hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Add realm path-injection sinks.

Browse Source
This commit is contained in:
Geoffrey White
2023-04-14 10:44:47 +01:00
parent feccd307da
commit 46da73cc11
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
View File

@@ -127,7 +127,13 @@ private class PathInjectionSinks extends SinkModelCsv {
";DatabasePool;true;init(path:configuration:);;;Argument[0];path-injection",
";DatabaseQueue;true;init(path:configuration:);;;Argument[0];path-injection",
";DatabaseSnapshotPool;true;init(path:configuration:);;;Argument[0];path-injection",
";SerializedDatabase;true;init(path:configuration:defaultLabel:purpose:);;;Argument[0];path-injection"
";SerializedDatabase;true;init(path:configuration:defaultLabel:purpose:);;;Argument[0];path-injection",
// Realm
";Realm.Configuration;true;init(fileURL:inMemoryIdentifier:syncConfiguration:encryptionKey:readOnly:schemaVersion:migrationBlock:deleteRealmIfMigrationNeeded:shouldCompactOnLaunch:objectTypes:);;;Argument[0];path-injection",
";Realm.Configuration;true;init(fileURL:inMemoryIdentifier:syncConfiguration:encryptionKey:readOnly:schemaVersion:migrationBlock:deleteRealmIfMigrationNeeded:shouldCompactOnLaunch:objectTypes:seedFilePath:);;;Argument[0];path-injection",
";Realm.Configuration;true;init(fileURL:inMemoryIdentifier:syncConfiguration:encryptionKey:readOnly:schemaVersion:migrationBlock:deleteRealmIfMigrationNeeded:shouldCompactOnLaunch:objectTypes:seedFilePath:);;;Argument[10];path-injection",
";Realm.Configuration;true;fileURL;;;;path-injection",
";Realm.Configuration;true;seedFilePath;;;;path-injection",
]
}
}

2
swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected
View File

@@ -0,0 +1,2 @@
| testPathInjection.swift:314:35:314:35 | remoteUrl | Unexpected result: hasPathInjection=208 |
| testPathInjection.swift:316:40:316:40 | remoteUrl | Unexpected result: hasPathInjection=208 |

4
swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift
View File

@@ -311,9 +311,9 @@ func test() {
// Realm
_ = Realm.Configuration(fileURL: safeUrl) // GOOD
_ = Realm.Configuration(fileURL: remoteUrl) // BAD [NOT DETECTED]
_ = Realm.Configuration(fileURL: remoteUrl) // BAD
_ = Realm.Configuration(seedFilePath: safeUrl) // GOOD
_ = Realm.Configuration(seedFilePath: remoteUrl) // BAD [NOT DETECTED]
_ = Realm.Configuration(seedFilePath: remoteUrl) // BAD
var config = Realm.Configuration() // GOOD
config.fileURL = safeUrl // GOOD