-17 14:05:17 +01:00
Paolo Tranquilli
0a792f2f61 Swift: add upgrade and downgrade scripts for ExtensionDecl new protocols property 2023-01-17 13:07:02 +01:00
Paolo Tranquilli
0d32f00020 Swift: update ExtensionDecl test results 2023-01-17 12:58:02 +01:00
Paolo Tranquilli
f6e26211f9 Swift: add protocols to ExtensionDecl schema 2023-01-17 12:54:50 +01:00
Geoffrey White
74a37475db Swift: Model RNCryptor. 2023-01-17 11:54:12 +00:00
Paolo Tranquilli
8906e101cb Swift: add ExtensionDecl QL test 2023-01-17 12:49:53 +01:00
Geoffrey White
449ebb8a12 Swift: Add tests for RNCryptor library. 2023-01-17 09:03:07 +00:00
Tony Torralba
bd5619147d Merge pull request #11590 from atorralba/atorralba/swift/sensitive-info-logs 
Swift: Add Cleartext Logging query
 2023-01-16 16:22:20 +01:00
Tony Torralba
0017461e2d Update swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-01-16 15:35:58 +01:00
Tony Torralba
fdb3b65bce Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-01-16 11:57:37 +01:00
Mathias Vorreiter Pedersen
2dbacbc302 Merge pull request #11841 from MathiasVP/swift-add-integral-types 
Swift: Add integral type classes
 2023-01-13 17:30:57 +00:00
Geoffrey White
c9a0067705 Swift: Remove flow in cases with multiple variables. 2023-01-13 16:37:23 +00:00
Geoffrey White
2c35af51cd Swift: Move logic into Ssa::WriteDefinition.assigns. 2023-01-13 15:19:33 +00:00
Geoffrey White
8a77906296 Swift: Use Ssa::Definition rather than ConcreteVarDecl. 2023-01-13 15:01:20 +00:00
Geoffrey White
7f31c9c7e5 Swift: Add a test. 2023-01-12 15:19:57 +00:00
Geoffrey White
3d1b2fdbda Swift: Rename NumericOrCharType.qll -> Numer> NumericType.qll. 2023-01-12 11:46:51 +00:00
Geoffrey White
418d593a97 Swift: Replace NumericOrCharType with a more basic NumericType, and rename classes for consistency with other static languages. 2023-01-12 11:43:20 +00:00
Geoffrey White
d0eb167d47 Swift: Merge FloatingPointType.qll into NumericOrCharType.qll, because it is a numeric type and other stuff like CharacterType is there. 2023-01-12 11:42:36 +00:00
Geoffrey White
4e5483744f Swift: Add a test case we're discussing. 2023-01-12 10:52:03 +00:00
Michael Nebel
18a815ca8b Merge pull request #11721 from michaelnebel/csharpjava/refactorprovenance 
C#/Java: Re-factor provenance related predicates.
 2023-01-12 10:50:31 +01:00
Pierre
c3116b3f0f Merge branch 'main' into turbo/experimental/combined 2023-01-11 18:02:55 +01:00
Michael Nebel
7e4f7a0c17 C#: Address review comments and sync files. 2023-01-11 16:29:24 +01:00
Michael Nebel
67cbe38255 Sync files. 2023-01-11 16:20:55 +01:00
Michael Nebel
80a4197604 Swift: Re-factor provenance related predicates for summarized callable. 2023-01-11 16:20:55 +01:00
Michael Nebel
ea173f9516 Sync files. 2023-01-11 16:20:55 +01:00
Tony Torralba
c115a9fee4 Add more path injection sinks 2023-01-11 14:28:24 +01:00
Tony Torralba
a4f813183e Merge pull request #11785 from atorralba/atorralba/swift/grdb-sinks 
Swift: Add sinks for the GRDB library
 2023-01-11 11:49:37 +01:00
Tony Torralba
50cd40ed20 Swift: Remove omittable exists variables 2023-01-10 13:39:50 +01:00
Mathias Vorreiter Pedersen
7f5344e025 Update swift/ql/lib/codeql/swift/elements/type/NumericOrCharType.qll 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-01-09 17:08:27 +00:00
Tony Torralba
8e0a018673 Consider Int8 and UInt8 as OsLogNonRedactedTypes 2023-01-09 18:05:18 +01:00
Tony Torralba
49a41c98ee Test that hashed passwords are 'safe' to log 
This doesn't seem completely right, but the heuristic approach we have regarding sensitive expressions has to draw the line somewhere.
 2023-01-09 18:01:07 +01:00
Tony Torralba
160d89fb4e Add qhelp examples 2023-01-09 18:01:07 +01:00
Tony Torralba
33029b0ed8 Fix sanitizer QLDoc 2023-01-09 18:01:07 +01:00
Tony Torralba
7e0869965c Uncomment tests 2023-01-09 18:01:07 +01:00
Tony Torralba
c1f19dd145 Add stub so that tests work on Linux 2023-01-09 18:01:07 +01:00
Tony Torralba
b203a9eb6e Add a sanitizer for OSLogPrivacy options 
Add test cases to verify how the sanitizer behaves depending on the argument type and the privacy option being used.
 2023-01-09 18:01:07 +01:00
Tony Torralba
aad56097ac Add Cleartext Loggin query for Swift. 
With some caveats: see TODO comments and failing tests.
 2023-01-09 18:01:07 +01:00