hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Fix Swift warnings in the test.

Browse Source
This commit is contained in:
Geoffrey White
2023-11-15 17:17:51 +00:00
parent 3a38f3b947
commit a6fe620bcb
2 changed files with 59 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
swift/ql/test/query-tests/Security/CWE-134/UncontrolledFormatString.expected
View File

@@ -3,24 +3,24 @@ edges
| UncontrolledFormatString.swift:78:22:80:5 | format | UncontrolledFormatString.swift:78:22:80:5 | { ... } [format] |
| UncontrolledFormatString.swift:78:22:80:5 | { ... } [format] | UncontrolledFormatString.swift:79:16:79:16 | this [format] |
| UncontrolledFormatString.swift:79:16:79:16 | this [format] | UncontrolledFormatString.swift:79:16:79:16 | format |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:97:28:97:28 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:100:28:100:28 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:101:28:101:28 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:103:28:103:28 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:104:28:104:28 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:105:28:105:28 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:106:46:106:46 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:108:47:108:47 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:109:65:109:65 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:111:54:111:54 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:112:72:112:72 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:97:24:97:24 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:100:24:100:24 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:101:24:101:24 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:103:24:103:24 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:104:24:104:24 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:105:24:105:24 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:106:42:106:42 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:108:43:108:43 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:109:57:109:57 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:111:50:111:50 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:112:64:112:64 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:115:11:115:11 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:116:11:116:11 | tainted |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:118:61:118:61 | tainted |
| UncontrolledFormatString.swift:108:47:108:47 | tainted | UncontrolledFormatString.swift:108:30:108:54 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:109:65:109:65 | tainted | UncontrolledFormatString.swift:109:48:109:72 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:111:54:111:54 | tainted | UncontrolledFormatString.swift:111:37:111:61 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:112:72:112:72 | tainted | UncontrolledFormatString.swift:112:55:112:79 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:108:43:108:43 | tainted | UncontrolledFormatString.swift:108:26:108:50 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:109:57:109:57 | tainted | UncontrolledFormatString.swift:109:40:109:64 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:111:50:111:50 | tainted | UncontrolledFormatString.swift:111:33:111:57 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:112:64:112:64 | tainted | UncontrolledFormatString.swift:112:47:112:71 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:116:11:116:11 | tainted | UncontrolledFormatString.swift:77:12:77:22 | format |
nodes
| UncontrolledFormatString.swift:77:12:77:22 | format | semmle.label | format |
@@ -29,37 +29,37 @@ nodes
| UncontrolledFormatString.swift:79:16:79:16 | format | semmle.label | format |
| UncontrolledFormatString.swift:79:16:79:16 | this [format] | semmle.label | this [format] |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| UncontrolledFormatString.swift:97:28:97:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:100:28:100:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:101:28:101:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:103:28:103:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:104:28:104:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:105:28:105:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:106:46:106:46 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:108:30:108:54 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
| UncontrolledFormatString.swift:108:47:108:47 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:109:48:109:72 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
| UncontrolledFormatString.swift:109:65:109:65 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:111:37:111:61 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
| UncontrolledFormatString.swift:111:54:111:54 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:112:55:112:79 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
| UncontrolledFormatString.swift:112:72:112:72 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:97:24:97:24 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:100:24:100:24 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:101:24:101:24 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:103:24:103:24 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:104:24:104:24 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:105:24:105:24 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:106:42:106:42 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:108:26:108:50 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
| UncontrolledFormatString.swift:108:43:108:43 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:109:40:109:64 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
| UncontrolledFormatString.swift:109:57:109:57 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:111:33:111:57 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
| UncontrolledFormatString.swift:111:50:111:50 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:112:47:112:71 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
| UncontrolledFormatString.swift:112:64:112:64 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:115:11:115:11 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:116:11:116:11 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:118:61:118:61 | tainted | semmle.label | tainted |
subpaths
#select
| UncontrolledFormatString.swift:79:16:79:16 | format | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:79:16:79:16 | format | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:97:28:97:28 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:97:28:97:28 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:100:28:100:28 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:100:28:100:28 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:101:28:101:28 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:101:28:101:28 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:103:28:103:28 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:103:28:103:28 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:104:28:104:28 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:104:28:104:28 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:105:28:105:28 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:105:28:105:28 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:106:46:106:46 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:106:46:106:46 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:108:30:108:54 | call to NSString.init(string:) | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:108:30:108:54 | call to NSString.init(string:) | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:109:48:109:72 | call to NSString.init(string:) | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:109:48:109:72 | call to NSString.init(string:) | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:111:37:111:61 | call to NSString.init(string:) | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:111:37:111:61 | call to NSString.init(string:) | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:112:55:112:79 | call to NSString.init(string:) | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:112:55:112:79 | call to NSString.init(string:) | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:97:24:97:24 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:97:24:97:24 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:100:24:100:24 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:100:24:100:24 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:101:24:101:24 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:101:24:101:24 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:103:24:103:24 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:103:24:103:24 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:104:24:104:24 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:104:24:104:24 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:105:24:105:24 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:105:24:105:24 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:106:42:106:42 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:106:42:106:42 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:108:26:108:50 | call to NSString.init(string:) | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:108:26:108:50 | call to NSString.init(string:) | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:109:40:109:64 | call to NSString.init(string:) | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:109:40:109:64 | call to NSString.init(string:) | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:111:33:111:57 | call to NSString.init(string:) | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:111:33:111:57 | call to NSString.init(string:) | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:112:47:112:71 | call to NSString.init(string:) | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:112:47:112:71 | call to NSString.init(string:) | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:115:11:115:11 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:115:11:115:11 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:118:61:118:61 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:118:61:118:61 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |

36
swift/ql/test/query-tests/Security/CWE-134/UncontrolledFormatString.swift
View File

@@ -90,26 +90,26 @@ class MyString {
func tests() throws {
let tainted = try! String(contentsOf: URL(string: "http://example.com")!)
let a = String("abc") // GOOD: not a format string
let b = String(tainted) // GOOD: not a format string
_ = String("abc") // GOOD: not a format string
_ = String(tainted) // GOOD: not a format string
let c = String(format: "abc") // GOOD: not tainted
let d = String(format: tainted) // BAD
let e = String(format: "%s", "abc") // GOOD: not tainted
let f = String(format: "%s", tainted) // GOOD: format string itself is not tainted
let g = String(format: tainted, "abc") // BAD
let h = String(format: tainted, tainted) // BAD
_ = String(format: "abc") // GOOD: not tainted
_ = String(format: tainted) // BAD
_ = String(format: "%s", "abc") // GOOD: not tainted
_ = String(format: "%s", tainted) // GOOD: format string itself is not tainted
_ = String(format: tainted, "abc") // BAD
_ = String(format: tainted, tainted) // BAD
let i = String(format: tainted, arguments: []) // BAD
let j = String(format: tainted, locale: nil) // BAD
let k = String(format: tainted, locale: nil, arguments: []) // BAD
let l = String.localizedStringWithFormat(tainted) // BAD
_ = String(format: tainted, arguments: []) // BAD
_ = String(format: tainted, locale: nil) // BAD
_ = String(format: tainted, locale: nil, arguments: []) // BAD
_ = String.localizedStringWithFormat(tainted) // BAD
let m = NSString(format: NSString(string: tainted), "abc") // BAD
let n = NSString.localizedStringWithFormat(NSString(string: tainted)) // BAD
_ = NSString(format: NSString(string: tainted), "abc") // BAD
NSString.localizedStringWithFormat(NSString(string: tainted)) // BAD
var o = NSMutableString(format: NSString(string: tainted), "abc") // BAD
var p = NSMutableString.localizedStringWithFormat(NSString(string: tainted)) // BAD
_ = NSMutableString(format: NSString(string: tainted), "abc") // BAD
NSMutableString.localizedStringWithFormat(NSString(string: tainted)) // BAD
NSLog("abc") // GOOD: not tainted
NSLog(tainted) // BAD
@@ -119,11 +119,11 @@ func tests() throws {
let taintedVal = Int(tainted)!
let taintedSan = "\(taintedVal)"
let q = String(format: taintedSan) // GOOD: sufficiently sanitized
_ = String(format: taintedSan) // GOOD: sufficiently sanitized
let taintedVal2 = Int(tainted) ?? 0
let taintedSan2 = String(taintedVal2)
let r = String(format: taintedSan2) // GOOD: sufficiently sanitized
_ = String(format: taintedSan2) // GOOD: sufficiently sanitized
_ = String("abc").appendingFormat("%s", "abc") // GOOD: not tainted
_ = String("abc").appendingFormat("%s", tainted) // GOOD: format not tainted