hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: convert PredicateInjection test to .qlref

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-06-20 09:43:50 +02:00
parent 92a48cdc2b
commit 7615ec7a24
4 changed files with 29 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.expected
View File

@@ -0,0 +1,20 @@
#select
| predicateInjection.swift:26:25:26:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:26:25:26:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
| predicateInjection.swift:29:25:29:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:29:25:29:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
| predicateInjection.swift:31:25:31:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:31:25:31:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
| predicateInjection.swift:33:25:33:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:33:25:33:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
| predicateInjection.swift:36:42:36:42 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:36:42:36:42 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
edges
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:26:25:26:25 | remoteString | provenance | |
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:29:25:29:25 | remoteString | provenance | |
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:31:25:31:25 | remoteString | provenance | |
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:33:25:33:25 | remoteString | provenance | |
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:36:42:36:42 | remoteString | provenance | |
nodes
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| predicateInjection.swift:26:25:26:25 | remoteString | semmle.label | remoteString |
| predicateInjection.swift:29:25:29:25 | remoteString | semmle.label | remoteString |
| predicateInjection.swift:31:25:31:25 | remoteString | semmle.label | remoteString |
| predicateInjection.swift:33:25:33:25 | remoteString | semmle.label | remoteString |
| predicateInjection.swift:36:42:36:42 | remoteString | semmle.label | remoteString |
subpaths

21
swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.ql
View File

@@ -1,21 +0,0 @@
import swift
import codeql.swift.dataflow.DataFlow
import codeql.swift.security.PredicateInjectionQuery
import utils.test.InlineExpectationsTest
module PredicateInjectionTest implements TestSig {
string getARelevantTag() { result = "hasPredicateInjection" }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr |
PredicateInjectionFlow::flow(source, sink) and
sinkExpr = sink.asExpr() and
location = sinkExpr.getLocation() and
element = sinkExpr.toString() and
tag = "hasPredicateInjection" and
value = source.asExpr().getLocation().getStartLine().toString()
)
}
}
import MakeTest<PredicateInjectionTest>

3
swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.qlref Normal file
View File

@@ -0,0 +1,3 @@
query: queries/Security/CWE-943/PredicateInjection.ql
postprocess:
- utils/test/InlineExpectationsTestQuery.ql

12
swift/ql/test/query-tests/Security/CWE-946/predicateInjection.swift
View File

@@ -20,19 +20,19 @@ class NSPredicate {
// --- tests ---
func test() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
let safeString = "safe"
NSPredicate(format: remoteString, argumentArray: []) // $ hasPredicateInjection=23
NSPredicate(format: remoteString, argumentArray: []) // $ Alert
NSPredicate(format: safeString, argumentArray: []) // Safe
NSPredicate(format: safeString, argumentArray: [remoteString]) // Safe
NSPredicate(format: remoteString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // $ hasPredicateInjection=23
NSPredicate(format: remoteString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // $ Alert
NSPredicate(format: safeString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // Safe
NSPredicate(format: remoteString) // $ hasPredicateInjection=23
NSPredicate(format: remoteString) // $ Alert
NSPredicate(format: safeString) // Safe
NSPredicate(format: remoteString, "" as! CVarArg) // $ hasPredicateInjection=23
NSPredicate(format: remoteString, "" as! CVarArg) // $ Alert
NSPredicate(format: safeString, "" as! CVarArg) // Safe
NSPredicate(format: safeString, remoteString as! CVarArg) // Safe
NSPredicate(fromMetadataQueryString: remoteString) // $ hasPredicateInjection=23
NSPredicate(fromMetadataQueryString: remoteString) // $ Alert
NSPredicate(fromMetadataQueryString: safeString) // Safe
}