hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Proof of concept fix.

Browse Source
This commit is contained in:
Geoffrey White
2023-03-02 16:36:40 +00:00
parent 15227d3c09
commit 9f86bcb1b8
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
View File

@@ -211,6 +211,8 @@ private predicate modifiable(Argument arg) {
arg.getExpr() instanceof InOutExpr
or
arg.getExpr().getType() instanceof NominalType
or
arg.getLabel() = "ptr"
}
predicate modifiableParam(ParamDecl param) {

8
swift/ql/test/library-tests/dataflow/taint/libraries/unsafepointer.swift
View File

@@ -25,7 +25,7 @@ func taintPointer(ptr: UnsafeMutablePointer<String>) {
}
func clearPointer2(ptr: UnsafeMutablePointer<String>) {
sink(arg: ptr.pointee) // $ MISSING: tainted=21
sink(arg: ptr.pointee) // $ tainted=21
sink(arg: ptr)
ptr.pointee = "abc"
@@ -42,12 +42,12 @@ func testMutatingPointerInCall(ptr: UnsafeMutablePointer<String>) {
taintPointer(ptr: ptr) // mutates `ptr` pointee with a tainted value
sink(arg: ptr.pointee) // $ MISSING: tainted=21
sink(arg: ptr.pointee) // $ tainted=21
sink(arg: ptr)
clearPointer2(ptr: ptr)
sink(arg: ptr.pointee)
sink(arg: ptr.pointee) // $ SPURIOUS: tainted=21
sink(arg: ptr)
}
@@ -96,6 +96,6 @@ func testMutatingMyPointerInCall(ptr: MyPointer) {
taintMyPointer(ptr: ptr) // mutates `ptr` pointee with a tainted value
sink(arg: ptr.pointee) // $ MISSING: tainted=87
sink(arg: ptr.pointee) // $ tainted=87
sink(arg: ptr)
}