hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add 'good' test cases

Browse Source
This commit is contained in:
Tony Torralba
2022-12-15 12:28:48 +01:00
parent 85b3092b16
commit 11c03fb8c9
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
swift/ql/test/query-tests/Security/CWE-946/predicateInjection.swift
View File

@@ -21,10 +21,18 @@ class NSPredicate {
func test() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
let safeString = "safe"
NSPredicate(format: remoteString, argumentArray: []) // $ hasPredicateInjection=23
NSPredicate(format: safeString, argumentArray: []) // Safe
NSPredicate(format: safeString, argumentArray: [remoteString]) // Safe
NSPredicate(format: remoteString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // $ hasPredicateInjection=23
NSPredicate(format: safeString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // Safe
NSPredicate(format: remoteString) // $ hasPredicateInjection=23
NSPredicate(format: safeString) // Safe
NSPredicate(format: remoteString, "" as! CVarArg) // $ hasPredicateInjection=23
NSPredicate(format: safeString, "" as! CVarArg) // Safe
NSPredicate(format: safeString, remoteString as! CVarArg) // Safe
NSPredicate(fromMetadataQueryString: remoteString) // $ hasPredicateInjection=23
NSPredicate(fromMetadataQueryString: safeString) // Safe
}