hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Remove a no-longer-needed special case from swift/unsafe-js-eval.

Browse Source
This commit is contained in:
Geoffrey White
2023-02-06 17:19:52 +00:00
parent 4eebeab8a8
commit 996536b08e
2 changed files with 1 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll
View File

@@ -96,16 +96,11 @@ private class JSEvaluateScriptDefaultUnsafeJsEvalSink extends UnsafeJsEvalSink {
}
/**
* A default SQL injection sanitrizer.
* A default SQL injection sanitizer.
*/
private class DefaultUnsafeJsEvalAdditionalTaintStep extends UnsafeJsEvalAdditionalTaintStep {
override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
exists(Argument arg |
arg =
any(CallExpr ce |
ce.getStaticTarget().(MethodDecl).hasQualifiedName("String", "init(decoding:as:)")
).getArgument(0)
or
arg =
any(CallExpr ce |
ce.getStaticTarget()

1
swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected
View File

@@ -27,7 +27,6 @@ edges
| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... : | UnsafeJsEval.swift:279:13:279:13 | string : |
| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... : | UnsafeJsEval.swift:285:13:285:13 | string : |
| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... : | UnsafeJsEval.swift:299:13:299:13 | string : |
| UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) : | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) : |
| UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) : | UnsafeJsEval.swift:214:24:214:24 | remoteData : |
| UnsafeJsEval.swift:211:24:211:37 | .utf8 : | UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in Data.init(_:) : |
| UnsafeJsEval.swift:211:24:211:37 | .utf8 : | UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) : |