mirror of
https://github.com/github/codeql.git
synced 2026-04-28 18:25:24 +02:00
Swift: Model String initializers.
This commit is contained in:
Geoffrey White
@@ -32,6 +32,37 @@ private class StringSummaries extends SummaryModelCsv {
|
||||
";StringProtocol;true;init(cString:);;;Argument[0];ReturnValue;taint",
|
||||
";StringProtocol;true;init(decoding:as:);;;Argument[0];ReturnValue;taint",
|
||||
";StringProtocol;true;init(decodingCString:as:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(decoding:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(_:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(repeating:count:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(data:encoding:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(validatingUTF8:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(utf16CodeUnits:count:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(utf16CodeUnitsNoCopy:count:freeWhenDone:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(format:_:);;;Argument[0];ReturnValue;taint", //0..
|
||||
";String;true;init(format:arguments:);;;Argument[0..1];ReturnValue;taint",
|
||||
";String;true;init(format:locale:_:);;;Argument[0];ReturnValue;taint", //0,2..
|
||||
";String;true;init(format:locale:arguments:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(_:radix:uppercase:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(bytes:encoding:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(bytesNoCopy:length:encoding:freeWhenDone);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(describing:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(contentsOf:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(contentsOf:encoding:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(contendsOf:usedEncoding:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(contentsOfFile:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(contentsOfFile:encoding:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(contentsOfFile:usedEncoding:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(from:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(stringInterpolation:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(stringLiteral:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(unicodeScalarLiteral:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(extendedGraphemeClusterLiteral:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(cString:encoding:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(platformString:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(utf8String:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(validating:);;;Argument[0];ReturnValue;taint",
|
||||
";String;true;init(validatingPlatformString:);;;Argument[0];ReturnValue;taint",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1137,25 +1137,37 @@
|
||||
| string.swift:213:7:213:7 | SSA def(taintedInt) | string.swift:217:20:217:20 | taintedInt |
|
||||
| string.swift:213:20:213:27 | call to source() | string.swift:213:7:213:7 | SSA def(taintedInt) |
|
||||
| string.swift:215:20:215:20 | [post] clean | string.swift:227:31:227:31 | clean |
|
||||
| string.swift:215:20:215:20 | clean | string.swift:215:13:215:25 | call to String.init(_:) |
|
||||
| string.swift:215:20:215:20 | clean | string.swift:227:31:227:31 | clean |
|
||||
| string.swift:216:20:216:20 | [post] tainted | string.swift:219:28:219:28 | tainted |
|
||||
| string.swift:216:20:216:20 | tainted | string.swift:216:13:216:27 | call to String.init(_:) |
|
||||
| string.swift:216:20:216:20 | tainted | string.swift:219:28:219:28 | tainted |
|
||||
| string.swift:217:20:217:20 | [post] taintedInt | string.swift:225:46:225:46 | taintedInt |
|
||||
| string.swift:217:20:217:20 | taintedInt | string.swift:217:13:217:30 | call to String.init(_:) |
|
||||
| string.swift:217:20:217:20 | taintedInt | string.swift:225:46:225:46 | taintedInt |
|
||||
| string.swift:219:28:219:28 | [post] tainted | string.swift:220:28:220:28 | tainted |
|
||||
| string.swift:219:28:219:28 | tainted | string.swift:219:13:219:44 | call to String.init(format:_:) |
|
||||
| string.swift:219:28:219:28 | tainted | string.swift:220:28:220:28 | tainted |
|
||||
| string.swift:220:28:220:28 | [post] tainted | string.swift:221:28:221:28 | tainted |
|
||||
| string.swift:220:28:220:28 | tainted | string.swift:220:13:220:50 | call to String.init(format:arguments:) |
|
||||
| string.swift:220:28:220:28 | tainted | string.swift:221:28:221:28 | tainted |
|
||||
| string.swift:220:48:220:49 | [...] | string.swift:220:13:220:50 | call to String.init(format:arguments:) |
|
||||
| string.swift:221:28:221:28 | [post] tainted | string.swift:222:28:222:28 | tainted |
|
||||
| string.swift:221:28:221:28 | tainted | string.swift:221:13:221:57 | call to String.init(format:locale:_:) |
|
||||
| string.swift:221:28:221:28 | tainted | string.swift:222:28:222:28 | tainted |
|
||||
| string.swift:222:28:222:28 | [post] tainted | string.swift:223:46:223:46 | tainted |
|
||||
| string.swift:222:28:222:28 | tainted | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) |
|
||||
| string.swift:222:28:222:28 | tainted | string.swift:223:46:223:46 | tainted |
|
||||
| string.swift:223:46:223:46 | [post] tainted | string.swift:224:34:224:34 | tainted |
|
||||
| string.swift:223:46:223:46 | tainted | string.swift:224:34:224:34 | tainted |
|
||||
| string.swift:224:28:224:28 | %s | string.swift:224:13:224:41 | call to String.init(format:_:) |
|
||||
| string.swift:224:34:224:34 | tainted | string.swift:228:31:228:31 | tainted |
|
||||
| string.swift:225:28:225:28 | %i %i %i | string.swift:225:13:225:56 | call to String.init(format:_:) |
|
||||
| string.swift:227:31:227:31 | [post] clean | string.swift:253:13:253:13 | clean |
|
||||
| string.swift:227:31:227:31 | clean | string.swift:227:13:227:46 | call to String.init(repeating:count:) |
|
||||
| string.swift:227:31:227:31 | clean | string.swift:253:13:253:13 | clean |
|
||||
| string.swift:228:31:228:31 | [post] tainted | string.swift:230:13:230:13 | tainted |
|
||||
| string.swift:228:31:228:31 | tainted | string.swift:228:13:228:48 | call to String.init(repeating:count:) |
|
||||
| string.swift:228:31:228:31 | tainted | string.swift:230:13:230:13 | tainted |
|
||||
| string.swift:230:13:230:13 | [post] tainted | string.swift:231:13:231:13 | tainted |
|
||||
| string.swift:230:13:230:13 | tainted | string.swift:231:13:231:13 | tainted |
|
||||
@@ -1368,9 +1380,11 @@
|
||||
| string.swift:337:38:337:38 | | string.swift:337:33:337:40 | call to Data.init(_:) |
|
||||
| string.swift:340:7:340:7 | SSA def(stringClean) | string.swift:343:12:343:12 | stringClean |
|
||||
| string.swift:340:21:340:74 | call to String.init(data:encoding:) | string.swift:340:7:340:7 | SSA def(stringClean) |
|
||||
| string.swift:340:34:340:41 | call to Data.init(_:) | string.swift:340:21:340:74 | call to String.init(data:encoding:) |
|
||||
| string.swift:340:39:340:39 | | string.swift:340:34:340:41 | call to Data.init(_:) |
|
||||
| string.swift:341:7:341:7 | SSA def(stringTainted) | string.swift:344:12:344:12 | stringTainted |
|
||||
| string.swift:341:23:341:77 | call to String.init(data:encoding:) | string.swift:341:7:341:7 | SSA def(stringTainted) |
|
||||
| string.swift:341:36:341:44 | call to source3() | string.swift:341:23:341:77 | call to String.init(data:encoding:) |
|
||||
| string.swift:343:12:343:12 | stringClean | string.swift:343:12:343:23 | ...! |
|
||||
| string.swift:344:12:344:12 | stringTainted | string.swift:344:12:344:25 | ...! |
|
||||
| string.swift:346:30:346:37 | call to Data.init(_:) | string.swift:346:13:346:53 | call to String.init(decoding:as:) |
|
||||
@@ -1438,6 +1452,7 @@
|
||||
| string.swift:398:5:398:5 | SSA def(ptr) | string.swift:399:15:399:15 | ptr |
|
||||
| string.swift:398:5:398:5 | ptr | string.swift:398:5:398:5 | SSA def(ptr) |
|
||||
| string.swift:399:15:399:15 | ptr | string.swift:400:38:400:38 | ptr |
|
||||
| string.swift:400:38:400:38 | ptr | string.swift:400:15:400:41 | call to String.init(platformString:) |
|
||||
| string.swift:400:38:400:38 | ptr | string.swift:402:45:402:45 | ptr |
|
||||
| string.swift:402:9:402:9 | SSA def(buffer) | string.swift:403:29:403:29 | buffer |
|
||||
| string.swift:402:18:402:59 | call to UnsafeBufferPointer<Element>.init(start:count:) | string.swift:402:9:402:9 | SSA def(buffer) |
|
||||
@@ -1445,11 +1460,13 @@
|
||||
| string.swift:403:23:403:35 | call to Array<Element>.init(_:) | string.swift:403:9:403:9 | SSA def(arrayString) |
|
||||
| string.swift:403:29:403:29 | buffer | string.swift:404:15:404:15 | buffer |
|
||||
| string.swift:405:15:405:15 | arrayString | string.swift:406:38:406:38 | arrayString |
|
||||
| string.swift:406:38:406:38 | arrayString | string.swift:406:15:406:49 | call to String.init(platformString:) |
|
||||
| string.swift:408:3:408:3 | [post] tainted | string.swift:425:3:425:3 | tainted |
|
||||
| string.swift:408:3:408:3 | tainted | string.swift:425:3:425:3 | tainted |
|
||||
| string.swift:409:5:409:5 | SSA def(ptr) | string.swift:410:15:410:15 | ptr |
|
||||
| string.swift:409:5:409:5 | ptr | string.swift:409:5:409:5 | SSA def(ptr) |
|
||||
| string.swift:410:15:410:15 | ptr | string.swift:411:38:411:38 | ptr |
|
||||
| string.swift:411:38:411:38 | ptr | string.swift:411:15:411:41 | call to String.init(platformString:) |
|
||||
| string.swift:411:38:411:38 | ptr | string.swift:413:45:413:45 | ptr |
|
||||
| string.swift:413:9:413:9 | SSA def(buffer) | string.swift:414:29:414:29 | buffer |
|
||||
| string.swift:413:18:413:59 | call to UnsafeBufferPointer<Element>.init(start:count:) | string.swift:413:9:413:9 | SSA def(buffer) |
|
||||
@@ -1457,6 +1474,7 @@
|
||||
| string.swift:414:23:414:35 | call to Array<Element>.init(_:) | string.swift:414:9:414:9 | SSA def(arrayString) |
|
||||
| string.swift:414:29:414:29 | buffer | string.swift:415:15:415:15 | buffer |
|
||||
| string.swift:416:15:416:15 | arrayString | string.swift:417:38:417:38 | arrayString |
|
||||
| string.swift:417:38:417:38 | arrayString | string.swift:417:15:417:49 | call to String.init(platformString:) |
|
||||
| string.swift:421:5:421:5 | SSA def(ptr) | string.swift:422:15:422:15 | ptr |
|
||||
| string.swift:421:5:421:5 | ptr | string.swift:421:5:421:5 | SSA def(ptr) |
|
||||
| string.swift:422:15:422:15 | ptr | string.swift:423:15:423:15 | ptr |
|
||||
@@ -1480,8 +1498,10 @@
|
||||
| string.swift:449:15:449:15 | [post] buffer | string.swift:450:17:450:17 | buffer |
|
||||
| string.swift:449:15:449:15 | buffer | string.swift:450:17:450:17 | buffer |
|
||||
| string.swift:455:13:455:75 | call to String.init(bytes:encoding:) | string.swift:455:13:455:76 | ...! |
|
||||
| string.swift:455:27:455:27 | cleanUInt8Values | string.swift:455:13:455:75 | call to String.init(bytes:encoding:) |
|
||||
| string.swift:455:27:455:27 | cleanUInt8Values | string.swift:458:29:458:29 | cleanUInt8Values |
|
||||
| string.swift:456:13:456:77 | call to String.init(bytes:encoding:) | string.swift:456:13:456:78 | ...! |
|
||||
| string.swift:456:27:456:27 | taintedUInt8Values | string.swift:456:13:456:77 | call to String.init(bytes:encoding:) |
|
||||
| string.swift:456:27:456:27 | taintedUInt8Values | string.swift:459:29:459:29 | taintedUInt8Values |
|
||||
| string.swift:458:29:458:29 | cleanUInt8Values | string.swift:458:13:458:45 | call to String.init(cString:) |
|
||||
| string.swift:458:29:458:29 | cleanUInt8Values | string.swift:461:8:461:8 | cleanUInt8Values |
|
||||
@@ -1551,10 +1571,12 @@
|
||||
| string.swift:498:34:498:34 | [post] ptr | string.swift:499:38:499:38 | ptr |
|
||||
| string.swift:498:34:498:34 | ptr | string.swift:499:38:499:38 | ptr |
|
||||
| string.swift:498:34:498:38 | .baseAddress | string.swift:498:34:498:49 | ...! |
|
||||
| string.swift:498:34:498:49 | ...! | string.swift:498:15:498:50 | call to String.init(utf8String:) |
|
||||
| string.swift:499:15:499:54 | call to String.init(validatingUTF8:) | string.swift:499:15:499:55 | ...! |
|
||||
| string.swift:499:38:499:38 | [post] ptr | string.swift:500:31:500:31 | ptr |
|
||||
| string.swift:499:38:499:38 | ptr | string.swift:500:31:500:31 | ptr |
|
||||
| string.swift:499:38:499:42 | .baseAddress | string.swift:499:38:499:53 | ...! |
|
||||
| string.swift:499:38:499:53 | ...! | string.swift:499:15:499:54 | call to String.init(validatingUTF8:) |
|
||||
| string.swift:500:31:500:35 | .baseAddress | string.swift:500:31:500:46 | ...! |
|
||||
| string.swift:500:31:500:46 | ...! | string.swift:500:15:500:47 | call to String.init(cString:) |
|
||||
| string.swift:502:3:502:3 | [post] taintedCCharValues | string.swift:512:29:512:29 | taintedCCharValues |
|
||||
@@ -1569,10 +1591,12 @@
|
||||
| string.swift:506:34:506:34 | [post] ptr | string.swift:507:38:507:38 | ptr |
|
||||
| string.swift:506:34:506:34 | ptr | string.swift:507:38:507:38 | ptr |
|
||||
| string.swift:506:34:506:38 | .baseAddress | string.swift:506:34:506:49 | ...! |
|
||||
| string.swift:506:34:506:49 | ...! | string.swift:506:15:506:50 | call to String.init(utf8String:) |
|
||||
| string.swift:507:15:507:54 | call to String.init(validatingUTF8:) | string.swift:507:15:507:55 | ...! |
|
||||
| string.swift:507:38:507:38 | [post] ptr | string.swift:508:31:508:31 | ptr |
|
||||
| string.swift:507:38:507:38 | ptr | string.swift:508:31:508:31 | ptr |
|
||||
| string.swift:507:38:507:42 | .baseAddress | string.swift:507:38:507:53 | ...! |
|
||||
| string.swift:507:38:507:53 | ...! | string.swift:507:15:507:54 | call to String.init(validatingUTF8:) |
|
||||
| string.swift:508:31:508:35 | .baseAddress | string.swift:508:31:508:46 | ...! |
|
||||
| string.swift:508:31:508:46 | ...! | string.swift:508:15:508:47 | call to String.init(cString:) |
|
||||
| string.swift:511:29:511:29 | cleanCCharValues | string.swift:511:13:511:45 | call to String.init(cString:) |
|
||||
@@ -1590,11 +1614,13 @@
|
||||
| string.swift:525:38:525:38 | [post] ptr | string.swift:525:63:525:63 | ptr |
|
||||
| string.swift:525:38:525:38 | ptr | string.swift:525:63:525:63 | ptr |
|
||||
| string.swift:525:38:525:42 | .baseAddress | string.swift:525:38:525:53 | ...! |
|
||||
| string.swift:525:38:525:53 | ...! | string.swift:525:15:525:72 | call to String.init(utf16CodeUnits:count:) |
|
||||
| string.swift:525:63:525:63 | [post] ptr | string.swift:526:44:526:44 | ptr |
|
||||
| string.swift:525:63:525:63 | ptr | string.swift:526:44:526:44 | ptr |
|
||||
| string.swift:526:44:526:44 | [post] ptr | string.swift:526:69:526:69 | ptr |
|
||||
| string.swift:526:44:526:44 | ptr | string.swift:526:69:526:69 | ptr |
|
||||
| string.swift:526:44:526:48 | .baseAddress | string.swift:526:44:526:59 | ...! |
|
||||
| string.swift:526:44:526:59 | ...! | string.swift:526:15:526:99 | call to String.init(utf16CodeUnitsNoCopy:count:freeWhenDone:) |
|
||||
| string.swift:529:5:529:5 | SSA def(ptr) | string.swift:530:15:530:15 | ptr |
|
||||
| string.swift:529:5:529:5 | ptr | string.swift:529:5:529:5 | SSA def(ptr) |
|
||||
| string.swift:530:15:530:15 | ptr | string.swift:531:15:531:15 | ptr |
|
||||
@@ -1604,11 +1630,13 @@
|
||||
| string.swift:532:38:532:38 | [post] ptr | string.swift:532:63:532:63 | ptr |
|
||||
| string.swift:532:38:532:38 | ptr | string.swift:532:63:532:63 | ptr |
|
||||
| string.swift:532:38:532:42 | .baseAddress | string.swift:532:38:532:53 | ...! |
|
||||
| string.swift:532:38:532:53 | ...! | string.swift:532:15:532:72 | call to String.init(utf16CodeUnits:count:) |
|
||||
| string.swift:532:63:532:63 | [post] ptr | string.swift:533:44:533:44 | ptr |
|
||||
| string.swift:532:63:532:63 | ptr | string.swift:533:44:533:44 | ptr |
|
||||
| string.swift:533:44:533:44 | [post] ptr | string.swift:533:69:533:69 | ptr |
|
||||
| string.swift:533:44:533:44 | ptr | string.swift:533:69:533:69 | ptr |
|
||||
| string.swift:533:44:533:48 | .baseAddress | string.swift:533:44:533:59 | ...! |
|
||||
| string.swift:533:44:533:59 | ...! | string.swift:533:15:533:99 | call to String.init(utf16CodeUnitsNoCopy:count:freeWhenDone:) |
|
||||
| string.swift:540:7:540:7 | SSA def(tainted) | string.swift:544:14:544:14 | tainted |
|
||||
| string.swift:540:17:540:25 | call to source2() | string.swift:540:7:540:7 | SSA def(tainted) |
|
||||
| string.swift:544:7:544:7 | SSA def(sub1) | string.swift:545:13:545:13 | sub1 |
|
||||
@@ -1622,11 +1650,13 @@
|
||||
| string.swift:544:45:544:45 | tainted | string.swift:548:14:548:14 | tainted |
|
||||
| string.swift:545:13:545:13 | [post] sub1 | string.swift:546:20:546:20 | sub1 |
|
||||
| string.swift:545:13:545:13 | sub1 | string.swift:546:20:546:20 | sub1 |
|
||||
| string.swift:546:20:546:20 | sub1 | string.swift:546:13:546:24 | call to String.init(_:) |
|
||||
| string.swift:548:7:548:7 | SSA def(sub2) | string.swift:549:13:549:13 | sub2 |
|
||||
| string.swift:548:14:548:14 | [post] tainted | string.swift:552:14:552:14 | tainted |
|
||||
| string.swift:548:14:548:14 | tainted | string.swift:552:14:552:14 | tainted |
|
||||
| string.swift:548:14:548:31 | call to prefix(_:) | string.swift:548:7:548:7 | SSA def(sub2) |
|
||||
| string.swift:549:13:549:13 | sub2 | string.swift:550:20:550:20 | sub2 |
|
||||
| string.swift:550:20:550:20 | sub2 | string.swift:550:13:550:24 | call to String.init(_:) |
|
||||
| string.swift:552:7:552:7 | SSA def(sub3) | string.swift:553:13:553:13 | sub3 |
|
||||
| string.swift:552:14:552:14 | [post] tainted | string.swift:552:38:552:38 | tainted |
|
||||
| string.swift:552:14:552:14 | tainted | string.swift:552:38:552:38 | tainted |
|
||||
@@ -1634,6 +1664,7 @@
|
||||
| string.swift:552:38:552:38 | [post] tainted | string.swift:556:14:556:14 | tainted |
|
||||
| string.swift:552:38:552:38 | tainted | string.swift:556:14:556:14 | tainted |
|
||||
| string.swift:553:13:553:13 | sub3 | string.swift:554:20:554:20 | sub3 |
|
||||
| string.swift:554:20:554:20 | sub3 | string.swift:554:13:554:24 | call to String.init(_:) |
|
||||
| string.swift:556:7:556:7 | SSA def(sub4) | string.swift:557:13:557:13 | sub4 |
|
||||
| string.swift:556:14:556:14 | [post] tainted | string.swift:556:35:556:35 | tainted |
|
||||
| string.swift:556:14:556:14 | tainted | string.swift:556:35:556:35 | tainted |
|
||||
@@ -1641,16 +1672,19 @@
|
||||
| string.swift:556:35:556:35 | [post] tainted | string.swift:560:14:560:14 | tainted |
|
||||
| string.swift:556:35:556:35 | tainted | string.swift:560:14:560:14 | tainted |
|
||||
| string.swift:557:13:557:13 | sub4 | string.swift:558:20:558:20 | sub4 |
|
||||
| string.swift:558:20:558:20 | sub4 | string.swift:558:13:558:24 | call to String.init(_:) |
|
||||
| string.swift:560:7:560:7 | SSA def(sub5) | string.swift:561:13:561:13 | sub5 |
|
||||
| string.swift:560:14:560:14 | [post] tainted | string.swift:564:14:564:14 | tainted |
|
||||
| string.swift:560:14:560:14 | tainted | string.swift:564:14:564:14 | tainted |
|
||||
| string.swift:560:14:560:31 | call to suffix(_:) | string.swift:560:7:560:7 | SSA def(sub5) |
|
||||
| string.swift:561:13:561:13 | sub5 | string.swift:562:20:562:20 | sub5 |
|
||||
| string.swift:562:20:562:20 | sub5 | string.swift:562:13:562:24 | call to String.init(_:) |
|
||||
| string.swift:564:7:564:7 | SSA def(sub6) | string.swift:565:13:565:13 | sub6 |
|
||||
| string.swift:564:14:564:14 | [post] tainted | string.swift:564:35:564:35 | tainted |
|
||||
| string.swift:564:14:564:14 | tainted | string.swift:564:35:564:35 | tainted |
|
||||
| string.swift:564:14:564:53 | call to suffix(from:) | string.swift:564:7:564:7 | SSA def(sub6) |
|
||||
| string.swift:565:13:565:13 | sub6 | string.swift:566:20:566:20 | sub6 |
|
||||
| string.swift:566:20:566:20 | sub6 | string.swift:566:13:566:24 | call to String.init(_:) |
|
||||
| string.swift:570:7:570:7 | SSA def(clean) | string.swift:573:13:573:13 | clean |
|
||||
| string.swift:570:15:570:26 | call to FilePath.init(_:) | string.swift:570:7:570:7 | SSA def(clean) |
|
||||
| string.swift:571:7:571:7 | SSA def(tainted) | string.swift:574:13:574:13 | tainted |
|
||||
@@ -1672,9 +1706,11 @@
|
||||
| string.swift:580:13:580:13 | [post] tainted | string.swift:582:30:582:30 | tainted |
|
||||
| string.swift:580:13:580:13 | tainted | string.swift:582:30:582:30 | tainted |
|
||||
| string.swift:582:30:582:30 | [post] tainted | string.swift:583:32:583:32 | tainted |
|
||||
| string.swift:582:30:582:30 | tainted | string.swift:582:13:582:37 | call to String.init(decoding:) |
|
||||
| string.swift:582:30:582:30 | tainted | string.swift:583:32:583:32 | tainted |
|
||||
| string.swift:583:13:583:39 | call to String.init(validating:) | string.swift:583:13:583:40 | ...! |
|
||||
| string.swift:583:32:583:32 | [post] tainted | string.swift:589:11:589:11 | tainted |
|
||||
| string.swift:583:32:583:32 | tainted | string.swift:583:13:583:39 | call to String.init(validating:) |
|
||||
| string.swift:583:32:583:32 | tainted | string.swift:589:11:589:11 | tainted |
|
||||
| string.swift:585:11:585:11 | [post] clean | string.swift:594:11:594:11 | clean |
|
||||
| string.swift:585:11:585:11 | clean | string.swift:594:11:594:11 | clean |
|
||||
@@ -1689,15 +1725,19 @@
|
||||
| string.swift:595:5:595:5 | SSA def(ptr) | string.swift:596:15:596:15 | ptr |
|
||||
| string.swift:595:5:595:5 | ptr | string.swift:595:5:595:5 | SSA def(ptr) |
|
||||
| string.swift:596:15:596:15 | ptr | string.swift:597:38:597:38 | ptr |
|
||||
| string.swift:597:38:597:38 | ptr | string.swift:597:15:597:41 | call to String.init(platformString:) |
|
||||
| string.swift:597:38:597:38 | ptr | string.swift:598:48:598:48 | ptr |
|
||||
| string.swift:598:15:598:51 | call to String.init(validatingPlatformString:) | string.swift:598:15:598:52 | ...! |
|
||||
| string.swift:598:48:598:48 | ptr | string.swift:598:15:598:51 | call to String.init(validatingPlatformString:) |
|
||||
| string.swift:600:11:600:11 | [post] tainted | string.swift:616:13:616:13 | tainted |
|
||||
| string.swift:600:11:600:11 | tainted | string.swift:616:13:616:13 | tainted |
|
||||
| string.swift:601:5:601:5 | SSA def(ptr) | string.swift:602:15:602:15 | ptr |
|
||||
| string.swift:601:5:601:5 | ptr | string.swift:601:5:601:5 | SSA def(ptr) |
|
||||
| string.swift:602:15:602:15 | ptr | string.swift:603:38:603:38 | ptr |
|
||||
| string.swift:603:38:603:38 | ptr | string.swift:603:15:603:41 | call to String.init(platformString:) |
|
||||
| string.swift:603:38:603:38 | ptr | string.swift:604:48:604:48 | ptr |
|
||||
| string.swift:604:15:604:51 | call to String.init(validatingPlatformString:) | string.swift:604:15:604:52 | ...! |
|
||||
| string.swift:604:48:604:48 | ptr | string.swift:604:15:604:51 | call to String.init(validatingPlatformString:) |
|
||||
| string.swift:607:7:607:7 | SSA def(fp1) | string.swift:608:13:608:13 | fp1 |
|
||||
| string.swift:607:13:607:24 | call to FilePath.init(_:) | string.swift:607:7:607:7 | SSA def(fp1) |
|
||||
| string.swift:608:13:608:13 | [post] fp1 | string.swift:609:3:609:3 | fp1 |
|
||||
@@ -1714,6 +1754,10 @@
|
||||
| string.swift:614:13:614:13 | clean | string.swift:615:13:615:13 | clean |
|
||||
| string.swift:616:13:616:13 | [post] tainted | string.swift:617:13:617:13 | tainted |
|
||||
| string.swift:616:13:616:13 | tainted | string.swift:617:13:617:13 | tainted |
|
||||
| string.swift:621:20:621:20 | 0 | string.swift:621:13:621:21 | call to String.init(_:) |
|
||||
| string.swift:622:20:622:27 | call to source() | string.swift:622:13:622:28 | call to String.init(_:) |
|
||||
| string.swift:625:32:625:32 | 0 | string.swift:625:13:625:33 | call to String.init(describing:) |
|
||||
| string.swift:626:32:626:39 | call to source() | string.swift:626:13:626:40 | call to String.init(describing:) |
|
||||
| string.swift:628:13:628:22 | call to Self.init(_:) | string.swift:628:13:628:23 | ...! |
|
||||
| string.swift:629:13:629:26 | call to Self.init(_:) | string.swift:629:13:629:27 | ...! |
|
||||
| string.swift:633:7:633:7 | SSA def(tainted) | string.swift:637:13:637:13 | tainted |
|
||||
|
||||
@@ -158,9 +158,14 @@ edges
|
||||
| data.swift:261:22:261:29 | call to source() : | data.swift:262:12:262:12 | dataTainted41 : |
|
||||
| data.swift:262:12:262:12 | dataTainted41 : | data.swift:64:2:64:72 | [summary param] this in trimmingPrefix(while:) : |
|
||||
| data.swift:262:12:262:12 | dataTainted41 : | data.swift:262:12:262:54 | call to trimmingPrefix(while:) |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(cString:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(cString:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(describing:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(describing:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(repeating:count:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(repeating:count:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: argument 0.parameter 0 in enumerateBytes(_:) : | nsdata.swift:110:9:110:9 | bytes : |
|
||||
| file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | url.swift:154:61:154:61 | data : |
|
||||
| nsdata.swift:22:9:22:9 | self : | file://:0:0:0:0 | .bytes : |
|
||||
@@ -303,6 +308,12 @@ edges
|
||||
| nsmutabledata.swift:48:33:48:40 | call to source() : | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
|
||||
| nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 : | nsmutabledata.swift:13:9:13:9 | self : |
|
||||
| nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 : | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
|
||||
| string.swift:60:2:60:54 | [summary param] 0 in String.init(data:encoding:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(data:encoding:) : |
|
||||
| string.swift:64:3:64:63 | [summary param] 0 in String.init(format:_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:_:) : |
|
||||
| string.swift:65:3:65:60 | [summary param] 0 in String.init(format:arguments:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:arguments:) : |
|
||||
| string.swift:66:3:66:75 | [summary param] 0 in String.init(format:locale:_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:_:) : |
|
||||
| string.swift:67:3:67:77 | [summary param] 0 in String.init(format:locale:arguments:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:arguments:) : |
|
||||
| string.swift:71:3:71:102 | [summary param] 0 in String.init(bytes:encoding:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(bytes:encoding:) : |
|
||||
| string.swift:98:8:98:8 | self : | string.swift:98:3:98:63 | self[return] : |
|
||||
| string.swift:99:8:99:8 | self : | string.swift:99:3:99:63 | self[return] : |
|
||||
| string.swift:100:8:100:8 | self : | string.swift:100:3:100:64 | self[return] : |
|
||||
@@ -323,6 +334,12 @@ edges
|
||||
| string.swift:156:17:156:25 | call to source2() : | string.swift:163:13:163:23 | ... .+(_:_:) ... |
|
||||
| string.swift:156:17:156:25 | call to source2() : | string.swift:164:13:164:23 | ... .+(_:_:) ... |
|
||||
| string.swift:156:17:156:25 | call to source2() : | string.swift:167:13:167:29 | ... .+(_:_:) ... |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:216:20:216:20 | tainted : |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:219:28:219:28 | tainted : |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:220:28:220:28 | tainted : |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:221:28:221:28 | tainted : |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:222:28:222:28 | tainted : |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:228:31:228:31 | tainted : |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:232:13:232:13 | tainted : |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:236:13:236:13 | tainted : |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:237:13:237:13 | tainted : |
|
||||
@@ -348,6 +365,21 @@ edges
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:292:13:292:21 | .decomposedStringWithCanonicalMapping |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:294:13:294:21 | .precomposedStringWithCompatibilityMapping |
|
||||
| string.swift:212:17:212:25 | call to source2() : | string.swift:296:13:296:44 | ...! |
|
||||
| string.swift:213:20:213:27 | call to source() : | string.swift:217:20:217:20 | taintedInt : |
|
||||
| string.swift:216:20:216:20 | tainted : | file://:0:0:0:0 | [summary param] 0 in String.init(_:) : |
|
||||
| string.swift:216:20:216:20 | tainted : | string.swift:216:13:216:27 | call to String.init(_:) |
|
||||
| string.swift:217:20:217:20 | taintedInt : | file://:0:0:0:0 | [summary param] 0 in String.init(_:) : |
|
||||
| string.swift:217:20:217:20 | taintedInt : | string.swift:217:13:217:30 | call to String.init(_:) |
|
||||
| string.swift:219:28:219:28 | tainted : | string.swift:64:3:64:63 | [summary param] 0 in String.init(format:_:) : |
|
||||
| string.swift:219:28:219:28 | tainted : | string.swift:219:13:219:44 | call to String.init(format:_:) |
|
||||
| string.swift:220:28:220:28 | tainted : | string.swift:65:3:65:60 | [summary param] 0 in String.init(format:arguments:) : |
|
||||
| string.swift:220:28:220:28 | tainted : | string.swift:220:13:220:50 | call to String.init(format:arguments:) |
|
||||
| string.swift:221:28:221:28 | tainted : | string.swift:66:3:66:75 | [summary param] 0 in String.init(format:locale:_:) : |
|
||||
| string.swift:221:28:221:28 | tainted : | string.swift:221:13:221:57 | call to String.init(format:locale:_:) |
|
||||
| string.swift:222:28:222:28 | tainted : | string.swift:67:3:67:77 | [summary param] 0 in String.init(format:locale:arguments:) : |
|
||||
| string.swift:222:28:222:28 | tainted : | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) |
|
||||
| string.swift:228:31:228:31 | tainted : | file://:0:0:0:0 | [summary param] 0 in String.init(repeating:count:) : |
|
||||
| string.swift:228:31:228:31 | tainted : | string.swift:228:13:228:48 | call to String.init(repeating:count:) |
|
||||
| string.swift:232:13:232:13 | [post] tainted : | string.swift:236:13:236:13 | tainted : |
|
||||
| string.swift:232:13:232:13 | [post] tainted : | string.swift:237:13:237:13 | tainted : |
|
||||
| string.swift:232:13:232:13 | [post] tainted : | string.swift:238:13:238:13 | tainted : |
|
||||
@@ -609,15 +641,29 @@ edges
|
||||
| string.swift:326:14:326:22 | call to source2() : | string.swift:329:13:329:13 | str5 |
|
||||
| string.swift:331:14:331:22 | call to source2() : | string.swift:332:13:332:13 | str6 |
|
||||
| string.swift:331:14:331:22 | call to source2() : | string.swift:334:13:334:13 | str6 |
|
||||
| string.swift:341:23:341:77 | call to String.init(data:encoding:) : | string.swift:344:12:344:25 | ...! |
|
||||
| string.swift:341:36:341:44 | call to source3() : | string.swift:60:2:60:54 | [summary param] 0 in String.init(data:encoding:) : |
|
||||
| string.swift:341:36:341:44 | call to source3() : | string.swift:341:23:341:77 | call to String.init(data:encoding:) : |
|
||||
| string.swift:347:30:347:38 | call to source3() : | file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) : |
|
||||
| string.swift:347:30:347:38 | call to source3() : | string.swift:347:13:347:54 | call to String.init(decoding:as:) |
|
||||
| string.swift:436:28:436:36 | call to source4() : | string.swift:456:27:456:27 | taintedUInt8Values : |
|
||||
| string.swift:436:28:436:36 | call to source4() : | string.swift:459:29:459:29 | taintedUInt8Values : |
|
||||
| string.swift:456:13:456:77 | call to String.init(bytes:encoding:) : | string.swift:456:13:456:78 | ...! |
|
||||
| string.swift:456:27:456:27 | taintedUInt8Values : | string.swift:71:3:71:102 | [summary param] 0 in String.init(bytes:encoding:) : |
|
||||
| string.swift:456:27:456:27 | taintedUInt8Values : | string.swift:456:13:456:77 | call to String.init(bytes:encoding:) : |
|
||||
| string.swift:459:29:459:29 | taintedUInt8Values : | file://:0:0:0:0 | [summary param] 0 in String.init(cString:) : |
|
||||
| string.swift:459:29:459:29 | taintedUInt8Values : | string.swift:459:13:459:47 | call to String.init(cString:) |
|
||||
| string.swift:492:37:492:45 | call to source5() : | string.swift:512:29:512:29 | taintedCCharValues : |
|
||||
| string.swift:512:29:512:29 | taintedCCharValues : | file://:0:0:0:0 | [summary param] 0 in String.init(cString:) : |
|
||||
| string.swift:512:29:512:29 | taintedCCharValues : | string.swift:512:13:512:47 | call to String.init(cString:) |
|
||||
| string.swift:540:17:540:25 | call to source2() : | string.swift:545:13:545:13 | sub1 |
|
||||
| string.swift:540:17:540:25 | call to source2() : | string.swift:546:20:546:20 | sub1 : |
|
||||
| string.swift:546:20:546:20 | sub1 : | file://:0:0:0:0 | [summary param] 0 in String.init(_:) : |
|
||||
| string.swift:546:20:546:20 | sub1 : | string.swift:546:13:546:24 | call to String.init(_:) |
|
||||
| string.swift:622:20:622:27 | call to source() : | file://:0:0:0:0 | [summary param] 0 in String.init(_:) : |
|
||||
| string.swift:622:20:622:27 | call to source() : | string.swift:622:13:622:28 | call to String.init(_:) |
|
||||
| string.swift:626:32:626:39 | call to source() : | file://:0:0:0:0 | [summary param] 0 in String.init(describing:) : |
|
||||
| string.swift:626:32:626:39 | call to source() : | string.swift:626:13:626:40 | call to String.init(describing:) |
|
||||
| subscript.swift:13:15:13:22 | call to source() : | subscript.swift:13:15:13:25 | ...[...] |
|
||||
| subscript.swift:14:15:14:23 | call to source2() : | subscript.swift:14:15:14:26 | ...[...] |
|
||||
| try.swift:9:17:9:24 | call to source() : | try.swift:9:13:9:24 | try ... |
|
||||
@@ -1078,9 +1124,14 @@ nodes
|
||||
| file://:0:0:0:0 | .url : | semmle.label | .url : |
|
||||
| file://:0:0:0:0 | .urlContexts : | semmle.label | .urlContexts : |
|
||||
| file://:0:0:0:0 | .userActivities : | semmle.label | .userActivities : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(_:) : | semmle.label | [summary param] 0 in String.init(_:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(_:) : | semmle.label | [summary param] 0 in String.init(_:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(_:) : | semmle.label | [summary param] 0 in String.init(_:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(cString:) : | semmle.label | [summary param] 0 in String.init(cString:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(cString:) : | semmle.label | [summary param] 0 in String.init(cString:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) : | semmle.label | [summary param] 0 in String.init(decoding:as:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(describing:) : | semmle.label | [summary param] 0 in String.init(describing:) : |
|
||||
| file://:0:0:0:0 | [summary param] 0 in String.init(repeating:count:) : | semmle.label | [summary param] 0 in String.init(repeating:count:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: argument 0 in copyBytes(to:) : | semmle.label | [summary] to write: argument 0 in copyBytes(to:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:) : | semmle.label | [summary] to write: argument 0 in getBytes(_:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:length:) : | semmle.label | [summary] to write: argument 0 in getBytes(_:length:) : |
|
||||
@@ -1138,9 +1189,20 @@ nodes
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in NSData.init(contentsOfFile:options:) : | semmle.label | [summary] to write: return (return) in NSData.init(contentsOfFile:options:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in NSData.init(contentsOfMappedFile:) : | semmle.label | [summary] to write: return (return) in NSData.init(contentsOfMappedFile:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in NSData.init(data:) : | semmle.label | [summary] to write: return (return) in NSData.init(data:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) : | semmle.label | [summary] to write: return (return) in String.init(_:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) : | semmle.label | [summary] to write: return (return) in String.init(_:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) : | semmle.label | [summary] to write: return (return) in String.init(_:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(bytes:encoding:) : | semmle.label | [summary] to write: return (return) in String.init(bytes:encoding:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) : | semmle.label | [summary] to write: return (return) in String.init(cString:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) : | semmle.label | [summary] to write: return (return) in String.init(cString:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(data:encoding:) : | semmle.label | [summary] to write: return (return) in String.init(data:encoding:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) : | semmle.label | [summary] to write: return (return) in String.init(decoding:as:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(describing:) : | semmle.label | [summary] to write: return (return) in String.init(describing:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:_:) : | semmle.label | [summary] to write: return (return) in String.init(format:_:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:arguments:) : | semmle.label | [summary] to write: return (return) in String.init(format:arguments:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:_:) : | semmle.label | [summary] to write: return (return) in String.init(format:locale:_:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:arguments:) : | semmle.label | [summary] to write: return (return) in String.init(format:locale:arguments:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(repeating:count:) : | semmle.label | [summary] to write: return (return) in String.init(repeating:count:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:) : | semmle.label | [summary] to write: return (return) in URL.init(string:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:relativeTo:) : | semmle.label | [summary] to write: return (return) in URL.init(string:relativeTo:) : |
|
||||
| file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:relativeTo:) : | semmle.label | [summary] to write: return (return) in URL.init(string:relativeTo:) : |
|
||||
@@ -1319,6 +1381,12 @@ nodes
|
||||
| nsmutabledata.swift:48:33:48:40 | call to source() : | semmle.label | call to source() : |
|
||||
| nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 : | semmle.label | nsMutableDataTainted6 : |
|
||||
| nsmutabledata.swift:49:15:49:37 | .mutableBytes | semmle.label | .mutableBytes |
|
||||
| string.swift:60:2:60:54 | [summary param] 0 in String.init(data:encoding:) : | semmle.label | [summary param] 0 in String.init(data:encoding:) : |
|
||||
| string.swift:64:3:64:63 | [summary param] 0 in String.init(format:_:) : | semmle.label | [summary param] 0 in String.init(format:_:) : |
|
||||
| string.swift:65:3:65:60 | [summary param] 0 in String.init(format:arguments:) : | semmle.label | [summary param] 0 in String.init(format:arguments:) : |
|
||||
| string.swift:66:3:66:75 | [summary param] 0 in String.init(format:locale:_:) : | semmle.label | [summary param] 0 in String.init(format:locale:_:) : |
|
||||
| string.swift:67:3:67:77 | [summary param] 0 in String.init(format:locale:arguments:) : | semmle.label | [summary param] 0 in String.init(format:locale:arguments:) : |
|
||||
| string.swift:71:3:71:102 | [summary param] 0 in String.init(bytes:encoding:) : | semmle.label | [summary param] 0 in String.init(bytes:encoding:) : |
|
||||
| string.swift:98:3:98:63 | self[return] : | semmle.label | self[return] : |
|
||||
| string.swift:98:8:98:8 | self : | semmle.label | self : |
|
||||
| string.swift:99:3:99:63 | self[return] : | semmle.label | self[return] : |
|
||||
@@ -1352,6 +1420,21 @@ nodes
|
||||
| string.swift:164:13:164:23 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
|
||||
| string.swift:167:13:167:29 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
|
||||
| string.swift:212:17:212:25 | call to source2() : | semmle.label | call to source2() : |
|
||||
| string.swift:213:20:213:27 | call to source() : | semmle.label | call to source() : |
|
||||
| string.swift:216:13:216:27 | call to String.init(_:) | semmle.label | call to String.init(_:) |
|
||||
| string.swift:216:20:216:20 | tainted : | semmle.label | tainted : |
|
||||
| string.swift:217:13:217:30 | call to String.init(_:) | semmle.label | call to String.init(_:) |
|
||||
| string.swift:217:20:217:20 | taintedInt : | semmle.label | taintedInt : |
|
||||
| string.swift:219:13:219:44 | call to String.init(format:_:) | semmle.label | call to String.init(format:_:) |
|
||||
| string.swift:219:28:219:28 | tainted : | semmle.label | tainted : |
|
||||
| string.swift:220:13:220:50 | call to String.init(format:arguments:) | semmle.label | call to String.init(format:arguments:) |
|
||||
| string.swift:220:28:220:28 | tainted : | semmle.label | tainted : |
|
||||
| string.swift:221:13:221:57 | call to String.init(format:locale:_:) | semmle.label | call to String.init(format:locale:_:) |
|
||||
| string.swift:221:28:221:28 | tainted : | semmle.label | tainted : |
|
||||
| string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) | semmle.label | call to String.init(format:locale:arguments:) |
|
||||
| string.swift:222:28:222:28 | tainted : | semmle.label | tainted : |
|
||||
| string.swift:228:13:228:48 | call to String.init(repeating:count:) | semmle.label | call to String.init(repeating:count:) |
|
||||
| string.swift:228:31:228:31 | tainted : | semmle.label | tainted : |
|
||||
| string.swift:232:13:232:13 | [post] tainted : | semmle.label | [post] tainted : |
|
||||
| string.swift:232:13:232:13 | tainted : | semmle.label | tainted : |
|
||||
| string.swift:236:13:236:13 | [post] tainted : | semmle.label | [post] tainted : |
|
||||
@@ -1410,9 +1493,15 @@ nodes
|
||||
| string.swift:331:14:331:22 | call to source2() : | semmle.label | call to source2() : |
|
||||
| string.swift:332:13:332:13 | str6 | semmle.label | str6 |
|
||||
| string.swift:334:13:334:13 | str6 | semmle.label | str6 |
|
||||
| string.swift:341:23:341:77 | call to String.init(data:encoding:) : | semmle.label | call to String.init(data:encoding:) : |
|
||||
| string.swift:341:36:341:44 | call to source3() : | semmle.label | call to source3() : |
|
||||
| string.swift:344:12:344:25 | ...! | semmle.label | ...! |
|
||||
| string.swift:347:13:347:54 | call to String.init(decoding:as:) | semmle.label | call to String.init(decoding:as:) |
|
||||
| string.swift:347:30:347:38 | call to source3() : | semmle.label | call to source3() : |
|
||||
| string.swift:436:28:436:36 | call to source4() : | semmle.label | call to source4() : |
|
||||
| string.swift:456:13:456:77 | call to String.init(bytes:encoding:) : | semmle.label | call to String.init(bytes:encoding:) : |
|
||||
| string.swift:456:13:456:78 | ...! | semmle.label | ...! |
|
||||
| string.swift:456:27:456:27 | taintedUInt8Values : | semmle.label | taintedUInt8Values : |
|
||||
| string.swift:459:13:459:47 | call to String.init(cString:) | semmle.label | call to String.init(cString:) |
|
||||
| string.swift:459:29:459:29 | taintedUInt8Values : | semmle.label | taintedUInt8Values : |
|
||||
| string.swift:492:37:492:45 | call to source5() : | semmle.label | call to source5() : |
|
||||
@@ -1421,6 +1510,12 @@ nodes
|
||||
| string.swift:540:17:540:25 | call to source2() : | semmle.label | call to source2() : |
|
||||
| string.swift:542:13:542:21 | call to source7() | semmle.label | call to source7() |
|
||||
| string.swift:545:13:545:13 | sub1 | semmle.label | sub1 |
|
||||
| string.swift:546:13:546:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
|
||||
| string.swift:546:20:546:20 | sub1 : | semmle.label | sub1 : |
|
||||
| string.swift:622:13:622:28 | call to String.init(_:) | semmle.label | call to String.init(_:) |
|
||||
| string.swift:622:20:622:27 | call to source() : | semmle.label | call to source() : |
|
||||
| string.swift:626:13:626:40 | call to String.init(describing:) | semmle.label | call to String.init(describing:) |
|
||||
| string.swift:626:32:626:39 | call to source() : | semmle.label | call to source() : |
|
||||
| subscript.swift:13:15:13:22 | call to source() : | semmle.label | call to source() : |
|
||||
| subscript.swift:13:15:13:25 | ...[...] | semmle.label | ...[...] |
|
||||
| subscript.swift:14:15:14:23 | call to source2() : | semmle.label | call to source2() : |
|
||||
@@ -1726,6 +1821,13 @@ subpaths
|
||||
| nsmutabledata.swift:40:66:40:73 | call to source() : | nsmutabledata.swift:17:5:17:121 | [summary param] 1 in replaceBytes(in:withBytes:length:) : | file://:0:0:0:0 | [summary] to write: argument this in replaceBytes(in:withBytes:length:) : | nsmutabledata.swift:40:5:40:5 | [post] nsMutableDataTainted4 : |
|
||||
| nsmutabledata.swift:44:35:44:42 | call to source() : | nsmutabledata.swift:18:5:18:33 | [summary param] 0 in setData(_:) : | file://:0:0:0:0 | [summary] to write: argument this in setData(_:) : | nsmutabledata.swift:44:5:44:5 | [post] nsMutableDataTainted5 : |
|
||||
| nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 : | nsmutabledata.swift:13:9:13:9 | self : | file://:0:0:0:0 | .mutableBytes : | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
|
||||
| string.swift:216:20:216:20 | tainted : | file://:0:0:0:0 | [summary param] 0 in String.init(_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) : | string.swift:216:13:216:27 | call to String.init(_:) |
|
||||
| string.swift:217:20:217:20 | taintedInt : | file://:0:0:0:0 | [summary param] 0 in String.init(_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) : | string.swift:217:13:217:30 | call to String.init(_:) |
|
||||
| string.swift:219:28:219:28 | tainted : | string.swift:64:3:64:63 | [summary param] 0 in String.init(format:_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:_:) : | string.swift:219:13:219:44 | call to String.init(format:_:) |
|
||||
| string.swift:220:28:220:28 | tainted : | string.swift:65:3:65:60 | [summary param] 0 in String.init(format:arguments:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:arguments:) : | string.swift:220:13:220:50 | call to String.init(format:arguments:) |
|
||||
| string.swift:221:28:221:28 | tainted : | string.swift:66:3:66:75 | [summary param] 0 in String.init(format:locale:_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:_:) : | string.swift:221:13:221:57 | call to String.init(format:locale:_:) |
|
||||
| string.swift:222:28:222:28 | tainted : | string.swift:67:3:67:77 | [summary param] 0 in String.init(format:locale:arguments:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:arguments:) : | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) |
|
||||
| string.swift:228:31:228:31 | tainted : | file://:0:0:0:0 | [summary param] 0 in String.init(repeating:count:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(repeating:count:) : | string.swift:228:13:228:48 | call to String.init(repeating:count:) |
|
||||
| string.swift:232:13:232:13 | tainted : | string.swift:101:8:101:8 | self : | string.swift:101:3:101:64 | self[return] : | string.swift:232:13:232:13 | [post] tainted : |
|
||||
| string.swift:236:13:236:13 | tainted : | string.swift:98:8:98:8 | self : | string.swift:98:3:98:63 | self[return] : | string.swift:236:13:236:13 | [post] tainted : |
|
||||
| string.swift:237:13:237:13 | tainted : | string.swift:99:8:99:8 | self : | string.swift:99:3:99:63 | self[return] : | string.swift:237:13:237:13 | [post] tainted : |
|
||||
@@ -1738,9 +1840,14 @@ subpaths
|
||||
| string.swift:250:13:250:13 | tainted : | string.swift:107:8:107:8 | self : | string.swift:107:3:107:78 | self[return] : | string.swift:250:13:250:13 | [post] tainted : |
|
||||
| string.swift:251:13:251:13 | tainted : | string.swift:107:8:107:8 | self : | string.swift:107:3:107:78 | self[return] : | string.swift:251:13:251:13 | [post] tainted : |
|
||||
| string.swift:258:13:258:13 | tainted : | string.swift:109:8:109:8 | self : | string.swift:109:3:109:79 | self[return] : | string.swift:258:13:258:13 | [post] tainted : |
|
||||
| string.swift:341:36:341:44 | call to source3() : | string.swift:60:2:60:54 | [summary param] 0 in String.init(data:encoding:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(data:encoding:) : | string.swift:341:23:341:77 | call to String.init(data:encoding:) : |
|
||||
| string.swift:347:30:347:38 | call to source3() : | file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) : | string.swift:347:13:347:54 | call to String.init(decoding:as:) |
|
||||
| string.swift:456:27:456:27 | taintedUInt8Values : | string.swift:71:3:71:102 | [summary param] 0 in String.init(bytes:encoding:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(bytes:encoding:) : | string.swift:456:13:456:77 | call to String.init(bytes:encoding:) : |
|
||||
| string.swift:459:29:459:29 | taintedUInt8Values : | file://:0:0:0:0 | [summary param] 0 in String.init(cString:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) : | string.swift:459:13:459:47 | call to String.init(cString:) |
|
||||
| string.swift:512:29:512:29 | taintedCCharValues : | file://:0:0:0:0 | [summary param] 0 in String.init(cString:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) : | string.swift:512:13:512:47 | call to String.init(cString:) |
|
||||
| string.swift:546:20:546:20 | sub1 : | file://:0:0:0:0 | [summary param] 0 in String.init(_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) : | string.swift:546:13:546:24 | call to String.init(_:) |
|
||||
| string.swift:622:20:622:27 | call to source() : | file://:0:0:0:0 | [summary param] 0 in String.init(_:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) : | string.swift:622:13:622:28 | call to String.init(_:) |
|
||||
| string.swift:626:32:626:39 | call to source() : | file://:0:0:0:0 | [summary param] 0 in String.init(describing:) : | file://:0:0:0:0 | [summary] to write: return (return) in String.init(describing:) : | string.swift:626:13:626:40 | call to String.init(describing:) |
|
||||
| ui.swift:55:10:55:10 | tainted : | ui.swift:16:9:16:9 | self : | file://:0:0:0:0 | .url : | ui.swift:55:10:55:18 | .url |
|
||||
| ui.swift:64:10:64:10 | tainted : | ui.swift:32:13:32:13 | self : | file://:0:0:0:0 | .userActivities : | ui.swift:64:10:64:18 | .userActivities |
|
||||
| ui.swift:68:10:68:10 | tainted : | ui.swift:34:13:34:13 | self : | file://:0:0:0:0 | .urlContexts : | ui.swift:68:10:68:18 | .urlContexts |
|
||||
@@ -1885,6 +1992,13 @@ subpaths
|
||||
| string.swift:163:13:163:23 | ... .+(_:_:) ... | string.swift:156:17:156:25 | call to source2() : | string.swift:163:13:163:23 | ... .+(_:_:) ... | result |
|
||||
| string.swift:164:13:164:23 | ... .+(_:_:) ... | string.swift:156:17:156:25 | call to source2() : | string.swift:164:13:164:23 | ... .+(_:_:) ... | result |
|
||||
| string.swift:167:13:167:29 | ... .+(_:_:) ... | string.swift:156:17:156:25 | call to source2() : | string.swift:167:13:167:29 | ... .+(_:_:) ... | result |
|
||||
| string.swift:216:13:216:27 | call to String.init(_:) | string.swift:212:17:212:25 | call to source2() : | string.swift:216:13:216:27 | call to String.init(_:) | result |
|
||||
| string.swift:217:13:217:30 | call to String.init(_:) | string.swift:213:20:213:27 | call to source() : | string.swift:217:13:217:30 | call to String.init(_:) | result |
|
||||
| string.swift:219:13:219:44 | call to String.init(format:_:) | string.swift:212:17:212:25 | call to source2() : | string.swift:219:13:219:44 | call to String.init(format:_:) | result |
|
||||
| string.swift:220:13:220:50 | call to String.init(format:arguments:) | string.swift:212:17:212:25 | call to source2() : | string.swift:220:13:220:50 | call to String.init(format:arguments:) | result |
|
||||
| string.swift:221:13:221:57 | call to String.init(format:locale:_:) | string.swift:212:17:212:25 | call to source2() : | string.swift:221:13:221:57 | call to String.init(format:locale:_:) | result |
|
||||
| string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) | string.swift:212:17:212:25 | call to source2() : | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) | result |
|
||||
| string.swift:228:13:228:48 | call to String.init(repeating:count:) | string.swift:212:17:212:25 | call to source2() : | string.swift:228:13:228:48 | call to String.init(repeating:count:) | result |
|
||||
| string.swift:270:13:270:21 | .description | string.swift:212:17:212:25 | call to source2() : | string.swift:270:13:270:21 | .description | result |
|
||||
| string.swift:272:13:272:21 | .debugDescription | string.swift:212:17:212:25 | call to source2() : | string.swift:272:13:272:21 | .debugDescription | result |
|
||||
| string.swift:274:13:274:21 | .utf8 | string.swift:212:17:212:25 | call to source2() : | string.swift:274:13:274:21 | .utf8 | result |
|
||||
@@ -1913,11 +2027,16 @@ subpaths
|
||||
| string.swift:329:13:329:13 | str5 | string.swift:326:14:326:22 | call to source2() : | string.swift:329:13:329:13 | str5 | result |
|
||||
| string.swift:332:13:332:13 | str6 | string.swift:331:14:331:22 | call to source2() : | string.swift:332:13:332:13 | str6 | result |
|
||||
| string.swift:334:13:334:13 | str6 | string.swift:331:14:331:22 | call to source2() : | string.swift:334:13:334:13 | str6 | result |
|
||||
| string.swift:344:12:344:25 | ...! | string.swift:341:36:341:44 | call to source3() : | string.swift:344:12:344:25 | ...! | result |
|
||||
| string.swift:347:13:347:54 | call to String.init(decoding:as:) | string.swift:347:30:347:38 | call to source3() : | string.swift:347:13:347:54 | call to String.init(decoding:as:) | result |
|
||||
| string.swift:456:13:456:78 | ...! | string.swift:436:28:436:36 | call to source4() : | string.swift:456:13:456:78 | ...! | result |
|
||||
| string.swift:459:13:459:47 | call to String.init(cString:) | string.swift:436:28:436:36 | call to source4() : | string.swift:459:13:459:47 | call to String.init(cString:) | result |
|
||||
| string.swift:512:13:512:47 | call to String.init(cString:) | string.swift:492:37:492:45 | call to source5() : | string.swift:512:13:512:47 | call to String.init(cString:) | result |
|
||||
| string.swift:542:13:542:21 | call to source7() | string.swift:542:13:542:21 | call to source7() | string.swift:542:13:542:21 | call to source7() | result |
|
||||
| string.swift:545:13:545:13 | sub1 | string.swift:540:17:540:25 | call to source2() : | string.swift:545:13:545:13 | sub1 | result |
|
||||
| string.swift:546:13:546:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() : | string.swift:546:13:546:24 | call to String.init(_:) | result |
|
||||
| string.swift:622:13:622:28 | call to String.init(_:) | string.swift:622:20:622:27 | call to source() : | string.swift:622:13:622:28 | call to String.init(_:) | result |
|
||||
| string.swift:626:13:626:40 | call to String.init(describing:) | string.swift:626:32:626:39 | call to source() : | string.swift:626:13:626:40 | call to String.init(describing:) | result |
|
||||
| subscript.swift:13:15:13:25 | ...[...] | subscript.swift:13:15:13:22 | call to source() : | subscript.swift:13:15:13:25 | ...[...] | result |
|
||||
| subscript.swift:14:15:14:26 | ...[...] | subscript.swift:14:15:14:23 | call to source2() : | subscript.swift:14:15:14:26 | ...[...] | result |
|
||||
| try.swift:9:13:9:24 | try ... | try.swift:9:17:9:24 | call to source() : | try.swift:9:13:9:24 | try ... | result |
|
||||
|
||||
@@ -213,19 +213,19 @@ func taintThroughSimpleStringOperations() {
|
||||
let taintedInt = source()
|
||||
|
||||
sink(arg: String(clean))
|
||||
sink(arg: String(tainted)) // $ MISSING: tainted=212
|
||||
sink(arg: String(taintedInt)) // $ MISSING: tainted=213
|
||||
sink(arg: String(tainted)) // $ tainted=212
|
||||
sink(arg: String(taintedInt)) // $ tainted=213
|
||||
|
||||
sink(arg: String(format: tainted, 1, 2, 3)) // $ MISSING: tainted=212
|
||||
sink(arg: String(format: tainted, arguments: [])) // $ MISSING: tainted=212
|
||||
sink(arg: String(format: tainted, locale: nil, 1, 2, 3)) // $ MISSING: tainted=212
|
||||
sink(arg: String(format: tainted, locale: nil, arguments: [])) // $ MISSING: tainted=212
|
||||
sink(arg: String(format: tainted, 1, 2, 3)) // $ tainted=212
|
||||
sink(arg: String(format: tainted, arguments: [])) // $ tainted=212
|
||||
sink(arg: String(format: tainted, locale: nil, 1, 2, 3)) // $ tainted=212
|
||||
sink(arg: String(format: tainted, locale: nil, arguments: [])) // $ tainted=212
|
||||
sink(arg: String.localizedStringWithFormat(tainted, 1, 2, 3)) // $ MISSING: tainted=212
|
||||
sink(arg: String(format: "%s", tainted)) // $ MISSING: tainted=212
|
||||
sink(arg: String(format: "%i %i %i", 1, 2, taintedInt)) // $ MISSING: tainted=213
|
||||
|
||||
sink(arg: String(repeating: clean, count: 2))
|
||||
sink(arg: String(repeating: tainted, count: 2)) // $ MISSING: tainted=212
|
||||
sink(arg: String(repeating: tainted, count: 2)) // $ tainted=212
|
||||
|
||||
sink(arg: tainted.dropFirst(10)) // $ MISSING: tainted=212
|
||||
sink(arg: tainted.dropLast(10)) // $ MISSING: tainted=212
|
||||
@@ -341,7 +341,7 @@ func taintThroughData() {
|
||||
let stringTainted = String(data: source3(), encoding: String.Encoding.utf8)
|
||||
|
||||
sink(arg: stringClean!)
|
||||
sink(arg: stringTainted!) // $ MISSING: tainted=341
|
||||
sink(arg: stringTainted!) // $ tainted=341
|
||||
|
||||
sink(arg: String(decoding: Data(""), as: UTF8.self))
|
||||
sink(arg: String(decoding: source3(), as: UTF8.self)) // $ tainted=347
|
||||
@@ -453,7 +453,7 @@ func taintFromUInt8Array() {
|
||||
))
|
||||
|
||||
sink(arg: String(bytes: cleanUInt8Values, encoding: String.Encoding.utf8)!)
|
||||
sink(arg: String(bytes: taintedUInt8Values, encoding: String.Encoding.utf8)!) // $ MISSING: tainted=436
|
||||
sink(arg: String(bytes: taintedUInt8Values, encoding: String.Encoding.utf8)!) // $ tainted=436
|
||||
|
||||
sink(arg: String(cString: cleanUInt8Values))
|
||||
sink(arg: String(cString: taintedUInt8Values)) // $ tainted=436
|
||||
@@ -543,7 +543,7 @@ func taintThroughSubstring() {
|
||||
|
||||
let sub1 = tainted[tainted.startIndex ..< tainted.endIndex]
|
||||
sink(arg: sub1) // $ tainted=540
|
||||
sink(arg: String(sub1)) // $ MISSING: tainted=540
|
||||
sink(arg: String(sub1)) // $ tainted=540
|
||||
|
||||
let sub2 = tainted.prefix(10)
|
||||
sink(arg: sub2) // $ MISSING: tainted=540
|
||||
@@ -619,11 +619,11 @@ func taintedThroughFilePath() {
|
||||
|
||||
func taintedThroughConversion() {
|
||||
sink(arg: String(0))
|
||||
sink(arg: String(source())) // $ MISSING: tainted=622
|
||||
sink(arg: String(source())) // $ tainted=622
|
||||
sink(arg: Int(0).description)
|
||||
sink(arg: source().description) // $ MISSING: tainted=624
|
||||
sink(arg: String(describing: 0))
|
||||
sink(arg: String(describing: source())) // $ MISSING: tainted=626
|
||||
sink(arg: String(describing: source())) // $ tainted=626
|
||||
|
||||
sink(arg: Int("123")!)
|
||||
sink(arg: Int(source2())!) // $ MISSING: tainted=629
|
||||
|
||||
Reference in New Issue
Block a user