Swift queries for CodeQL analysis

Explore the queries that CodeQL uses to analyze code written in Swift when you select the default or the security-extended query suite.

Who can use this feature?

Code scanning is available for all public repositories on GitHub.com. Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

CodeQL includes many queries for analyzing Swift code. All queries in the default query suite are run by default. If you choose to use the security-extended query suite, additional queries are run. For more information, see "CodeQL query suites."

Notes:

  • CodeQL analysis for Swift is currently in beta. During the beta, analysis of Swift code, and the accompanying documentation, will not be as comprehensive as for other languages.

Built-in queries for Swift analysis

This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.

Note: GitHub autofix for code scanning is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to JavaScript, TypeScript, Python, and Java alerts identified by CodeQL. If you have an enterprise account and use GitHub Advanced Security, your enterprise has access to the beta.

Query nameRelated CWEsDefaultExtended
Bad HTML filtering regexp116, 020, 185, 186
Cleartext logging of sensitive information312, 359, 532
Cleartext storage of sensitive information in a local database312
Cleartext storage of sensitive information in an application preference store312
Cleartext transmission of sensitive information319
Constant password259
Database query built from user-controlled sources089
Encryption using ECB327
Hard-coded encryption key321
Incomplete regular expression for hostnames020
Inefficient regular expression1333, 730, 400
Insecure TLS configuration757
Insufficient hash iterations916
Missing regular expression anchor020
Predicate built from user-controlled sources943
Regular expression injection730, 400
Resolving XML external entity in user-controlled data611, 776, 827
Static initialization vector for encryption329, 1204
String length conflation135
System command built from user-controlled sources078, 088
Uncontrolled data used in path expression022, 023, 036, 073, 099
Uncontrolled format string134
Unsafe WebView fetch079, 095, 749
Use of a broken or weak cryptographic hashing algorithm on sensitive data327, 328
Use of an inappropriate cryptographic hashing algorithm on passwords327, 328, 916
Use of constant salts760
JavaScript Injection094, 095, 749