hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Add test cases.

Browse Source
This commit is contained in:
Geoffrey White
2024-08-01 15:36:09 +01:00
parent 683ca2d578
commit 7bf61d1d7e
2 changed files with 34 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
swift/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
View File

@@ -136,6 +136,15 @@ edges
| CommandInjection.swift:166:45:166:77 | call to URL.init(string:) [some:0] | CommandInjection.swift:166:45:166:78 | ...! | provenance | |
| CommandInjection.swift:166:45:166:78 | ...! | file://:0:0:0:0 | url | provenance | |
| CommandInjection.swift:166:57:166:57 | userControlledString | CommandInjection.swift:166:45:166:77 | call to URL.init(string:) [some:0] | provenance | |
| CommandInjection.swift:170:19:170:83 | call to contentsOfDirectory(atPath:) | CommandInjection.swift:176:22:176:22 | files | provenance | |
| CommandInjection.swift:170:19:170:83 | call to contentsOfDirectory(atPath:) | CommandInjection.swift:178:23:178:30 | ...[...] | provenance | |
| CommandInjection.swift:176:3:176:3 | [post] task12 [arguments] | CommandInjection.swift:176:3:176:3 | [post] task12 | provenance | |
| CommandInjection.swift:176:22:176:22 | files | CommandInjection.swift:176:3:176:3 | [post] task12 [arguments] | provenance | |
| CommandInjection.swift:176:22:176:22 | files | CommandInjection.swift:176:22:176:22 | files | provenance | |
| CommandInjection.swift:176:22:176:22 | files | CommandInjection.swift:178:23:178:30 | ...[...] | provenance | |
| CommandInjection.swift:178:3:178:3 | [post] task12 [arguments, Collection element] | CommandInjection.swift:178:3:178:3 | [post] task12 | provenance | |
| CommandInjection.swift:178:22:178:31 | [...] [Collection element] | CommandInjection.swift:178:3:178:3 | [post] task12 [arguments, Collection element] | provenance | |
| CommandInjection.swift:178:23:178:30 | ...[...] | CommandInjection.swift:178:22:178:31 | [...] [Collection element] | provenance | |
| CommandInjection.swift:193:3:193:3 | newValue [Collection element] | CommandInjection.swift:194:19:194:19 | newValue [Collection element] | provenance | |
| CommandInjection.swift:193:3:193:3 | newValue [Collection element] | CommandInjection.swift:195:20:195:20 | newValue [Collection element] | provenance | |
| CommandInjection.swift:193:3:193:3 | newValue [Collection element] | CommandInjection.swift:196:19:196:19 | newValue [Collection element] | provenance | |
@@ -284,6 +293,14 @@ nodes
| CommandInjection.swift:166:45:166:78 | ...! | semmle.label | ...! |
| CommandInjection.swift:166:45:166:78 | ...! | semmle.label | ...! |
| CommandInjection.swift:166:57:166:57 | userControlledString | semmle.label | userControlledString |
| CommandInjection.swift:170:19:170:83 | call to contentsOfDirectory(atPath:) | semmle.label | call to contentsOfDirectory(atPath:) |
| CommandInjection.swift:176:3:176:3 | [post] task12 | semmle.label | [post] task12 |
| CommandInjection.swift:176:3:176:3 | [post] task12 [arguments] | semmle.label | [post] task12 [arguments] |
| CommandInjection.swift:176:22:176:22 | files | semmle.label | files |
| CommandInjection.swift:178:3:178:3 | [post] task12 | semmle.label | [post] task12 |
| CommandInjection.swift:178:3:178:3 | [post] task12 [arguments, Collection element] | semmle.label | [post] task12 [arguments, Collection element] |
| CommandInjection.swift:178:22:178:31 | [...] [Collection element] | semmle.label | [...] [Collection element] |
| CommandInjection.swift:178:23:178:30 | ...[...] | semmle.label | ...[...] |
| CommandInjection.swift:193:3:193:3 | newValue [Collection element] | semmle.label | newValue [Collection element] |
| CommandInjection.swift:194:4:194:4 | [post] getter for .p1 | semmle.label | [post] getter for .p1 |
| CommandInjection.swift:194:4:194:4 | [post] getter for .p1 [arguments, Collection element] | semmle.label | [post] getter for .p1 [arguments, Collection element] |
@@ -351,6 +368,8 @@ subpaths
| CommandInjection.swift:163:40:163:73 | ...! | CommandInjection.swift:105:40:105:94 | call to String.init(contentsOf:) | CommandInjection.swift:163:40:163:73 | ...! | This command depends on a $@. | CommandInjection.swift:105:40:105:94 | call to String.init(contentsOf:) | user-provided value |
| CommandInjection.swift:164:32:164:53 | [...] | CommandInjection.swift:105:40:105:94 | call to String.init(contentsOf:) | CommandInjection.swift:164:32:164:53 | [...] | This command depends on a $@. | CommandInjection.swift:105:40:105:94 | call to String.init(contentsOf:) | user-provided value |
| CommandInjection.swift:166:45:166:78 | ...! | CommandInjection.swift:105:40:105:94 | call to String.init(contentsOf:) | CommandInjection.swift:166:45:166:78 | ...! | This command depends on a $@. | CommandInjection.swift:105:40:105:94 | call to String.init(contentsOf:) | user-provided value |
| CommandInjection.swift:176:3:176:3 | [post] task12 | CommandInjection.swift:170:19:170:83 | call to contentsOfDirectory(atPath:) | CommandInjection.swift:176:3:176:3 | [post] task12 | This command depends on a $@. | CommandInjection.swift:170:19:170:83 | call to contentsOfDirectory(atPath:) | user-provided value |
| CommandInjection.swift:178:3:178:3 | [post] task12 | CommandInjection.swift:170:19:170:83 | call to contentsOfDirectory(atPath:) | CommandInjection.swift:178:3:178:3 | [post] task12 | This command depends on a $@. | CommandInjection.swift:170:19:170:83 | call to contentsOfDirectory(atPath:) | user-provided value |
| CommandInjection.swift:194:4:194:4 | [post] getter for .p1 | CommandInjection.swift:201:41:201:95 | call to String.init(contentsOf:) | CommandInjection.swift:194:4:194:4 | [post] getter for .p1 | This command depends on a $@. | CommandInjection.swift:201:41:201:95 | call to String.init(contentsOf:) | user-provided value |
| CommandInjection.swift:195:4:195:6 | [post] ...! | CommandInjection.swift:201:41:201:95 | call to String.init(contentsOf:) | CommandInjection.swift:195:4:195:6 | [post] ...! | This command depends on a $@. | CommandInjection.swift:201:41:201:95 | call to String.init(contentsOf:) | user-provided value |
| CommandInjection.swift:196:4:196:4 | [post] ...! | CommandInjection.swift:201:41:201:95 | call to String.init(contentsOf:) | CommandInjection.swift:196:4:196:4 | [post] ...! | This command depends on a $@. | CommandInjection.swift:201:41:201:95 | call to String.init(contentsOf:) | user-provided value |

30
swift/ql/test/query-tests/Security/CWE-078/CommandInjection.swift
View File

@@ -53,11 +53,11 @@ class NSUserAutomatorTask : NSUserScriptTask {
var variables: [String: Any]? { get { return nil } set { } }
}
class FileManager : NSObject {
class var `default`: FileManager { get { return 0 as! FileManager } }
func contentsOfDirectory(atPath path: String) throws -> [String] { [] }
}
// --- tests ---
@@ -167,17 +167,17 @@ func testCommandInjectionMore(mySafeString: String) {
task11.variables = ["abc": userControlledString] // BAD [NOT DETECTED]
task11.execute(withInput: nil)
let files = try! FileManager.default.contentsOfDirectory(atPath: "some/directory")
for file in files {
let task12 = Process()
task12.launchPath = "/bin/rm" // GOOD
task12.arguments = [file] // GOOD (cases like this vary, but our analysis doesn't work well on them)
task12.launch()
task12.arguments = files // GOOD (similar to previous) [FALSE POSITIVE]
task12.launch()
task12.arguments = [files[0]] // GOOD (similar to previous) [FALSE POSITIVE]
task12.launch()
}
}