hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Model 'printf' variants as cleartext logging sinks.

Browse Source
This commit is contained in:
Geoffrey White
2023-11-17 19:30:22 +00:00
parent 06c2c423b3
commit 795f16ba56
2 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
View File

@@ -93,6 +93,24 @@ private class CleartextLoggingFieldAdditionalFlowStep extends CleartextLoggingAd
}
}
/**
* A sink that appears to be an imported C `printf` variant.
* TODO: merge code with similar cases from the cleartext logging PR.
*/
private class PrintfCleartextLoggingSink extends CleartextLoggingSink {
PrintfCleartextLoggingSink() {
exists(CallExpr ce, FreeFunction f, int formatParamIndex |
f.getShortName().matches("%printf%") and
f.getParam(formatParamIndex).getName() = "format" and
ce.getStaticTarget() = f and
(
this.asExpr() = ce.getArgument(formatParamIndex).getExpr() or
this.asExpr() = ce.getArgument(f.getNumberOfParams() - 1).getExpr()
)
)
}
}
private class LoggingSinks extends SinkModelCsv {
override predicate row(string row) {
row =

14
swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift
View File

@@ -343,15 +343,15 @@ func test6(passwordString: String) {
NSException.raise(NSExceptionName("exception"), format: "\(passwordString) is incorrect!", arguments: getVaList([])) // $ MISSING: hasCleartextLogging=
NSException.raise(NSExceptionName("exception"), format: "%s is incorrect!", arguments: getVaList([passwordString])) // $ MISSING: hasCleartextLogging=
_ = dprintf(0, "\(passwordString) is incorrect!") // $ MISSING: hasCleartextLogging=
_ = dprintf(0, "%s is incorrect!", passwordString) // $ MISSING: hasCleartextLogging=
_ = dprintf(0, "%s: %s is incorrect!", "foo", passwordString) // $ MISSING: hasCleartextLogging=
_ = vprintf("\(passwordString) is incorrect!", getVaList([])) // $ MISSING: hasCleartextLogging=
_ = vprintf("%s is incorrect!", getVaList([passwordString])) // $ MISSING: hasCleartextLogging=
_ = dprintf(0, "\(passwordString) is incorrect!") // $ hasCleartextLogging=346
_ = dprintf(0, "%s is incorrect!", passwordString) // $ hasCleartextLogging=347
_ = dprintf(0, "%s: %s is incorrect!", "foo", passwordString) // $ hasCleartextLogging=348
_ = vprintf("\(passwordString) is incorrect!", getVaList([])) // $ hasCleartextLogging=349
_ = vprintf("%s is incorrect!", getVaList([passwordString])) // $ hasCleartextLogging=350
_ = vfprintf(nil, "\(passwordString) is incorrect!", getVaList([])) // $ hasCleartextLogging=351
_ = vfprintf(nil, "%s is incorrect!", getVaList([passwordString])) // $ hasCleartextLogging=352
_ = vasprintf_l(nil, nil, "\(passwordString) is incorrect!", getVaList([])) // good (`sprintf` is not logging)
_ = vasprintf_l(nil, nil, "%s is incorrect!", getVaList([passwordString])) // good (`sprintf` is not logging)
_ = vasprintf_l(nil, nil, "\(passwordString) is incorrect!", getVaList([])) // $ SPURIOUS hasCleartextLogging=353 good (`sprintf` is not logging)
_ = vasprintf_l(nil, nil, "%s is incorrect!", getVaList([passwordString])) // $ SPURIOUS hasCleartextLogging=354 good (`sprintf` is not logging)
}
func test7(authKey: String, authKey2: Int, authKey3: Float) {