hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Add sinks.

Browse Source
This commit is contained in:
Geoffrey White
2023-05-23 15:45:59 +01:00
parent 8573b30239
commit 2c5202018d
2 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
View File

@@ -130,6 +130,19 @@ private class PathInjectionSinks extends SinkModelCsv {
";Realm.Configuration;true;init(fileURL:inMemoryIdentifier:syncConfiguration:encryptionKey:readOnly:schemaVersion:migrationBlock:deleteRealmIfMigrationNeeded:shouldCompactOnLaunch:objectTypes:seedFilePath:);;;Argument[10];path-injection",
";Realm.Configuration;true;fileURL;;;PostUpdate;path-injection",
";Realm.Configuration;true;seedFilePath;;;PostUpdate;path-injection",
// sqlite3
";;false;sqlite3_open(_:_:);;;Argument[0];path-injection",
";;false;sqlite3_open16(_:_:);;;Argument[0];path-injection",
";;false;sqlite3_open_v2(_:_:_:_:);;;Argument[0];path-injection",
";;false;sqlite3_database_file_object(_:);;;Argument[0];path-injection",
";;false;sqlite3_filename_database(_:);;;Argument[0];path-injection",
";;false;sqlite3_filename_journal(_:);;;Argument[0];path-injection",
";;false;sqlite3_filename_wal(_:);;;Argument[0];path-injection",
";;false;sqlite3_free_filename(_:);;;Argument[0];path-injection",
";;false;sqlite3_temp_directory;;;PostUpdate;path-injection",
// SQLite.swift
";Connection.Location.uri;true;init(_:parameters:);;;Argument[0];path-injection",
";Connection;true;init(_:readonly:);;;Argument[0];path-injection",
]
}
}

8
swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift
View File

@@ -375,11 +375,11 @@ func test(buffer1: UnsafeMutablePointer<UInt8>, buffer2: UnsafeMutablePointer<UI
remoteData.copyBytes(to: buffer2, count: remoteData.count)
_ = sqlite3_open("myFile.sqlite3", &db) // GOOD
_ = sqlite3_open(remoteString, &db) // $ MISSING: hasPathInjection=253
_ = sqlite3_open(remoteString, &db) // $ hasPathInjection=253
_ = sqlite3_open16(buffer1, &db) // GOOD
_ = sqlite3_open16(buffer2, &db) // $ MISSING: hasPathInjection=253
_ = sqlite3_open16(buffer2, &db) // $ hasPathInjection=373
_ = sqlite3_open_v2("myFile.sqlite3", &db, 0, nil) // GOOD
_ = sqlite3_open_v2(remoteString, &db, 0, nil) // $ MISSING: hasPathInjection=253
_ = sqlite3_open_v2(remoteString, &db, 0, nil) // $ hasPathInjection=253
sqlite3_temp_directory = UnsafeMutablePointer<CChar>(mutating: NSString(string: "myFile.sqlite3").utf8String) // GOOD
sqlite3_temp_directory = UnsafeMutablePointer<CChar>(mutating: NSString(string: remoteString).utf8String) // $ MISSING: hasPathInjection=253
@@ -390,7 +390,7 @@ func test(buffer1: UnsafeMutablePointer<UInt8>, buffer2: UnsafeMutablePointer<UI
try! _ = Connection(Connection.Location.uri("myFile.sqlite3")) // GOOD
try! _ = Connection(Connection.Location.uri(remoteString)) // $ MISSING: hasPathInjection=253
try! _ = Connection("myFile.sqlite3") // GOOD
try! _ = Connection(remoteString) // $ MISSING: hasPathInjection=253
try! _ = Connection(remoteString) // $ hasPathInjection=253
}
func testBarriers() {