hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 17:04:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15607 from geoffw0/unsafeunpack

Browse Source 
Swift: Trivial changes to swift/unsafe-unpacking
This commit is contained in:
Geoffrey White
2024-02-13 20:49:57 +00:00
committed by GitHub
parent f7955db841 159080f133
commit 0d6c141d72
9 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md
View File

@@ -1,4 +1,4 @@
---
category: newQuery
---
* Added a new query, `swift/unsafe-unpacking`, that detects unpacking user controlled zips without validating the destination file path is within the destination directory.
* Added a new experimental query, `swift/unsafe-unpacking`, that detects unpacking user controlled zips without validating the destination file path is within the destination directory.

2
swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp
View File

@@ -27,7 +27,7 @@ The following examples unpacks a remote zip using `Zip.unzipFile()` which is vul
<p>
The following examples unpacks a remote zip using `fileManager.unzipItem()` which is vulnerable to symlink path traversal.
</p>
<sample src="ZIPFoundationBad.swift" />
<sample src="ZipFoundationBad.swift" />
<p>Consider using a safer module, such as: <code>ZIPArchive</code></p>

0
swift/ql/src/experimental/Security/CWE-022/ZIPFoundationBad.swift → swift/ql/src/experimental/Security/CWE-022/ZipFoundationBad.swift
View File

0
swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected → swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.expected
View File

0
swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql → swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.ql
View File

0
swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift → swift/ql/test/query-tests/Security/CWE-022/PathInjection/testPathInjection.swift
View File

6
swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.expected → swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected
View File

@@ -1,7 +1,7 @@
edges
| UnsafeUnpack.swift:62:9:62:48 | call to Data.init(contentsOf:options:) | UnsafeUnpack.swift:62:60:62:60 | source |
| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:64:27:64:27 | source |
| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:67:39:67:39 | source |
| UnsafeUnpack.swift:62:9:62:48 | call to Data.init(contentsOf:options:) | UnsafeUnpack.swift:62:60:62:60 | source | provenance | |
| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:64:27:64:27 | source | provenance | |
| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:67:39:67:39 | source | provenance | |
nodes
| UnsafeUnpack.swift:62:9:62:48 | call to Data.init(contentsOf:options:) | semmle.label | call to Data.init(contentsOf:options:) |
| UnsafeUnpack.swift:62:60:62:60 | source | semmle.label | source |

0
swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.qlref → swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.qlref
View File

0
swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.swift → swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.swift
View File