Requêtes Swift pour l’analyse CodeQL

Explorez les requêtes que CodeQL utilise pour analyser le code écrit en Swift et ce lorsque vous sélectionnez la suite de requêtes default ou security-extended.

Qui peut utiliser cette fonctionnalité ?

Code scanning est disponible pour les dépôts appartenant à l’organisation dans GitHub Enterprise Server. Cette fonctionnalité nécessite une licence pour GitHub Advanced Security. Pour plus d’informations, consultez « À propos de GitHub Advanced Security ».

CodeQL includes many queries for analyzing Swift code. All queries in the default query suite are run by default. If you choose to use the security-extended query suite, additional queries are run. For more information, see "CodeQL query suites."

Built-in queries for Swift analysis

This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.

Note: The initial release of GitHub Enterprise Server 3.11 included CodeQL action and CodeQL CLI 2.14.6, which may not include all of these queries. Your site administrator can update your CodeQL version to a newer release. For more information, see "Configuring code scanning for your appliance."

Query nameRelated CWEsDefaultExtendedCopilot Autofix
Bad HTML filtering regexp116, 020, 185, 186
Cleartext logging of sensitive information312, 359, 532
Cleartext storage of sensitive information in a local database312
Cleartext storage of sensitive information in an application preference store312
Cleartext transmission of sensitive information319
Constant password259
Database query built from user-controlled sources089
Encryption using ECB327
Hard-coded encryption key321
Incomplete regular expression for hostnames020
Inefficient regular expression1333, 730, 400
Insecure TLS configuration757
Insufficient hash iterations916
Missing regular expression anchor020
Predicate built from user-controlled sources943
Regular expression injection730, 400
Resolving XML external entity in user-controlled data611, 776, 827
Static initialization vector for encryption329, 1204
String length conflation135
System command built from user-controlled sources078, 088
Uncontrolled data used in path expression022, 023, 036, 073, 099
Uncontrolled format string134
Unsafe WebView fetch079, 095, 749
Use of a broken or weak cryptographic hashing algorithm on sensitive data327, 328
Use of an inappropriate cryptographic hashing algorithm on passwords327, 328, 916
Use of constant salts760
JavaScript Injection094, 095, 749