hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 14:04:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Add taint tests for flow through interpolated strings.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2022-08-04 20:06:48 +01:00
parent 9c48ce1bf2
commit 05e6dd85d4
5 changed files with 198 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected Normal file
View File

@@ -0,0 +1,121 @@
| file://:0:0:0:0 | Phi | test.swift:7:14:7:14 | $interpolation |
| file://:0:0:0:0 | Phi | test.swift:9:14:9:14 | $interpolation |
| file://:0:0:0:0 | Phi | test.swift:11:14:11:14 | $interpolation |
| file://:0:0:0:0 | Phi | test.swift:14:14:14:14 | $interpolation |
| file://:0:0:0:0 | Phi | test.swift:16:14:16:14 | $interpolation |
| file://:0:0:0:0 | Phi | test.swift:18:14:18:14 | $interpolation |
| file://:0:0:0:0 | Phi | test.swift:21:14:21:14 | $interpolation |
| test.swift:5:7:5:7 | WriteDef | test.swift:7:16:7:16 | x |
| test.swift:5:11:5:18 | call to source() | test.swift:5:7:5:7 | WriteDef |
| test.swift:7:13:7:13 | WriteDef | file://:0:0:0:0 | Phi |
| test.swift:7:14:7:14 | $interpolation | test.swift:7:14:7:14 | &... |
| test.swift:7:14:7:14 | : &... | test.swift:7:14:7:14 | WriteDef |
| test.swift:7:14:7:14 | WriteDef | test.swift:7:15:7:15 | $interpolation |
| test.swift:7:15:7:15 | $interpolation | test.swift:7:15:7:15 | &... |
| test.swift:7:15:7:15 | : &... | test.swift:7:15:7:15 | WriteDef |
| test.swift:7:15:7:15 | WriteDef | test.swift:7:18:7:18 | $interpolation |
| test.swift:7:16:7:16 | x | test.swift:9:16:9:16 | x |
| test.swift:7:18:7:18 | $interpolation | test.swift:7:18:7:18 | &... |
| test.swift:7:18:7:18 | : &... | test.swift:7:18:7:18 | WriteDef |
| test.swift:7:18:7:18 | WriteDef | test.swift:7:13:7:13 | TapExpr |
| test.swift:9:13:9:13 | WriteDef | file://:0:0:0:0 | Phi |
| test.swift:9:14:9:14 | $interpolation | test.swift:9:14:9:14 | &... |
| test.swift:9:14:9:14 | : &... | test.swift:9:14:9:14 | WriteDef |
| test.swift:9:14:9:14 | WriteDef | test.swift:9:15:9:15 | $interpolation |
| test.swift:9:15:9:15 | $interpolation | test.swift:9:15:9:15 | &... |
| test.swift:9:15:9:15 | : &... | test.swift:9:15:9:15 | WriteDef |
| test.swift:9:15:9:15 | WriteDef | test.swift:9:18:9:18 | $interpolation |
| test.swift:9:16:9:16 | x | test.swift:9:21:9:21 | x |
| test.swift:9:18:9:18 | $interpolation | test.swift:9:18:9:18 | &... |
| test.swift:9:18:9:18 | : &... | test.swift:9:18:9:18 | WriteDef |
| test.swift:9:18:9:18 | WriteDef | test.swift:9:20:9:20 | $interpolation |
| test.swift:9:20:9:20 | $interpolation | test.swift:9:20:9:20 | &... |
| test.swift:9:20:9:20 | : &... | test.swift:9:20:9:20 | WriteDef |
| test.swift:9:20:9:20 | WriteDef | test.swift:9:23:9:23 | $interpolation |
| test.swift:9:21:9:21 | x | test.swift:11:16:11:16 | x |
| test.swift:9:23:9:23 | $interpolation | test.swift:9:23:9:23 | &... |
| test.swift:9:23:9:23 | : &... | test.swift:9:23:9:23 | WriteDef |
| test.swift:9:23:9:23 | WriteDef | test.swift:9:13:9:13 | TapExpr |
| test.swift:11:13:11:13 | WriteDef | file://:0:0:0:0 | Phi |
| test.swift:11:14:11:14 | $interpolation | test.swift:11:14:11:14 | &... |
| test.swift:11:14:11:14 | : &... | test.swift:11:14:11:14 | WriteDef |
| test.swift:11:14:11:14 | WriteDef | test.swift:11:15:11:15 | $interpolation |
| test.swift:11:15:11:15 | $interpolation | test.swift:11:15:11:15 | &... |
| test.swift:11:15:11:15 | : &... | test.swift:11:15:11:15 | WriteDef |
| test.swift:11:15:11:15 | WriteDef | test.swift:11:18:11:18 | $interpolation |
| test.swift:11:16:11:16 | x | test.swift:11:26:11:26 | x |
| test.swift:11:18:11:18 | $interpolation | test.swift:11:18:11:18 | &... |
| test.swift:11:18:11:18 | : &... | test.swift:11:18:11:18 | WriteDef |
| test.swift:11:18:11:18 | WriteDef | test.swift:11:20:11:20 | $interpolation |
| test.swift:11:20:11:20 | $interpolation | test.swift:11:20:11:20 | &... |
| test.swift:11:20:11:20 | : &... | test.swift:11:20:11:20 | WriteDef |
| test.swift:11:20:11:20 | WriteDef | test.swift:11:23:11:23 | $interpolation |
| test.swift:11:23:11:23 | $interpolation | test.swift:11:23:11:23 | &... |
| test.swift:11:23:11:23 | : &... | test.swift:11:23:11:23 | WriteDef |
| test.swift:11:23:11:23 | WriteDef | test.swift:11:25:11:25 | $interpolation |
| test.swift:11:25:11:25 | $interpolation | test.swift:11:25:11:25 | &... |
| test.swift:11:25:11:25 | : &... | test.swift:11:25:11:25 | WriteDef |
| test.swift:11:25:11:25 | WriteDef | test.swift:11:28:11:28 | $interpolation |
| test.swift:11:26:11:26 | x | test.swift:16:16:16:16 | x |
| test.swift:11:28:11:28 | $interpolation | test.swift:11:28:11:28 | &... |
| test.swift:11:28:11:28 | : &... | test.swift:11:28:11:28 | WriteDef |
| test.swift:11:28:11:28 | WriteDef | test.swift:11:13:11:13 | TapExpr |
| test.swift:13:7:13:7 | WriteDef | test.swift:14:16:14:16 | y |
| test.swift:13:11:13:11 | 42 | test.swift:13:7:13:7 | WriteDef |
| test.swift:14:13:14:13 | WriteDef | file://:0:0:0:0 | Phi |
| test.swift:14:14:14:14 | $interpolation | test.swift:14:14:14:14 | &... |
| test.swift:14:14:14:14 | : &... | test.swift:14:14:14:14 | WriteDef |
| test.swift:14:14:14:14 | WriteDef | test.swift:14:15:14:15 | $interpolation |
| test.swift:14:15:14:15 | $interpolation | test.swift:14:15:14:15 | &... |
| test.swift:14:15:14:15 | : &... | test.swift:14:15:14:15 | WriteDef |
| test.swift:14:15:14:15 | WriteDef | test.swift:14:18:14:18 | $interpolation |
| test.swift:14:16:14:16 | y | test.swift:16:27:16:27 | y |
| test.swift:14:18:14:18 | $interpolation | test.swift:14:18:14:18 | &... |
| test.swift:14:18:14:18 | : &... | test.swift:14:18:14:18 | WriteDef |
| test.swift:14:18:14:18 | WriteDef | test.swift:14:13:14:13 | TapExpr |
| test.swift:16:13:16:13 | WriteDef | file://:0:0:0:0 | Phi |
| test.swift:16:14:16:14 | $interpolation | test.swift:16:14:16:14 | &... |
| test.swift:16:14:16:14 | : &... | test.swift:16:14:16:14 | WriteDef |
| test.swift:16:14:16:14 | WriteDef | test.swift:16:15:16:15 | $interpolation |
| test.swift:16:15:16:15 | $interpolation | test.swift:16:15:16:15 | &... |
| test.swift:16:15:16:15 | : &... | test.swift:16:15:16:15 | WriteDef |
| test.swift:16:15:16:15 | WriteDef | test.swift:16:18:16:18 | $interpolation |
| test.swift:16:16:16:16 | x | test.swift:18:27:18:27 | x |
| test.swift:16:18:16:18 | $interpolation | test.swift:16:18:16:18 | &... |
| test.swift:16:18:16:18 | : &... | test.swift:16:18:16:18 | WriteDef |
| test.swift:16:18:16:18 | WriteDef | test.swift:16:26:16:26 | $interpolation |
| test.swift:16:26:16:26 | $interpolation | test.swift:16:26:16:26 | &... |
| test.swift:16:26:16:26 | : &... | test.swift:16:26:16:26 | WriteDef |
| test.swift:16:26:16:26 | WriteDef | test.swift:16:29:16:29 | $interpolation |
| test.swift:16:27:16:27 | y | test.swift:18:16:18:16 | y |
| test.swift:16:29:16:29 | $interpolation | test.swift:16:29:16:29 | &... |
| test.swift:16:29:16:29 | : &... | test.swift:16:29:16:29 | WriteDef |
| test.swift:16:29:16:29 | WriteDef | test.swift:16:13:16:13 | TapExpr |
| test.swift:18:13:18:13 | WriteDef | file://:0:0:0:0 | Phi |
| test.swift:18:14:18:14 | $interpolation | test.swift:18:14:18:14 | &... |
| test.swift:18:14:18:14 | : &... | test.swift:18:14:18:14 | WriteDef |
| test.swift:18:14:18:14 | WriteDef | test.swift:18:15:18:15 | $interpolation |
| test.swift:18:15:18:15 | $interpolation | test.swift:18:15:18:15 | &... |
| test.swift:18:15:18:15 | : &... | test.swift:18:15:18:15 | WriteDef |
| test.swift:18:15:18:15 | WriteDef | test.swift:18:18:18:18 | $interpolation |
| test.swift:18:18:18:18 | $interpolation | test.swift:18:18:18:18 | &... |
| test.swift:18:18:18:18 | : &... | test.swift:18:18:18:18 | WriteDef |
| test.swift:18:18:18:18 | WriteDef | test.swift:18:26:18:26 | $interpolation |
| test.swift:18:26:18:26 | $interpolation | test.swift:18:26:18:26 | &... |
| test.swift:18:26:18:26 | : &... | test.swift:18:26:18:26 | WriteDef |
| test.swift:18:26:18:26 | WriteDef | test.swift:18:29:18:29 | $interpolation |
| test.swift:18:29:18:29 | $interpolation | test.swift:18:29:18:29 | &... |
| test.swift:18:29:18:29 | : &... | test.swift:18:29:18:29 | WriteDef |
| test.swift:18:29:18:29 | WriteDef | test.swift:18:13:18:13 | TapExpr |
| test.swift:20:3:20:7 | WriteDef | test.swift:21:16:21:16 | x |
| test.swift:20:7:20:7 | 0 | test.swift:20:3:20:7 | WriteDef |
| test.swift:21:13:21:13 | WriteDef | file://:0:0:0:0 | Phi |
| test.swift:21:14:21:14 | $interpolation | test.swift:21:14:21:14 | &... |
| test.swift:21:14:21:14 | : &... | test.swift:21:14:21:14 | WriteDef |
| test.swift:21:14:21:14 | WriteDef | test.swift:21:15:21:15 | $interpolation |
| test.swift:21:15:21:15 | $interpolation | test.swift:21:15:21:15 | &... |
| test.swift:21:15:21:15 | : &... | test.swift:21:15:21:15 | WriteDef |
| test.swift:21:15:21:15 | WriteDef | test.swift:21:18:21:18 | $interpolation |
| test.swift:21:18:21:18 | $interpolation | test.swift:21:18:21:18 | &... |
| test.swift:21:18:21:18 | : &... | test.swift:21:18:21:18 | WriteDef |
| test.swift:21:18:21:18 | WriteDef | test.swift:21:13:21:13 | TapExpr |

6
swift/ql/test/library-tests/dataflow/taint/LocalTaint.ql Normal file
View File

@@ -0,0 +1,6 @@
import swift
import codeql.swift.dataflow.DataFlow
from DataFlow::Node pred, DataFlow::Node succ
where DataFlow::localFlowStep(pred, succ)
select pred, succ

20
swift/ql/test/library-tests/dataflow/taint/Taint.expected Normal file
View File

@@ -0,0 +1,20 @@
edges
| test.swift:5:11:5:18 | call to source() : | test.swift:7:13:7:13 | "..." |
| test.swift:5:11:5:18 | call to source() : | test.swift:9:13:9:13 | "..." |
| test.swift:5:11:5:18 | call to source() : | test.swift:11:13:11:13 | "..." |
| test.swift:5:11:5:18 | call to source() : | test.swift:16:13:16:13 | "..." |
| test.swift:5:11:5:18 | call to source() : | test.swift:18:13:18:13 | "..." |
nodes
| test.swift:5:11:5:18 | call to source() : | semmle.label | call to source() : |
| test.swift:7:13:7:13 | "..." | semmle.label | "..." |
| test.swift:9:13:9:13 | "..." | semmle.label | "..." |
| test.swift:11:13:11:13 | "..." | semmle.label | "..." |
| test.swift:16:13:16:13 | "..." | semmle.label | "..." |
| test.swift:18:13:18:13 | "..." | semmle.label | "..." |
subpaths
#select
| test.swift:7:13:7:13 | "..." | test.swift:5:11:5:18 | call to source() : | test.swift:7:13:7:13 | "..." | result |
| test.swift:9:13:9:13 | "..." | test.swift:5:11:5:18 | call to source() : | test.swift:9:13:9:13 | "..." | result |
| test.swift:11:13:11:13 | "..." | test.swift:5:11:5:18 | call to source() : | test.swift:11:13:11:13 | "..." | result |
| test.swift:16:13:16:13 | "..." | test.swift:5:11:5:18 | call to source() : | test.swift:16:13:16:13 | "..." | result |
| test.swift:18:13:18:13 | "..." | test.swift:5:11:5:18 | call to source() : | test.swift:18:13:18:13 | "..." | result |

29
swift/ql/test/library-tests/dataflow/taint/Taint.ql Normal file
View File

@@ -0,0 +1,29 @@
/**
* @kind path-problem
*/
import swift
import codeql.swift.dataflow.TaintTracking
import codeql.swift.dataflow.DataFlow::DataFlow
import PathGraph
class TestConfiguration extends TaintTracking::Configuration {
TestConfiguration() { this = "TestConfiguration" }
override predicate isSource(Node src) {
src.asExpr().(CallExpr).getStaticTarget().getName() = "source()"
}
override predicate isSink(Node sink) {
exists(CallExpr sinkCall |
sinkCall.getStaticTarget().getName() = "sink(arg:)" and
sinkCall.getAnArgument().getExpr() = sink.asExpr()
)
}
override int explorationLimit() { result = 100 }
}
from PathNode src, PathNode sink, TestConfiguration test
where test.hasFlowPath(src, sink)
select sink, src, sink, "result"

22
swift/ql/test/library-tests/dataflow/taint/test.swift Normal file
View File

@@ -0,0 +1,22 @@
func source() -> Int { return 0; }
func sink(arg: String) {}
func taintThroughInterpolatedStrings() {
var x = source()
sink(arg: "\(x)") // tainted
sink(arg: "\(x) \(x)") // tainted
sink(arg: "\(x) \(0) \(x)") // tainted
var y = 42
sink(arg: "\(y)") // clean
sink(arg: "\(x) hello \(y)") // tainted
sink(arg: "\(y) world \(x)") // tainted
x = 0
sink(arg: "\(x)") // clean
}