hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10774 from atorralba/atorralba/swift/url-field-summaries

Browse Source 
Swift: Add summaries for tainted URL fields
This commit is contained in:
Tony Torralba
2022-10-18 15:32:23 +02:00
committed by GitHub
parent 14f150c1f3 0eeaf71716
commit 1d745a6365
6 changed files with 416 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
swift/ql/lib/codeql/swift/dataflow/FlowSteps.qll Normal file
View File

@@ -0,0 +1,15 @@
import swift
private import codeql.swift.dataflow.DataFlow
/**
* A `Content` that should be implicitly regarded as tainted whenever an object with such `Content`
* is itself tainted.
*
* For example, if we had a type `class Container { var field: Contained }`, then by default a tainted
* `Container` and a `Container` with a tainted `Contained` stored in its `field` are distinct.
*
* If `any(DataFlow::FieldContent fc | fc.getField().hasQualifiedName("Container", "field"))` was
* included in this type however, then a tainted `Container` would imply that its `field` is also
* tainted (but not vice versa).
*/
abstract class TaintInheritingContent extends DataFlow::Content { }

7
swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
View File

@@ -2,6 +2,7 @@ private import swift
private import DataFlowPrivate
private import TaintTrackingPublic
private import codeql.swift.dataflow.DataFlow
private import codeql.swift.dataflow.FlowSteps
private import codeql.swift.dataflow.Ssa
private import codeql.swift.controlflow.CfgNodes
private import FlowSummaryImpl as FlowSummaryImpl
@@ -55,6 +56,12 @@ private module Cached {
se = nodeTo.asExpr()
)
or
// flow through the read of a content that inherits taint
exists(DataFlow::ContentSet f |
readStep(nodeFrom, f, nodeTo) and
f.getAReadContent() instanceof TaintInheritingContent
)
or
// flow through a flow summary (extension of `SummaryModelCsv`)
FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)
}

14
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll
View File

@@ -1,5 +1,19 @@
import swift
private import codeql.swift.dataflow.DataFlow
private import codeql.swift.dataflow.ExternalFlow
private import codeql.swift.dataflow.FlowSteps
/** The struct `URL`. */
class UrlDecl extends StructDecl {
UrlDecl() { this.getFullName() = "URL" }
}
/**
* A content implying that, if a `URL` is tainted, then all its fields are tainted.
*/
private class UriFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent {
UriFieldsInheritTaint() { this.getField().getEnclosingDecl() instanceof UrlDecl }
}
/**
* A model for `URL` members that are sources of remote flow.

36
swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
View File

@@ -125,3 +125,39 @@
| string.swift:39:29:39:29 | < | string.swift:39:13:39:29 | ... .+(_:_:) ... |
| subscript.swift:13:10:13:17 | call to source() | subscript.swift:13:10:13:20 | ...[...] |
| subscript.swift:14:10:14:18 | call to source2() | subscript.swift:14:10:14:21 | ...[...] |
| url.swift:64:12:64:12 | urlTainted | url.swift:64:12:64:23 | .absoluteURL |
| url.swift:65:12:65:12 | urlTainted | url.swift:65:12:65:23 | .baseURL |
| url.swift:66:15:66:15 | urlTainted | url.swift:66:15:66:26 | .fragment |
| url.swift:67:15:67:15 | urlTainted | url.swift:67:15:67:26 | .host |
| url.swift:68:15:68:15 | urlTainted | url.swift:68:15:68:26 | .lastPathComponent |
| url.swift:69:15:69:15 | urlTainted | url.swift:69:15:69:26 | .path |
| url.swift:70:15:70:15 | urlTainted | url.swift:70:15:70:26 | .pathComponents |
| url.swift:70:15:70:26 | .pathComponents | url.swift:70:15:70:42 | ...[...] |
| url.swift:71:15:71:15 | urlTainted | url.swift:71:15:71:26 | .pathExtension |
| url.swift:72:12:72:12 | urlTainted | url.swift:72:12:72:23 | .port |
| url.swift:73:15:73:15 | urlTainted | url.swift:73:15:73:26 | .query |
| url.swift:74:15:74:15 | urlTainted | url.swift:74:15:74:26 | .relativePath |
| url.swift:75:15:75:15 | urlTainted | url.swift:75:15:75:26 | .relativeString |
| url.swift:76:15:76:15 | urlTainted | url.swift:76:15:76:26 | .scheme |
| url.swift:77:12:77:12 | urlTainted | url.swift:77:12:77:23 | .standardized |
| url.swift:78:12:78:12 | urlTainted | url.swift:78:12:78:23 | .standardizedFileURL |
| url.swift:79:15:79:15 | urlTainted | url.swift:79:15:79:26 | .user |
| url.swift:80:15:80:15 | urlTainted | url.swift:80:15:80:26 | .password |
| url.swift:86:12:86:54 | ...! | url.swift:86:12:86:56 | .absoluteURL |
| url.swift:87:12:87:54 | ...! | url.swift:87:12:87:56 | .baseURL |
| url.swift:88:15:88:57 | ...! | url.swift:88:15:88:59 | .fragment |
| url.swift:89:15:89:57 | ...! | url.swift:89:15:89:59 | .host |
| url.swift:90:15:90:57 | ...! | url.swift:90:15:90:59 | .lastPathComponent |
| url.swift:91:15:91:57 | ...! | url.swift:91:15:91:59 | .path |
| url.swift:92:15:92:57 | ...! | url.swift:92:15:92:59 | .pathComponents |
| url.swift:92:15:92:59 | .pathComponents | url.swift:92:15:92:75 | ...[...] |
| url.swift:93:15:93:57 | ...! | url.swift:93:15:93:59 | .pathExtension |
| url.swift:94:12:94:54 | ...! | url.swift:94:12:94:56 | .port |
| url.swift:95:15:95:57 | ...! | url.swift:95:15:95:59 | .query |
| url.swift:96:15:96:57 | ...! | url.swift:96:15:96:59 | .relativePath |
| url.swift:97:15:97:57 | ...! | url.swift:97:15:97:59 | .relativeString |
| url.swift:98:15:98:57 | ...! | url.swift:98:15:98:59 | .scheme |
| url.swift:99:12:99:54 | ...! | url.swift:99:12:99:56 | .standardized |
| url.swift:100:12:100:54 | ...! | url.swift:100:12:100:56 | .standardizedFileURL |
| url.swift:101:15:101:57 | ...! | url.swift:101:15:101:59 | .user |
| url.swift:102:15:102:57 | ...! | url.swift:102:15:102:59 | .password |

343
swift/ql/test/library-tests/dataflow/taint/Taint.expected
View File

@@ -1,5 +1,5 @@
edges
| file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | url.swift:67:61:67:61 | data : |
| file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | url.swift:120:61:120:61 | data : |
| string.swift:5:11:5:18 | call to source() : | string.swift:7:13:7:13 | "..." |
| string.swift:5:11:5:18 | call to source() : | string.swift:9:13:9:13 | "..." |
| string.swift:5:11:5:18 | call to source() : | string.swift:11:13:11:13 | "..." |
@@ -21,32 +21,129 @@ edges
| url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : |
| url.swift:9:8:9:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : |
| url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : |
| url.swift:26:2:29:55 | [summary param] 0 in dataTask(with:completionHandler:) : | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : |
| url.swift:27:5:27:15 | url : | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : |
| url.swift:39:16:39:23 | call to source() : | url.swift:41:31:41:31 | tainted : |
| url.swift:39:16:39:23 | call to source() : | url.swift:47:24:47:24 | tainted : |
| url.swift:39:16:39:23 | call to source() : | url.swift:64:28:64:28 | tainted : |
| url.swift:41:19:41:38 | call to init(string:) : | url.swift:44:12:44:12 | urlTainted |
| url.swift:41:19:41:38 | call to init(string:) : | url.swift:49:43:49:43 | urlTainted : |
| url.swift:41:19:41:38 | call to init(string:) : | url.swift:67:46:67:46 | urlTainted : |
| url.swift:41:31:41:31 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : |
| url.swift:41:31:41:31 | tainted : | url.swift:8:8:8:16 | string : |
| url.swift:41:31:41:31 | tainted : | url.swift:41:19:41:38 | call to init(string:) : |
| url.swift:47:12:47:48 | call to init(string:relativeTo:) : | url.swift:47:12:47:49 | ...! |
| url.swift:47:24:47:24 | tainted : | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) : |
| url.swift:47:24:47:24 | tainted : | url.swift:9:8:9:16 | string : |
| url.swift:47:24:47:24 | tainted : | url.swift:47:12:47:48 | call to init(string:relativeTo:) : |
| url.swift:49:12:49:53 | call to init(string:relativeTo:) : | url.swift:49:12:49:54 | ...! |
| url.swift:49:43:49:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:49:43:49:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:49:43:49:43 | urlTainted : | url.swift:49:12:49:53 | call to init(string:relativeTo:) : |
| url.swift:64:16:64:35 | call to init(string:) : | url.swift:65:12:65:12 | ...! |
| url.swift:64:28:64:28 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : |
| url.swift:64:28:64:28 | tainted : | url.swift:8:8:8:16 | string : |
| url.swift:64:28:64:28 | tainted : | url.swift:64:16:64:35 | call to init(string:) : |
| url.swift:67:46:67:46 | urlTainted : | url.swift:26:2:29:55 | [summary param] 0 in dataTask(with:completionHandler:) : |
| url.swift:67:46:67:46 | urlTainted : | url.swift:27:5:27:15 | url : |
| url.swift:67:61:67:61 | data : | url.swift:68:15:68:19 | ...! |
| url.swift:43:2:46:55 | [summary param] 0 in dataTask(with:completionHandler:) : | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : |
| url.swift:44:5:44:15 | url : | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : |
| url.swift:57:16:57:23 | call to source() : | url.swift:59:31:59:31 | tainted : |
| url.swift:57:16:57:23 | call to source() : | url.swift:83:24:83:24 | tainted : |
| url.swift:57:16:57:23 | call to source() : | url.swift:117:28:117:28 | tainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:62:12:62:12 | urlTainted |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:64:12:64:23 | .absoluteURL |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:65:12:65:23 | .baseURL |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:66:15:66:34 | ...! |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:67:15:67:30 | ...! |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:68:15:68:26 | .lastPathComponent |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:69:15:69:26 | .path |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:70:15:70:42 | ...[...] |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:71:15:71:26 | .pathExtension |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:72:12:72:27 | ...! |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:73:15:73:31 | ...! |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:74:15:74:26 | .relativePath |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:75:15:75:26 | .relativeString |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:76:15:76:32 | ...! |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:77:12:77:23 | .standardized |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:78:12:78:23 | .standardizedFileURL |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:79:15:79:30 | ...! |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:80:15:80:34 | ...! |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:86:43:86:43 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:87:43:87:43 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:88:46:88:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:89:46:89:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:90:46:90:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:91:46:91:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:92:46:92:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:93:46:93:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:94:43:94:43 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:95:46:95:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:96:46:96:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:97:46:97:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:98:46:98:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:99:43:99:43 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:100:43:100:43 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:101:46:101:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:102:46:102:46 | urlTainted : |
| url.swift:59:19:59:38 | call to init(string:) : | url.swift:120:46:120:46 | urlTainted : |
| url.swift:59:31:59:31 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : |
| url.swift:59:31:59:31 | tainted : | url.swift:8:8:8:16 | string : |
| url.swift:59:31:59:31 | tainted : | url.swift:59:19:59:38 | call to init(string:) : |
| url.swift:83:12:83:48 | call to init(string:relativeTo:) : | url.swift:83:12:83:49 | ...! |
| url.swift:83:24:83:24 | tainted : | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) : |
| url.swift:83:24:83:24 | tainted : | url.swift:9:8:9:16 | string : |
| url.swift:83:24:83:24 | tainted : | url.swift:83:12:83:48 | call to init(string:relativeTo:) : |
| url.swift:86:12:86:53 | call to init(string:relativeTo:) : | url.swift:86:12:86:56 | .absoluteURL |
| url.swift:86:43:86:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:86:43:86:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:86:43:86:43 | urlTainted : | url.swift:86:12:86:53 | call to init(string:relativeTo:) : |
| url.swift:87:12:87:53 | call to init(string:relativeTo:) : | url.swift:87:12:87:56 | .baseURL |
| url.swift:87:43:87:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:87:43:87:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:87:43:87:43 | urlTainted : | url.swift:87:12:87:53 | call to init(string:relativeTo:) : |
| url.swift:88:15:88:56 | call to init(string:relativeTo:) : | url.swift:88:15:88:67 | ...! |
| url.swift:88:46:88:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:88:46:88:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:88:46:88:46 | urlTainted : | url.swift:88:15:88:56 | call to init(string:relativeTo:) : |
| url.swift:89:15:89:56 | call to init(string:relativeTo:) : | url.swift:89:15:89:63 | ...! |
| url.swift:89:46:89:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:89:46:89:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:89:46:89:46 | urlTainted : | url.swift:89:15:89:56 | call to init(string:relativeTo:) : |
| url.swift:90:15:90:56 | call to init(string:relativeTo:) : | url.swift:90:15:90:59 | .lastPathComponent |
| url.swift:90:46:90:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:90:46:90:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:90:46:90:46 | urlTainted : | url.swift:90:15:90:56 | call to init(string:relativeTo:) : |
| url.swift:91:15:91:56 | call to init(string:relativeTo:) : | url.swift:91:15:91:59 | .path |
| url.swift:91:46:91:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:91:46:91:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:91:46:91:46 | urlTainted : | url.swift:91:15:91:56 | call to init(string:relativeTo:) : |
| url.swift:92:15:92:56 | call to init(string:relativeTo:) : | url.swift:92:15:92:75 | ...[...] |
| url.swift:92:46:92:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:92:46:92:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:92:46:92:46 | urlTainted : | url.swift:92:15:92:56 | call to init(string:relativeTo:) : |
| url.swift:93:15:93:56 | call to init(string:relativeTo:) : | url.swift:93:15:93:59 | .pathExtension |
| url.swift:93:46:93:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:93:46:93:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:93:46:93:46 | urlTainted : | url.swift:93:15:93:56 | call to init(string:relativeTo:) : |
| url.swift:94:12:94:53 | call to init(string:relativeTo:) : | url.swift:94:12:94:60 | ...! |
| url.swift:94:43:94:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:94:43:94:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:94:43:94:43 | urlTainted : | url.swift:94:12:94:53 | call to init(string:relativeTo:) : |
| url.swift:95:15:95:56 | call to init(string:relativeTo:) : | url.swift:95:15:95:64 | ...! |
| url.swift:95:46:95:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:95:46:95:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:95:46:95:46 | urlTainted : | url.swift:95:15:95:56 | call to init(string:relativeTo:) : |
| url.swift:96:15:96:56 | call to init(string:relativeTo:) : | url.swift:96:15:96:59 | .relativePath |
| url.swift:96:46:96:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:96:46:96:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:96:46:96:46 | urlTainted : | url.swift:96:15:96:56 | call to init(string:relativeTo:) : |
| url.swift:97:15:97:56 | call to init(string:relativeTo:) : | url.swift:97:15:97:59 | .relativeString |
| url.swift:97:46:97:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:97:46:97:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:97:46:97:46 | urlTainted : | url.swift:97:15:97:56 | call to init(string:relativeTo:) : |
| url.swift:98:15:98:56 | call to init(string:relativeTo:) : | url.swift:98:15:98:65 | ...! |
| url.swift:98:46:98:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:98:46:98:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:98:46:98:46 | urlTainted : | url.swift:98:15:98:56 | call to init(string:relativeTo:) : |
| url.swift:99:12:99:53 | call to init(string:relativeTo:) : | url.swift:99:12:99:56 | .standardized |
| url.swift:99:43:99:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:99:43:99:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:99:43:99:43 | urlTainted : | url.swift:99:12:99:53 | call to init(string:relativeTo:) : |
| url.swift:100:12:100:53 | call to init(string:relativeTo:) : | url.swift:100:12:100:56 | .standardizedFileURL |
| url.swift:100:43:100:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:100:43:100:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:100:43:100:43 | urlTainted : | url.swift:100:12:100:53 | call to init(string:relativeTo:) : |
| url.swift:101:15:101:56 | call to init(string:relativeTo:) : | url.swift:101:15:101:63 | ...! |
| url.swift:101:46:101:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:101:46:101:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:101:46:101:46 | urlTainted : | url.swift:101:15:101:56 | call to init(string:relativeTo:) : |
| url.swift:102:15:102:56 | call to init(string:relativeTo:) : | url.swift:102:15:102:67 | ...! |
| url.swift:102:46:102:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:102:46:102:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : |
| url.swift:102:46:102:46 | urlTainted : | url.swift:102:15:102:56 | call to init(string:relativeTo:) : |
| url.swift:117:16:117:35 | call to init(string:) : | url.swift:118:12:118:12 | ...! |
| url.swift:117:28:117:28 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : |
| url.swift:117:28:117:28 | tainted : | url.swift:8:8:8:16 | string : |
| url.swift:117:28:117:28 | tainted : | url.swift:117:16:117:35 | call to init(string:) : |
| url.swift:120:46:120:46 | urlTainted : | url.swift:43:2:46:55 | [summary param] 0 in dataTask(with:completionHandler:) : |
| url.swift:120:46:120:46 | urlTainted : | url.swift:44:5:44:15 | url : |
| url.swift:120:61:120:61 | data : | url.swift:121:15:121:19 | ...! |
nodes
| file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : | semmle.label | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) : |
| file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | semmle.label | [summary] to write: return (return) in init(string:) : |
@@ -83,33 +180,130 @@ nodes
| url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | semmle.label | [summary param] 1 in init(string:relativeTo:) : |
| url.swift:9:8:9:16 | string : | semmle.label | string : |
| url.swift:9:24:9:39 | relativeTo : | semmle.label | relativeTo : |
| url.swift:26:2:29:55 | [summary param] 0 in dataTask(with:completionHandler:) : | semmle.label | [summary param] 0 in dataTask(with:completionHandler:) : |
| url.swift:27:5:27:15 | url : | semmle.label | url : |
| url.swift:39:16:39:23 | call to source() : | semmle.label | call to source() : |
| url.swift:41:19:41:38 | call to init(string:) : | semmle.label | call to init(string:) : |
| url.swift:41:31:41:31 | tainted : | semmle.label | tainted : |
| url.swift:44:12:44:12 | urlTainted | semmle.label | urlTainted |
| url.swift:47:12:47:48 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:47:12:47:49 | ...! | semmle.label | ...! |
| url.swift:47:24:47:24 | tainted : | semmle.label | tainted : |
| url.swift:49:12:49:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:49:12:49:54 | ...! | semmle.label | ...! |
| url.swift:49:43:49:43 | urlTainted : | semmle.label | urlTainted : |
| url.swift:64:16:64:35 | call to init(string:) : | semmle.label | call to init(string:) : |
| url.swift:64:28:64:28 | tainted : | semmle.label | tainted : |
| url.swift:65:12:65:12 | ...! | semmle.label | ...! |
| url.swift:67:46:67:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:67:61:67:61 | data : | semmle.label | data : |
| url.swift:68:15:68:19 | ...! | semmle.label | ...! |
| url.swift:43:2:46:55 | [summary param] 0 in dataTask(with:completionHandler:) : | semmle.label | [summary param] 0 in dataTask(with:completionHandler:) : |
| url.swift:44:5:44:15 | url : | semmle.label | url : |
| url.swift:57:16:57:23 | call to source() : | semmle.label | call to source() : |
| url.swift:59:19:59:38 | call to init(string:) : | semmle.label | call to init(string:) : |
| url.swift:59:31:59:31 | tainted : | semmle.label | tainted : |
| url.swift:62:12:62:12 | urlTainted | semmle.label | urlTainted |
| url.swift:64:12:64:23 | .absoluteURL | semmle.label | .absoluteURL |
| url.swift:65:12:65:23 | .baseURL | semmle.label | .baseURL |
| url.swift:66:15:66:34 | ...! | semmle.label | ...! |
| url.swift:67:15:67:30 | ...! | semmle.label | ...! |
| url.swift:68:15:68:26 | .lastPathComponent | semmle.label | .lastPathComponent |
| url.swift:69:15:69:26 | .path | semmle.label | .path |
| url.swift:70:15:70:42 | ...[...] | semmle.label | ...[...] |
| url.swift:71:15:71:26 | .pathExtension | semmle.label | .pathExtension |
| url.swift:72:12:72:27 | ...! | semmle.label | ...! |
| url.swift:73:15:73:31 | ...! | semmle.label | ...! |
| url.swift:74:15:74:26 | .relativePath | semmle.label | .relativePath |
| url.swift:75:15:75:26 | .relativeString | semmle.label | .relativeString |
| url.swift:76:15:76:32 | ...! | semmle.label | ...! |
| url.swift:77:12:77:23 | .standardized | semmle.label | .standardized |
| url.swift:78:12:78:23 | .standardizedFileURL | semmle.label | .standardizedFileURL |
| url.swift:79:15:79:30 | ...! | semmle.label | ...! |
| url.swift:80:15:80:34 | ...! | semmle.label | ...! |
| url.swift:83:12:83:48 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:83:12:83:49 | ...! | semmle.label | ...! |
| url.swift:83:24:83:24 | tainted : | semmle.label | tainted : |
| url.swift:86:12:86:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:86:12:86:56 | .absoluteURL | semmle.label | .absoluteURL |
| url.swift:86:43:86:43 | urlTainted : | semmle.label | urlTainted : |
| url.swift:87:12:87:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:87:12:87:56 | .baseURL | semmle.label | .baseURL |
| url.swift:87:43:87:43 | urlTainted : | semmle.label | urlTainted : |
| url.swift:88:15:88:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:88:15:88:67 | ...! | semmle.label | ...! |
| url.swift:88:46:88:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:89:15:89:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:89:15:89:63 | ...! | semmle.label | ...! |
| url.swift:89:46:89:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:90:15:90:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:90:15:90:59 | .lastPathComponent | semmle.label | .lastPathComponent |
| url.swift:90:46:90:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:91:15:91:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:91:15:91:59 | .path | semmle.label | .path |
| url.swift:91:46:91:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:92:15:92:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:92:15:92:75 | ...[...] | semmle.label | ...[...] |
| url.swift:92:46:92:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:93:15:93:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:93:15:93:59 | .pathExtension | semmle.label | .pathExtension |
| url.swift:93:46:93:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:94:12:94:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:94:12:94:60 | ...! | semmle.label | ...! |
| url.swift:94:43:94:43 | urlTainted : | semmle.label | urlTainted : |
| url.swift:95:15:95:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:95:15:95:64 | ...! | semmle.label | ...! |
| url.swift:95:46:95:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:96:15:96:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:96:15:96:59 | .relativePath | semmle.label | .relativePath |
| url.swift:96:46:96:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:97:15:97:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:97:15:97:59 | .relativeString | semmle.label | .relativeString |
| url.swift:97:46:97:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:98:15:98:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:98:15:98:65 | ...! | semmle.label | ...! |
| url.swift:98:46:98:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:99:12:99:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:99:12:99:56 | .standardized | semmle.label | .standardized |
| url.swift:99:43:99:43 | urlTainted : | semmle.label | urlTainted : |
| url.swift:100:12:100:53 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:100:12:100:56 | .standardizedFileURL | semmle.label | .standardizedFileURL |
| url.swift:100:43:100:43 | urlTainted : | semmle.label | urlTainted : |
| url.swift:101:15:101:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:101:15:101:63 | ...! | semmle.label | ...! |
| url.swift:101:46:101:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:102:15:102:56 | call to init(string:relativeTo:) : | semmle.label | call to init(string:relativeTo:) : |
| url.swift:102:15:102:67 | ...! | semmle.label | ...! |
| url.swift:102:46:102:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:117:16:117:35 | call to init(string:) : | semmle.label | call to init(string:) : |
| url.swift:117:28:117:28 | tainted : | semmle.label | tainted : |
| url.swift:118:12:118:12 | ...! | semmle.label | ...! |
| url.swift:120:46:120:46 | urlTainted : | semmle.label | urlTainted : |
| url.swift:120:61:120:61 | data : | semmle.label | data : |
| url.swift:121:15:121:19 | ...! | semmle.label | ...! |
subpaths
| url.swift:41:31:41:31 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:41:19:41:38 | call to init(string:) : |
| url.swift:41:31:41:31 | tainted : | url.swift:8:8:8:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:41:19:41:38 | call to init(string:) : |
| url.swift:47:24:47:24 | tainted : | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:47:12:47:48 | call to init(string:relativeTo:) : |
| url.swift:47:24:47:24 | tainted : | url.swift:9:8:9:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:47:12:47:48 | call to init(string:relativeTo:) : |
| url.swift:49:43:49:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:49:12:49:53 | call to init(string:relativeTo:) : |
| url.swift:49:43:49:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:49:12:49:53 | call to init(string:relativeTo:) : |
| url.swift:64:28:64:28 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:64:16:64:35 | call to init(string:) : |
| url.swift:64:28:64:28 | tainted : | url.swift:8:8:8:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:64:16:64:35 | call to init(string:) : |
| url.swift:59:31:59:31 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:59:19:59:38 | call to init(string:) : |
| url.swift:59:31:59:31 | tainted : | url.swift:8:8:8:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:59:19:59:38 | call to init(string:) : |
| url.swift:83:24:83:24 | tainted : | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:83:12:83:48 | call to init(string:relativeTo:) : |
| url.swift:83:24:83:24 | tainted : | url.swift:9:8:9:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:83:12:83:48 | call to init(string:relativeTo:) : |
| url.swift:86:43:86:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:86:12:86:53 | call to init(string:relativeTo:) : |
| url.swift:86:43:86:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:86:12:86:53 | call to init(string:relativeTo:) : |
| url.swift:87:43:87:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:87:12:87:53 | call to init(string:relativeTo:) : |
| url.swift:87:43:87:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:87:12:87:53 | call to init(string:relativeTo:) : |
| url.swift:88:46:88:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:88:15:88:56 | call to init(string:relativeTo:) : |
| url.swift:88:46:88:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:88:15:88:56 | call to init(string:relativeTo:) : |
| url.swift:89:46:89:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:89:15:89:56 | call to init(string:relativeTo:) : |
| url.swift:89:46:89:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:89:15:89:56 | call to init(string:relativeTo:) : |
| url.swift:90:46:90:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:90:15:90:56 | call to init(string:relativeTo:) : |
| url.swift:90:46:90:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:90:15:90:56 | call to init(string:relativeTo:) : |
| url.swift:91:46:91:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:91:15:91:56 | call to init(string:relativeTo:) : |
| url.swift:91:46:91:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:91:15:91:56 | call to init(string:relativeTo:) : |
| url.swift:92:46:92:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:92:15:92:56 | call to init(string:relativeTo:) : |
| url.swift:92:46:92:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:92:15:92:56 | call to init(string:relativeTo:) : |
| url.swift:93:46:93:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:93:15:93:56 | call to init(string:relativeTo:) : |
| url.swift:93:46:93:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:93:15:93:56 | call to init(string:relativeTo:) : |
| url.swift:94:43:94:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:94:12:94:53 | call to init(string:relativeTo:) : |
| url.swift:94:43:94:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:94:12:94:53 | call to init(string:relativeTo:) : |
| url.swift:95:46:95:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:95:15:95:56 | call to init(string:relativeTo:) : |
| url.swift:95:46:95:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:95:15:95:56 | call to init(string:relativeTo:) : |
| url.swift:96:46:96:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:96:15:96:56 | call to init(string:relativeTo:) : |
| url.swift:96:46:96:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:96:15:96:56 | call to init(string:relativeTo:) : |
| url.swift:97:46:97:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:97:15:97:56 | call to init(string:relativeTo:) : |
| url.swift:97:46:97:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:97:15:97:56 | call to init(string:relativeTo:) : |
| url.swift:98:46:98:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:98:15:98:56 | call to init(string:relativeTo:) : |
| url.swift:98:46:98:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:98:15:98:56 | call to init(string:relativeTo:) : |
| url.swift:99:43:99:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:99:12:99:53 | call to init(string:relativeTo:) : |
| url.swift:99:43:99:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:99:12:99:53 | call to init(string:relativeTo:) : |
| url.swift:100:43:100:43 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:100:12:100:53 | call to init(string:relativeTo:) : |
| url.swift:100:43:100:43 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:100:12:100:53 | call to init(string:relativeTo:) : |
| url.swift:101:46:101:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:101:15:101:56 | call to init(string:relativeTo:) : |
| url.swift:101:46:101:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:101:15:101:56 | call to init(string:relativeTo:) : |
| url.swift:102:46:102:46 | urlTainted : | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:102:15:102:56 | call to init(string:relativeTo:) : |
| url.swift:102:46:102:46 | urlTainted : | url.swift:9:24:9:39 | relativeTo : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | url.swift:102:15:102:56 | call to init(string:relativeTo:) : |
| url.swift:117:28:117:28 | tainted : | url.swift:8:2:8:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:117:16:117:35 | call to init(string:) : |
| url.swift:117:28:117:28 | tainted : | url.swift:8:8:8:16 | string : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | url.swift:117:16:117:35 | call to init(string:) : |
#select
| string.swift:7:13:7:13 | "..." | string.swift:5:11:5:18 | call to source() : | string.swift:7:13:7:13 | "..." | result |
| string.swift:9:13:9:13 | "..." | string.swift:5:11:5:18 | call to source() : | string.swift:9:13:9:13 | "..." | result |
@@ -126,8 +320,41 @@ subpaths
| try.swift:9:13:9:24 | try ... | try.swift:9:17:9:24 | call to source() : | try.swift:9:13:9:24 | try ... | result |
| try.swift:15:12:15:24 | try! ... | try.swift:15:17:15:24 | call to source() : | try.swift:15:12:15:24 | try! ... | result |
| try.swift:18:12:18:27 | ...! | try.swift:18:18:18:25 | call to source() : | try.swift:18:12:18:27 | ...! | result |
| url.swift:44:12:44:12 | urlTainted | url.swift:39:16:39:23 | call to source() : | url.swift:44:12:44:12 | urlTainted | result |
| url.swift:47:12:47:49 | ...! | url.swift:39:16:39:23 | call to source() : | url.swift:47:12:47:49 | ...! | result |
| url.swift:49:12:49:54 | ...! | url.swift:39:16:39:23 | call to source() : | url.swift:49:12:49:54 | ...! | result |
| url.swift:65:12:65:12 | ...! | url.swift:39:16:39:23 | call to source() : | url.swift:65:12:65:12 | ...! | result |
| url.swift:68:15:68:19 | ...! | url.swift:39:16:39:23 | call to source() : | url.swift:68:15:68:19 | ...! | result |
| url.swift:62:12:62:12 | urlTainted | url.swift:57:16:57:23 | call to source() : | url.swift:62:12:62:12 | urlTainted | result |
| url.swift:64:12:64:23 | .absoluteURL | url.swift:57:16:57:23 | call to source() : | url.swift:64:12:64:23 | .absoluteURL | result |
| url.swift:65:12:65:23 | .baseURL | url.swift:57:16:57:23 | call to source() : | url.swift:65:12:65:23 | .baseURL | result |
| url.swift:66:15:66:34 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:66:15:66:34 | ...! | result |
| url.swift:67:15:67:30 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:67:15:67:30 | ...! | result |
| url.swift:68:15:68:26 | .lastPathComponent | url.swift:57:16:57:23 | call to source() : | url.swift:68:15:68:26 | .lastPathComponent | result |
| url.swift:69:15:69:26 | .path | url.swift:57:16:57:23 | call to source() : | url.swift:69:15:69:26 | .path | result |
| url.swift:70:15:70:42 | ...[...] | url.swift:57:16:57:23 | call to source() : | url.swift:70:15:70:42 | ...[...] | result |
| url.swift:71:15:71:26 | .pathExtension | url.swift:57:16:57:23 | call to source() : | url.swift:71:15:71:26 | .pathExtension | result |
| url.swift:72:12:72:27 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:72:12:72:27 | ...! | result |
| url.swift:73:15:73:31 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:73:15:73:31 | ...! | result |
| url.swift:74:15:74:26 | .relativePath | url.swift:57:16:57:23 | call to source() : | url.swift:74:15:74:26 | .relativePath | result |
| url.swift:75:15:75:26 | .relativeString | url.swift:57:16:57:23 | call to source() : | url.swift:75:15:75:26 | .relativeString | result |
| url.swift:76:15:76:32 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:76:15:76:32 | ...! | result |
| url.swift:77:12:77:23 | .standardized | url.swift:57:16:57:23 | call to source() : | url.swift:77:12:77:23 | .standardized | result |
| url.swift:78:12:78:23 | .standardizedFileURL | url.swift:57:16:57:23 | call to source() : | url.swift:78:12:78:23 | .standardizedFileURL | result |
| url.swift:79:15:79:30 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:79:15:79:30 | ...! | result |
| url.swift:80:15:80:34 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:80:15:80:34 | ...! | result |
| url.swift:83:12:83:49 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:83:12:83:49 | ...! | result |
| url.swift:86:12:86:56 | .absoluteURL | url.swift:57:16:57:23 | call to source() : | url.swift:86:12:86:56 | .absoluteURL | result |
| url.swift:87:12:87:56 | .baseURL | url.swift:57:16:57:23 | call to source() : | url.swift:87:12:87:56 | .baseURL | result |
| url.swift:88:15:88:67 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:88:15:88:67 | ...! | result |
| url.swift:89:15:89:63 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:89:15:89:63 | ...! | result |
| url.swift:90:15:90:59 | .lastPathComponent | url.swift:57:16:57:23 | call to source() : | url.swift:90:15:90:59 | .lastPathComponent | result |
| url.swift:91:15:91:59 | .path | url.swift:57:16:57:23 | call to source() : | url.swift:91:15:91:59 | .path | result |
| url.swift:92:15:92:75 | ...[...] | url.swift:57:16:57:23 | call to source() : | url.swift:92:15:92:75 | ...[...] | result |
| url.swift:93:15:93:59 | .pathExtension | url.swift:57:16:57:23 | call to source() : | url.swift:93:15:93:59 | .pathExtension | result |
| url.swift:94:12:94:60 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:94:12:94:60 | ...! | result |
| url.swift:95:15:95:64 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:95:15:95:64 | ...! | result |
| url.swift:96:15:96:59 | .relativePath | url.swift:57:16:57:23 | call to source() : | url.swift:96:15:96:59 | .relativePath | result |
| url.swift:97:15:97:59 | .relativeString | url.swift:57:16:57:23 | call to source() : | url.swift:97:15:97:59 | .relativeString | result |
| url.swift:98:15:98:65 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:98:15:98:65 | ...! | result |
| url.swift:99:12:99:56 | .standardized | url.swift:57:16:57:23 | call to source() : | url.swift:99:12:99:56 | .standardized | result |
| url.swift:100:12:100:56 | .standardizedFileURL | url.swift:57:16:57:23 | call to source() : | url.swift:100:12:100:56 | .standardizedFileURL | result |
| url.swift:101:15:101:63 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:101:15:101:63 | ...! | result |
| url.swift:102:15:102:67 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:102:15:102:67 | ...! | result |
| url.swift:118:12:118:12 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:118:12:118:12 | ...! | result |
| url.swift:121:15:121:19 | ...! | url.swift:57:16:57:23 | call to source() : | url.swift:121:15:121:19 | ...! | result |

65
swift/ql/test/library-tests/dataflow/taint/url.swift
View File

@@ -7,6 +7,23 @@ struct URL
{
init?(string: String) {}
init?(string: String, relativeTo: URL?) {}
var absoluteURL: URL { get {return URL(string: "")!} }
var baseURL: URL { get {return URL(string: "")!} }
var fragment: String? { get {return nil} }
var host: String? { get {return nil} }
var lastPathComponent: String { get {return ""} }
var path: String { get {return ""} }
var pathComponents: [String] { get {return [""]} }
var pathExtension: String { get {return ""} }
var port: Int? { get {return nil} }
var query: String? { get {return nil} }
var relativePath: String { get {return ""} }
var relativeString: String { get {return ""} }
var scheme: String? { get {return nil} }
var standardized: URL { get {return URL(string: "")!} }
var standardizedFileURL: URL { get {return URL(string: "")!} }
var user: String? { get {return nil} }
var password: String? { get {return nil} }
}
class Data
@@ -33,6 +50,7 @@ func source() -> String { return "" }
func sink(arg: URL) {}
func sink(data: Data) {}
func sink(string: String) {}
func sink(int: Int) {}
func taintThroughURL() {
let clean = "http://example.com/"
@@ -41,19 +59,54 @@ func taintThroughURL() {
let urlTainted = URL(string: tainted)!
sink(arg: urlClean)
sink(arg: urlTainted) // $ tainted=39
sink(arg: urlTainted) // $ tainted=57
// Fields
sink(arg: urlTainted.absoluteURL) // $ tainted=57
sink(arg: urlTainted.baseURL) // $ SPURIOUS: $ tainted=57
sink(string: urlTainted.fragment!) // $ tainted=57
sink(string: urlTainted.host!) // $ tainted=57
sink(string: urlTainted.lastPathComponent) // $ tainted=57
sink(string: urlTainted.path) // $ tainted=57
sink(string: urlTainted.pathComponents[0]) // $ tainted=57
sink(string: urlTainted.pathExtension) // $ tainted=57
sink(int: urlTainted.port!) // $ tainted=57
sink(string: urlTainted.query!) // $ tainted=57
sink(string: urlTainted.relativePath) // $ tainted=57
sink(string: urlTainted.relativeString) // $ tainted=57
sink(string: urlTainted.scheme!) // $ tainted=57
sink(arg: urlTainted.standardized) // $ tainted=57
sink(arg: urlTainted.standardizedFileURL) // $ tainted=57
sink(string: urlTainted.user!) // $ tainted=57
sink(string: urlTainted.password!) // $ tainted=57
sink(arg: URL(string: clean, relativeTo: nil)!)
sink(arg: URL(string: tainted, relativeTo: nil)!) // $ tainted=39
sink(arg: URL(string: tainted, relativeTo: nil)!) // $ tainted=57
sink(arg: URL(string: clean, relativeTo: urlClean)!)
sink(arg: URL(string: clean, relativeTo: urlTainted)!) // $ tainted=39
// Fields (assuming `clean` was a relative path instead of a full URL)
sink(arg: URL(string: clean, relativeTo: urlTainted)!.absoluteURL) // $ tainted=57
sink(arg: URL(string: clean, relativeTo: urlTainted)!.baseURL) // $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.fragment!) // $ SPURIOUS: $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.host!) // $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.lastPathComponent) // $ SPURIOUS: $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.path) // $ SPURIOUS: $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.pathComponents[0]) // $ SPURIOUS: $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.pathExtension) // $ SPURIOUS: $ tainted=57
sink(int: URL(string: clean, relativeTo: urlTainted)!.port!) // $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.query!) // $ SPURIOUS: $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.relativePath) // $ SPURIOUS: $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.relativeString) // $ SPURIOUS: $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.scheme!) // $ tainted=57
sink(arg: URL(string: clean, relativeTo: urlTainted)!.standardized) // $ tainted=57
sink(arg: URL(string: clean, relativeTo: urlTainted)!.standardizedFileURL) // $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.user!) // $ tainted=57
sink(string: URL(string: clean, relativeTo: urlTainted)!.password!) // $ tainted=57
if let x = URL(string: clean) {
sink(arg: x)
}
if let y = URL(string: tainted) {
sink(arg: y) // $ MISSING: tainted=39
sink(arg: y) // $ MISSING: tainted=57
}
var urlClean2 : URL!
@@ -62,9 +115,9 @@ func taintThroughURL() {
var urlTainted2 : URL!
urlTainted2 = URL(string: tainted)
sink(arg: urlTainted2) // $ tainted=39
sink(arg: urlTainted2) // $ tainted=57
let task = URLSession.shared.dataTask(with: urlTainted) { (data, response, error) in
sink(data: data!) // $ tainted=39
sink(data: data!) // $ tainted=57
}
}