hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 14:34:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Add tests.

Browse Source
This commit is contained in:
Geoffrey White
2022-11-18 13:06:28 +00:00
parent a2210959b5
commit 32c4728f83
3 changed files with 131 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
swift/ql/test/query-tests/Security/CWE-134/UncontrolledFormatString.expected Normal file
View File

@@ -0,0 +1,32 @@
edges
| UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:68:28:68:28 | tainted |
| UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:71:28:71:28 | tainted |
| UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:72:28:72:28 | tainted |
| UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:74:28:74:28 | tainted |
| UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:75:28:75:28 | tainted |
| UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:76:28:76:28 | tainted |
| UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:77:46:77:46 | tainted |
| UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:86:11:86:11 | tainted |
| UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:89:61:89:61 | tainted |
nodes
| UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | semmle.label | call to init(contentsOf:) : |
| UncontrolledFormatString.swift:68:28:68:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:71:28:71:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:72:28:72:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:74:28:74:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:75:28:75:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:76:28:76:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:77:46:77:46 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:86:11:86:11 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:89:61:89:61 | tainted | semmle.label | tainted |
subpaths
#select
| UncontrolledFormatString.swift:68:28:68:28 | tainted | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:68:28:68:28 | tainted | This format string is derived from a $@. | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) | user-provided value |
| UncontrolledFormatString.swift:71:28:71:28 | tainted | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:71:28:71:28 | tainted | This format string is derived from a $@. | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) | user-provided value |
| UncontrolledFormatString.swift:72:28:72:28 | tainted | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:72:28:72:28 | tainted | This format string is derived from a $@. | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) | user-provided value |
| UncontrolledFormatString.swift:74:28:74:28 | tainted | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:74:28:74:28 | tainted | This format string is derived from a $@. | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) | user-provided value |
| UncontrolledFormatString.swift:75:28:75:28 | tainted | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:75:28:75:28 | tainted | This format string is derived from a $@. | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) | user-provided value |
| UncontrolledFormatString.swift:76:28:76:28 | tainted | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:76:28:76:28 | tainted | This format string is derived from a $@. | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) | user-provided value |
| UncontrolledFormatString.swift:77:46:77:46 | tainted | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:77:46:77:46 | tainted | This format string is derived from a $@. | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) | user-provided value |
| UncontrolledFormatString.swift:86:11:86:11 | tainted | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:86:11:86:11 | tainted | This format string is derived from a $@. | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) | user-provided value |
| UncontrolledFormatString.swift:89:61:89:61 | tainted | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) : | UncontrolledFormatString.swift:89:61:89:61 | tainted | This format string is derived from a $@. | UncontrolledFormatString.swift:62:24:62:77 | call to init(contentsOf:) | user-provided value |

1
swift/ql/test/query-tests/Security/CWE-134/UncontrolledFormatString.qlref Normal file
View File

@@ -0,0 +1 @@
queries/Security/CWE-134/UncontrolledFormatString.ql

98
swift/ql/test/query-tests/Security/CWE-134/UncontrolledFormatString.swift Normal file
View File

@@ -0,0 +1,98 @@
// --- stubs ---
struct URL
{
init?(string: String) {}
}
struct Locale {
}
extension String : CVarArg {
public var _cVarArgEncoding: [Int] { get { return [] } }
init(contentsOf: URL) throws { self.init() }
init(format: String, _ arguments: CVarArg...) { self.init() }
init(format: String, arguments: [CVarArg]) { self.init() }
init(format: String, locale: Locale?, _ args: CVarArg...) { self.init() }
init(format: String, locale: Locale?, arguments: [CVarArg]) { self.init() }
static func localizedStringWithFormat(_ format: String, _ arguments: CVarArg...) -> String { return "" }
}
class NSObject
{
}
class NSString : NSObject
{
init(string aString: String) {}
init(format: NSString, _ args: CVarArg...) {}
class func localizedStringWithFormat(_ format: NSString, _ args: CVarArg...) {}
}
class NSMutableString : NSString
{
}
struct NSExceptionName {
init(_ rawValue: String) {}
}
class NSException: NSObject
{
class func raise(_ name: NSExceptionName, format: String, arguments argList: CVaListPointer) {}
}
func NSLog(_ format: String, _ args: CVarArg...) {}
func NSLogv(_ format: String, _ args: CVaListPointer) {}
// --- tests ---
func MyLog(_ format: String, _ args: CVarArg...) {
withVaList(args) { arglist in
NSLogv(format, arglist) // BAD [NOT DETECTED]
}
}
func tests() {
let tainted = try! String(contentsOf: URL(string: "http://example.com")!)
let a = String("abc") // GOOD: not a format string
let b = String(tainted) // GOOD: not a format string
let c = String(format: "abc") // GOOD: not tainted
let d = String(format: tainted) // BAD
let e = String(format: "%s", "abc") // GOOD: not tainted
let f = String(format: "%s", tainted) // GOOD: format string itself is not tainted
let g = String(format: tainted, "abc") // BAD
let h = String(format: tainted, tainted) // BAD
let i = String(format: tainted, arguments: []) // BAD
let j = String(format: tainted, locale: nil) // BAD
let k = String(format: tainted, locale: nil, arguments: []) // BAD
let l = String.localizedStringWithFormat(tainted) // BAD
let m = NSString(format: NSString(string: tainted), "abc") // BAD [NOT DETECTED]
let n = NSString.localizedStringWithFormat(NSString(string: tainted)) // BAD [NOT DETECTED]
var o = NSMutableString(format: NSString(string: tainted), "abc") // BAD [NOT DETECTED]
var p = NSMutableString.localizedStringWithFormat(NSString(string: tainted)) // BAD [NOT DETECTED]
NSLog("abc") // GOOD: not tainted
NSLog(tainted) // BAD
MyLog(tainted) // BAD [NOT DETECTED]
NSException.raise(NSExceptionName("exception"), format: tainted, arguments: getVaList([])) // BAD
let taintedVal = Int(tainted)!
let taintedSan = "\(taintedVal)"
let q = String(format: taintedSan) // GOOD: sufficiently sanitized
let taintedVal2 = Int(tainted) ?? 0
let taintedSan2 = String(taintedVal2)
let r = String(format: taintedSan2) // GOOD: sufficiently sanitized
}