hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Model numeric conversions.

Browse Source
This commit is contained in:
Geoffrey White
2023-08-09 20:57:43 +01:00
parent e86ccf8498
commit aa2e79b6da
5 changed files with 217 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Numeric.qll Normal file
View File

@@ -0,0 +1,51 @@
/**
* Provides models for `Numeric` and related Swift classes (such as `Int` and `Float`).
*/
import swift
private import codeql.swift.dataflow.DataFlow
private import codeql.swift.dataflow.ExternalFlow
private import codeql.swift.dataflow.FlowSteps
/**
* A model for `Numeric` and related class members and functions that permit taint flow.
*/
private class NumericSummaries extends SummaryModelCsv {
override predicate row(string row) {
row =
[
";;false;numericCast(_:);;;Argument[0];ReturnValue;taint",
";;false;unsafeDowncast(_:to:);;;Argument[0];ReturnValue;taint",
";;false;unsafeBitCast(_:to:);;;Argument[0];ReturnValue;taint",
";Numeric;true;init(exactly:);;;Argument[0];ReturnValue.OptionalSome;value",
";Numeric;true;init(bitPattern:);;;Argument[0];ReturnValue;taint",
";BinaryInteger;true;init(_:);;;Argument[0];ReturnValue;taint",
";BinaryInteger;true;init(clamping:);;;Argument[0];ReturnValue;taint",
";BinaryInteger;true;init(truncatingIfNeeded:);;;Argument[0];ReturnValue;taint",
";BinaryInteger;true;init(_:format:lenient:);;;Argument[0];ReturnValue;taint",
";BinaryInteger;true;init(_:strategy:);;;Argument[0];ReturnValue;taint",
";BinaryInteger;true;formatted();;;Argument[-1];ReturnValue;taint",
";BinaryInteger;true;formatted(_:);;;Argument[-1];ReturnValue;taint",
";FixedWidthInteger;true;init(_:radix:);;;Argument[0];ReturnValue;taint",
";FixedWidthInteger;true;init(littleEndian:);;;Argument[0];ReturnValue;taint",
";FixedWidthInteger;true;init(bigEndian:);;;Argument[0];ReturnValue;taint",
";FloatingPoint;true;init(_:);;;Argument[0];ReturnValue;taint",
";FloatingPoint;true;init(sign:exponent:significand:);;;Argument[1..2];ReturnValue;taint",
";FloatingPoint;true;init(signOf:magnitudeOf:);;;Argument[1];ReturnValue;taint",
]
}
}
/**
* A content implying that, if a `Numeric` is tainted, then some of its fields are
* tainted.
*/
private class NumericFieldsInheritTaint extends TaintInheritingContent,
DataFlow::Content::FieldContent
{
NumericFieldsInheritTaint() {
this.getField().hasQualifiedName("FixedWidthInteger", ["littleEndian", "bigEndian"])
or
this.getField().hasQualifiedName(["Double", "Float", "Float80", "FloatingPoint"], ["exponent", "significand"])
}
}

1
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/StandardLibrary.qll
View File

@@ -14,6 +14,7 @@ private import NsData
private import NsObject
private import NsString
private import NsUrl
private import Numeric
private import Sequence
private import Set
private import String

26
swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected
View File

@@ -16,6 +16,9 @@
| conversions.swift:19:33:19:33 | self | conversions.swift:19:33:19:33 | SSA def(self) |
| conversions.swift:20:22:20:22 | SSA def(self) | conversions.swift:20:22:20:38 | self[return] |
| conversions.swift:20:22:20:22 | self | conversions.swift:20:22:20:22 | SSA def(self) |
| conversions.swift:25:16:25:26 | call to sourceInt() | conversions.swift:25:12:25:27 | call to Self.init(_:) |
| conversions.swift:26:18:26:28 | call to sourceInt() | conversions.swift:26:12:26:29 | call to Self.init(_:) |
| conversions.swift:27:18:27:28 | call to sourceInt() | conversions.swift:27:12:27:29 | call to Float.init(_:) |
| conversions.swift:28:19:28:29 | call to sourceInt() | conversions.swift:28:12:28:30 | call to String.init(_:) |
| conversions.swift:29:12:29:30 | call to String.init(_:) | conversions.swift:29:12:29:32 | .utf8 |
| conversions.swift:29:19:29:29 | call to sourceInt() | conversions.swift:29:12:29:30 | call to String.init(_:) |
@@ -27,21 +30,43 @@
| conversions.swift:36:6:36:6 | v2 | conversions.swift:36:6:36:6 | SSA def(v2) |
| conversions.swift:36:6:36:10 | ... as ... | conversions.swift:36:6:36:6 | v2 |
| conversions.swift:36:18:36:41 | call to numericCast(_:) | conversions.swift:36:6:36:10 | ... as ... |
| conversions.swift:36:30:36:40 | call to sourceInt() | conversions.swift:36:18:36:41 | call to numericCast(_:) |
| conversions.swift:39:6:39:6 | SSA def(v4) | conversions.swift:40:12:40:12 | v4 |
| conversions.swift:39:6:39:6 | v4 | conversions.swift:39:6:39:6 | SSA def(v4) |
| conversions.swift:39:6:39:10 | ... as ... | conversions.swift:39:6:39:6 | v4 |
| conversions.swift:39:17:39:57 | call to unsafeBitCast(_:to:) | conversions.swift:39:6:39:10 | ... as ... |
| conversions.swift:39:31:39:41 | call to sourceInt() | conversions.swift:39:17:39:57 | call to unsafeBitCast(_:to:) |
| conversions.swift:42:6:42:6 | SSA def(v5) | conversions.swift:43:12:43:12 | v5 |
| conversions.swift:42:6:42:6 | v5 | conversions.swift:42:6:42:6 | SSA def(v5) |
| conversions.swift:42:11:42:47 | call to Self.init(truncatingIfNeeded:) | conversions.swift:42:6:42:6 | v5 |
| conversions.swift:42:36:42:46 | call to sourceInt() | conversions.swift:42:11:42:47 | call to Self.init(truncatingIfNeeded:) |
| conversions.swift:45:6:45:6 | SSA def(v6) | conversions.swift:46:12:46:12 | v6 |
| conversions.swift:45:6:45:6 | v6 | conversions.swift:45:6:45:6 | SSA def(v6) |
| conversions.swift:45:11:45:39 | call to UInt.init(bitPattern:) | conversions.swift:45:6:45:6 | v6 |
| conversions.swift:45:28:45:38 | call to sourceInt() | conversions.swift:45:11:45:39 | call to UInt.init(bitPattern:) |
| conversions.swift:48:12:48:36 | call to Self.init(exactly:) | conversions.swift:48:12:48:37 | ...! |
| conversions.swift:49:26:49:36 | call to sourceInt() | conversions.swift:49:12:49:37 | call to Self.init(clamping:) |
| conversions.swift:50:36:50:46 | call to sourceInt() | conversions.swift:50:12:50:47 | call to Self.init(truncatingIfNeeded:) |
| conversions.swift:51:12:51:41 | call to Self.init(_:radix:) | conversions.swift:51:12:51:42 | ...! |
| conversions.swift:51:16:51:29 | call to sourceString() | conversions.swift:51:12:51:41 | call to Self.init(_:radix:) |
| conversions.swift:53:30:53:40 | call to sourceInt() | conversions.swift:53:12:53:41 | call to Self.init(littleEndian:) |
| conversions.swift:54:27:54:37 | call to sourceInt() | conversions.swift:54:12:54:38 | call to Self.init(bigEndian:) |
| conversions.swift:55:12:55:22 | call to sourceInt() | conversions.swift:55:12:55:24 | .littleEndian |
| conversions.swift:56:12:56:22 | call to sourceInt() | conversions.swift:56:12:56:24 | .bigEndian |
| conversions.swift:61:18:61:30 | call to sourceFloat() | conversions.swift:61:12:61:31 | call to Float.init(_:) |
| conversions.swift:62:18:62:30 | call to sourceFloat() | conversions.swift:62:12:62:31 | call to UInt8.init(_:) |
| conversions.swift:63:19:63:31 | call to sourceFloat() | conversions.swift:63:12:63:32 | call to String.init(_:) |
| conversions.swift:64:12:64:32 | call to String.init(_:) | conversions.swift:64:12:64:34 | .utf8 |
| conversions.swift:64:19:64:31 | call to sourceFloat() | conversions.swift:64:12:64:32 | call to String.init(_:) |
| conversions.swift:66:18:66:30 | call to sourceFloat() | conversions.swift:66:12:66:31 | call to Float.init(_:) |
| conversions.swift:67:41:67:51 | call to sourceInt() | conversions.swift:67:12:67:70 | call to Float.init(sign:exponent:significand:) |
| conversions.swift:67:67:67:67 | 0.0 | conversions.swift:67:12:67:70 | call to Float.init(sign:exponent:significand:) |
| conversions.swift:68:41:68:41 | 0 | conversions.swift:68:12:68:70 | call to Float.init(sign:exponent:significand:) |
| conversions.swift:68:57:68:69 | call to sourceFloat() | conversions.swift:68:12:68:70 | call to Float.init(sign:exponent:significand:) |
| conversions.swift:69:54:69:54 | 0.0 | conversions.swift:69:12:69:57 | call to Float.init(signOf:magnitudeOf:) |
| conversions.swift:70:44:70:56 | call to sourceFloat() | conversions.swift:70:12:70:57 | call to Float.init(signOf:magnitudeOf:) |
| conversions.swift:72:12:72:24 | call to sourceFloat() | conversions.swift:72:12:72:26 | .exponent |
| conversions.swift:73:12:73:24 | call to sourceFloat() | conversions.swift:73:12:73:26 | .significand |
| conversions.swift:78:19:78:32 | call to sourceString() | conversions.swift:78:12:78:33 | call to String.init(_:) |
| conversions.swift:80:6:80:6 | SSA def(ms1) | conversions.swift:81:12:81:12 | ms1 |
| conversions.swift:80:6:80:6 | ms1 | conversions.swift:80:6:80:6 | SSA def(ms1) |
@@ -75,6 +100,7 @@
| conversions.swift:98:6:98:6 | v3 | conversions.swift:98:6:98:6 | SSA def(v3) |
| conversions.swift:98:6:98:10 | ... as ... | conversions.swift:98:6:98:6 | v3 |
| conversions.swift:98:25:98:69 | call to unsafeDowncast(_:to:) | conversions.swift:98:6:98:10 | ... as ... |
| conversions.swift:98:40:98:40 | parent | conversions.swift:98:25:98:69 | call to unsafeDowncast(_:to:) |
| conversions.swift:99:12:99:12 | [post] v3 | conversions.swift:100:12:100:12 | v3 |
| conversions.swift:99:12:99:12 | v3 | conversions.swift:100:12:100:12 | v3 |
| simple.swift:12:13:12:13 | 1 | simple.swift:12:13:12:24 | ... .+(_:_:) ... |

114
swift/ql/test/library-tests/dataflow/taint/core/Taint.expected
View File

@@ -1,13 +1,46 @@
edges
| conversions.swift:25:16:25:26 | call to sourceInt() | conversions.swift:25:12:25:27 | call to Self.init(_:) |
| conversions.swift:26:18:26:28 | call to sourceInt() | conversions.swift:26:12:26:29 | call to Self.init(_:) |
| conversions.swift:27:18:27:28 | call to sourceInt() | conversions.swift:27:12:27:29 | call to Float.init(_:) |
| conversions.swift:28:19:28:29 | call to sourceInt() | conversions.swift:28:12:28:30 | call to String.init(_:) |
| conversions.swift:29:12:29:30 | call to String.init(_:) | conversions.swift:29:12:29:32 | .utf8 |
| conversions.swift:29:19:29:29 | call to sourceInt() | conversions.swift:29:12:29:30 | call to String.init(_:) |
| conversions.swift:36:18:36:41 | call to numericCast(_:) | conversions.swift:37:12:37:12 | v2 |
| conversions.swift:36:30:36:40 | call to sourceInt() | conversions.swift:36:18:36:41 | call to numericCast(_:) |
| conversions.swift:39:17:39:57 | call to unsafeBitCast(_:to:) | conversions.swift:40:12:40:12 | v4 |
| conversions.swift:39:31:39:41 | call to sourceInt() | conversions.swift:39:17:39:57 | call to unsafeBitCast(_:to:) |
| conversions.swift:42:11:42:47 | call to Self.init(truncatingIfNeeded:) | conversions.swift:43:12:43:12 | v5 |
| conversions.swift:42:36:42:46 | call to sourceInt() | conversions.swift:42:11:42:47 | call to Self.init(truncatingIfNeeded:) |
| conversions.swift:45:11:45:39 | call to UInt.init(bitPattern:) | conversions.swift:46:12:46:12 | v6 |
| conversions.swift:45:28:45:38 | call to sourceInt() | conversions.swift:45:11:45:39 | call to UInt.init(bitPattern:) |
| conversions.swift:48:12:48:36 | call to Self.init(exactly:) [some:0] | conversions.swift:48:12:48:37 | ...! |
| conversions.swift:48:25:48:35 | call to sourceInt() | conversions.swift:48:12:48:36 | call to Self.init(exactly:) [some:0] |
| conversions.swift:49:26:49:36 | call to sourceInt() | conversions.swift:49:12:49:37 | call to Self.init(clamping:) |
| conversions.swift:50:36:50:46 | call to sourceInt() | conversions.swift:50:12:50:47 | call to Self.init(truncatingIfNeeded:) |
| conversions.swift:51:12:51:41 | call to Self.init(_:radix:) | conversions.swift:51:12:51:42 | ...! |
| conversions.swift:51:16:51:29 | call to sourceString() | conversions.swift:51:12:51:41 | call to Self.init(_:radix:) |
| conversions.swift:53:30:53:40 | call to sourceInt() | conversions.swift:53:12:53:41 | call to Self.init(littleEndian:) |
| conversions.swift:54:27:54:37 | call to sourceInt() | conversions.swift:54:12:54:38 | call to Self.init(bigEndian:) |
| conversions.swift:55:12:55:22 | call to sourceInt() | conversions.swift:55:12:55:24 | .littleEndian |
| conversions.swift:56:12:56:22 | call to sourceInt() | conversions.swift:56:12:56:24 | .bigEndian |
| conversions.swift:61:18:61:30 | call to sourceFloat() | conversions.swift:61:12:61:31 | call to Float.init(_:) |
| conversions.swift:62:18:62:30 | call to sourceFloat() | conversions.swift:62:12:62:31 | call to UInt8.init(_:) |
| conversions.swift:63:19:63:31 | call to sourceFloat() | conversions.swift:63:12:63:32 | call to String.init(_:) |
| conversions.swift:64:12:64:32 | call to String.init(_:) | conversions.swift:64:12:64:34 | .utf8 |
| conversions.swift:64:19:64:31 | call to sourceFloat() | conversions.swift:64:12:64:32 | call to String.init(_:) |
| conversions.swift:66:18:66:30 | call to sourceFloat() | conversions.swift:66:12:66:31 | call to Float.init(_:) |
| conversions.swift:67:41:67:51 | call to sourceInt() | conversions.swift:67:12:67:70 | call to Float.init(sign:exponent:significand:) |
| conversions.swift:68:57:68:69 | call to sourceFloat() | conversions.swift:68:12:68:70 | call to Float.init(sign:exponent:significand:) |
| conversions.swift:70:44:70:56 | call to sourceFloat() | conversions.swift:70:12:70:57 | call to Float.init(signOf:magnitudeOf:) |
| conversions.swift:72:12:72:24 | call to sourceFloat() | conversions.swift:72:12:72:26 | .exponent |
| conversions.swift:73:12:73:24 | call to sourceFloat() | conversions.swift:73:12:73:26 | .significand |
| conversions.swift:78:19:78:32 | call to sourceString() | conversions.swift:78:12:78:33 | call to String.init(_:) |
| conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:95:12:95:12 | parent |
| conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:96:12:96:12 | parent |
| conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:98:40:98:40 | parent |
| conversions.swift:98:25:98:69 | call to unsafeDowncast(_:to:) | conversions.swift:99:12:99:12 | v3 |
| conversions.swift:98:25:98:69 | call to unsafeDowncast(_:to:) | conversions.swift:100:12:100:12 | v3 |
| conversions.swift:98:40:98:40 | parent | conversions.swift:98:25:98:69 | call to unsafeDowncast(_:to:) |
| file://:0:0:0:0 | self [first] | file://:0:0:0:0 | .first |
| file://:0:0:0:0 | self [second] | file://:0:0:0:0 | .second |
| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [first] |
@@ -87,23 +120,79 @@ edges
| try.swift:18:18:18:25 | call to source() [some:0] | try.swift:18:13:18:25 | try? ... [some:0] |
nodes
| conversions.swift:24:12:24:22 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:25:12:25:27 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| conversions.swift:25:16:25:26 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:26:12:26:29 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| conversions.swift:26:18:26:28 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:27:12:27:29 | call to Float.init(_:) | semmle.label | call to Float.init(_:) |
| conversions.swift:27:18:27:28 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:28:12:28:30 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| conversions.swift:28:19:28:29 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:29:12:29:30 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| conversions.swift:29:12:29:32 | .utf8 | semmle.label | .utf8 |
| conversions.swift:29:19:29:29 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:36:18:36:41 | call to numericCast(_:) | semmle.label | call to numericCast(_:) |
| conversions.swift:36:30:36:40 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:37:12:37:12 | v2 | semmle.label | v2 |
| conversions.swift:39:17:39:57 | call to unsafeBitCast(_:to:) | semmle.label | call to unsafeBitCast(_:to:) |
| conversions.swift:39:31:39:41 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:40:12:40:12 | v4 | semmle.label | v4 |
| conversions.swift:42:11:42:47 | call to Self.init(truncatingIfNeeded:) | semmle.label | call to Self.init(truncatingIfNeeded:) |
| conversions.swift:42:36:42:46 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:43:12:43:12 | v5 | semmle.label | v5 |
| conversions.swift:45:11:45:39 | call to UInt.init(bitPattern:) | semmle.label | call to UInt.init(bitPattern:) |
| conversions.swift:45:28:45:38 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:46:12:46:12 | v6 | semmle.label | v6 |
| conversions.swift:48:12:48:36 | call to Self.init(exactly:) [some:0] | semmle.label | call to Self.init(exactly:) [some:0] |
| conversions.swift:48:12:48:37 | ...! | semmle.label | ...! |
| conversions.swift:48:25:48:35 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:49:12:49:37 | call to Self.init(clamping:) | semmle.label | call to Self.init(clamping:) |
| conversions.swift:49:26:49:36 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:50:12:50:47 | call to Self.init(truncatingIfNeeded:) | semmle.label | call to Self.init(truncatingIfNeeded:) |
| conversions.swift:50:36:50:46 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:51:12:51:41 | call to Self.init(_:radix:) | semmle.label | call to Self.init(_:radix:) |
| conversions.swift:51:12:51:42 | ...! | semmle.label | ...! |
| conversions.swift:51:16:51:29 | call to sourceString() | semmle.label | call to sourceString() |
| conversions.swift:53:12:53:41 | call to Self.init(littleEndian:) | semmle.label | call to Self.init(littleEndian:) |
| conversions.swift:53:30:53:40 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:54:12:54:38 | call to Self.init(bigEndian:) | semmle.label | call to Self.init(bigEndian:) |
| conversions.swift:54:27:54:37 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:55:12:55:22 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:55:12:55:24 | .littleEndian | semmle.label | .littleEndian |
| conversions.swift:56:12:56:22 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:56:12:56:24 | .bigEndian | semmle.label | .bigEndian |
| conversions.swift:60:12:60:24 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:61:12:61:31 | call to Float.init(_:) | semmle.label | call to Float.init(_:) |
| conversions.swift:61:18:61:30 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:62:12:62:31 | call to UInt8.init(_:) | semmle.label | call to UInt8.init(_:) |
| conversions.swift:62:18:62:30 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:63:12:63:32 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| conversions.swift:63:19:63:31 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:64:12:64:32 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| conversions.swift:64:12:64:34 | .utf8 | semmle.label | .utf8 |
| conversions.swift:64:19:64:31 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:66:12:66:31 | call to Float.init(_:) | semmle.label | call to Float.init(_:) |
| conversions.swift:66:18:66:30 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:67:12:67:70 | call to Float.init(sign:exponent:significand:) | semmle.label | call to Float.init(sign:exponent:significand:) |
| conversions.swift:67:41:67:51 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:68:12:68:70 | call to Float.init(sign:exponent:significand:) | semmle.label | call to Float.init(sign:exponent:significand:) |
| conversions.swift:68:57:68:69 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:70:12:70:57 | call to Float.init(signOf:magnitudeOf:) | semmle.label | call to Float.init(signOf:magnitudeOf:) |
| conversions.swift:70:44:70:56 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:72:12:72:24 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:72:12:72:26 | .exponent | semmle.label | .exponent |
| conversions.swift:73:12:73:24 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:73:12:73:26 | .significand | semmle.label | .significand |
| conversions.swift:77:12:77:25 | call to sourceString() | semmle.label | call to sourceString() |
| conversions.swift:78:12:78:33 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| conversions.swift:78:19:78:32 | call to sourceString() | semmle.label | call to sourceString() |
| conversions.swift:94:31:94:44 | call to sourceString() | semmle.label | call to sourceString() |
| conversions.swift:95:12:95:12 | parent | semmle.label | parent |
| conversions.swift:96:12:96:12 | parent | semmle.label | parent |
| conversions.swift:98:25:98:69 | call to unsafeDowncast(_:to:) | semmle.label | call to unsafeDowncast(_:to:) |
| conversions.swift:98:40:98:40 | parent | semmle.label | parent |
| conversions.swift:99:12:99:12 | v3 | semmle.label | v3 |
| conversions.swift:100:12:100:12 | v3 | semmle.label | v3 |
| file://:0:0:0:0 | .first | semmle.label | .first |
| file://:0:0:0:0 | .second | semmle.label | .second |
| file://:0:0:0:0 | [post] self [first] | semmle.label | [post] self [first] |
@@ -228,15 +317,40 @@ subpaths
| stringinterpolation.swift:31:21:31:21 | p2 [second] | stringinterpolation.swift:7:6:7:6 | self [second] | file://:0:0:0:0 | .second | stringinterpolation.swift:31:21:31:24 | .second |
#select
| conversions.swift:24:12:24:22 | call to sourceInt() | conversions.swift:24:12:24:22 | call to sourceInt() | conversions.swift:24:12:24:22 | call to sourceInt() | result |
| conversions.swift:25:12:25:27 | call to Self.init(_:) | conversions.swift:25:16:25:26 | call to sourceInt() | conversions.swift:25:12:25:27 | call to Self.init(_:) | result |
| conversions.swift:26:12:26:29 | call to Self.init(_:) | conversions.swift:26:18:26:28 | call to sourceInt() | conversions.swift:26:12:26:29 | call to Self.init(_:) | result |
| conversions.swift:27:12:27:29 | call to Float.init(_:) | conversions.swift:27:18:27:28 | call to sourceInt() | conversions.swift:27:12:27:29 | call to Float.init(_:) | result |
| conversions.swift:28:12:28:30 | call to String.init(_:) | conversions.swift:28:19:28:29 | call to sourceInt() | conversions.swift:28:12:28:30 | call to String.init(_:) | result |
| conversions.swift:29:12:29:32 | .utf8 | conversions.swift:29:19:29:29 | call to sourceInt() | conversions.swift:29:12:29:32 | .utf8 | result |
| conversions.swift:37:12:37:12 | v2 | conversions.swift:36:30:36:40 | call to sourceInt() | conversions.swift:37:12:37:12 | v2 | result |
| conversions.swift:40:12:40:12 | v4 | conversions.swift:39:31:39:41 | call to sourceInt() | conversions.swift:40:12:40:12 | v4 | result |
| conversions.swift:43:12:43:12 | v5 | conversions.swift:42:36:42:46 | call to sourceInt() | conversions.swift:43:12:43:12 | v5 | result |
| conversions.swift:46:12:46:12 | v6 | conversions.swift:45:28:45:38 | call to sourceInt() | conversions.swift:46:12:46:12 | v6 | result |
| conversions.swift:48:12:48:37 | ...! | conversions.swift:48:25:48:35 | call to sourceInt() | conversions.swift:48:12:48:37 | ...! | result |
| conversions.swift:49:12:49:37 | call to Self.init(clamping:) | conversions.swift:49:26:49:36 | call to sourceInt() | conversions.swift:49:12:49:37 | call to Self.init(clamping:) | result |
| conversions.swift:50:12:50:47 | call to Self.init(truncatingIfNeeded:) | conversions.swift:50:36:50:46 | call to sourceInt() | conversions.swift:50:12:50:47 | call to Self.init(truncatingIfNeeded:) | result |
| conversions.swift:51:12:51:42 | ...! | conversions.swift:51:16:51:29 | call to sourceString() | conversions.swift:51:12:51:42 | ...! | result |
| conversions.swift:53:12:53:41 | call to Self.init(littleEndian:) | conversions.swift:53:30:53:40 | call to sourceInt() | conversions.swift:53:12:53:41 | call to Self.init(littleEndian:) | result |
| conversions.swift:54:12:54:38 | call to Self.init(bigEndian:) | conversions.swift:54:27:54:37 | call to sourceInt() | conversions.swift:54:12:54:38 | call to Self.init(bigEndian:) | result |
| conversions.swift:55:12:55:24 | .littleEndian | conversions.swift:55:12:55:22 | call to sourceInt() | conversions.swift:55:12:55:24 | .littleEndian | result |
| conversions.swift:56:12:56:24 | .bigEndian | conversions.swift:56:12:56:22 | call to sourceInt() | conversions.swift:56:12:56:24 | .bigEndian | result |
| conversions.swift:60:12:60:24 | call to sourceFloat() | conversions.swift:60:12:60:24 | call to sourceFloat() | conversions.swift:60:12:60:24 | call to sourceFloat() | result |
| conversions.swift:61:12:61:31 | call to Float.init(_:) | conversions.swift:61:18:61:30 | call to sourceFloat() | conversions.swift:61:12:61:31 | call to Float.init(_:) | result |
| conversions.swift:62:12:62:31 | call to UInt8.init(_:) | conversions.swift:62:18:62:30 | call to sourceFloat() | conversions.swift:62:12:62:31 | call to UInt8.init(_:) | result |
| conversions.swift:63:12:63:32 | call to String.init(_:) | conversions.swift:63:19:63:31 | call to sourceFloat() | conversions.swift:63:12:63:32 | call to String.init(_:) | result |
| conversions.swift:64:12:64:34 | .utf8 | conversions.swift:64:19:64:31 | call to sourceFloat() | conversions.swift:64:12:64:34 | .utf8 | result |
| conversions.swift:66:12:66:31 | call to Float.init(_:) | conversions.swift:66:18:66:30 | call to sourceFloat() | conversions.swift:66:12:66:31 | call to Float.init(_:) | result |
| conversions.swift:67:12:67:70 | call to Float.init(sign:exponent:significand:) | conversions.swift:67:41:67:51 | call to sourceInt() | conversions.swift:67:12:67:70 | call to Float.init(sign:exponent:significand:) | result |
| conversions.swift:68:12:68:70 | call to Float.init(sign:exponent:significand:) | conversions.swift:68:57:68:69 | call to sourceFloat() | conversions.swift:68:12:68:70 | call to Float.init(sign:exponent:significand:) | result |
| conversions.swift:70:12:70:57 | call to Float.init(signOf:magnitudeOf:) | conversions.swift:70:44:70:56 | call to sourceFloat() | conversions.swift:70:12:70:57 | call to Float.init(signOf:magnitudeOf:) | result |
| conversions.swift:72:12:72:26 | .exponent | conversions.swift:72:12:72:24 | call to sourceFloat() | conversions.swift:72:12:72:26 | .exponent | result |
| conversions.swift:73:12:73:26 | .significand | conversions.swift:73:12:73:24 | call to sourceFloat() | conversions.swift:73:12:73:26 | .significand | result |
| conversions.swift:77:12:77:25 | call to sourceString() | conversions.swift:77:12:77:25 | call to sourceString() | conversions.swift:77:12:77:25 | call to sourceString() | result |
| conversions.swift:78:12:78:33 | call to String.init(_:) | conversions.swift:78:19:78:32 | call to sourceString() | conversions.swift:78:12:78:33 | call to String.init(_:) | result |
| conversions.swift:95:12:95:12 | parent | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:95:12:95:12 | parent | result |
| conversions.swift:96:12:96:12 | parent | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:96:12:96:12 | parent | result |
| conversions.swift:99:12:99:12 | v3 | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:99:12:99:12 | v3 | result |
| conversions.swift:100:12:100:12 | v3 | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:100:12:100:12 | v3 | result |
| simple.swift:12:13:12:24 | ... .+(_:_:) ... | simple.swift:12:17:12:24 | call to source() | simple.swift:12:13:12:24 | ... .+(_:_:) ... | result |
| simple.swift:13:13:13:24 | ... .+(_:_:) ... | simple.swift:13:13:13:20 | call to source() | simple.swift:13:13:13:24 | ... .+(_:_:) ... | result |
| simple.swift:14:13:14:24 | ... .-(_:_:) ... | simple.swift:14:17:14:24 | call to source() | simple.swift:14:13:14:24 | ... .-(_:_:) ... | result |

50
swift/ql/test/library-tests/dataflow/taint/core/conversions.swift
View File

@@ -22,9 +22,9 @@ class MyString : LosslessStringConvertible, CustomStringConvertible, CustomDebug
func testConversions() {
sink(arg: sourceInt()) // $ tainted=24
sink(arg: Int(sourceInt())) // $ MISSING: tainted=
sink(arg: UInt8(sourceInt())) // $ MISSING: tainted=
sink(arg: Float(sourceInt())) // $ MISSING: tainted=
sink(arg: Int(sourceInt())) // $ tainted=25
sink(arg: UInt8(sourceInt())) // $ tainted=26
sink(arg: Float(sourceInt())) // $ tainted=27
sink(arg: String(sourceInt())) // $ tainted=28
sink(arg: String(sourceInt()).utf8) // $ tainted=29
sink(arg: [UInt8](sourceString().utf8)) // $ MISSING: tainted=
@@ -34,43 +34,43 @@ func testConversions() {
}
let v2: UInt8 = numericCast(sourceInt())
sink(arg: v2) // $ MISSING: tainted=
sink(arg: v2) // $ tainted=36
let v4: UInt = unsafeBitCast(sourceInt(), to: UInt.self)
sink(arg: v4) // $ MISSING: tainted=
sink(arg: v4) // $ tainted=39
let v5 = UInt(truncatingIfNeeded: sourceInt())
sink(arg: v5) // $ MISSING: tainted=
sink(arg: v5) // $ tainted=42
let v6 = UInt(bitPattern: sourceInt())
sink(arg: v6) // $ MISSING: tainted=
sink(arg: v6) // $ tainted=45
sink(arg: Int(exactly: sourceInt())!) // $ MISSING: tainted=
sink(arg: Int(clamping: sourceInt())) // $ MISSING: tainted=
sink(arg: Int(truncatingIfNeeded: sourceInt())) // $ MISSING: tainted=
sink(arg: Int(sourceString(), radix: 10)!) // $ MISSING: tainted=
sink(arg: Int(exactly: sourceInt())!) // $ tainted=48
sink(arg: Int(clamping: sourceInt())) // $ tainted=49
sink(arg: Int(truncatingIfNeeded: sourceInt())) // $ tainted=50
sink(arg: Int(sourceString(), radix: 10)!) // $ tainted=51
sink(arg: Int(littleEndian: sourceInt())) // $ MISSING: tainted=
sink(arg: Int(bigEndian: sourceInt())) // $ MISSING: tainted=
sink(arg: sourceInt().littleEndian) // $ MISSING: tainted=
sink(arg: sourceInt().bigEndian) // $ MISSING: tainted=
sink(arg: Int(littleEndian: sourceInt())) // $ tainted=53
sink(arg: Int(bigEndian: sourceInt())) // $ tainted=54
sink(arg: sourceInt().littleEndian) // $ tainted=55
sink(arg: sourceInt().bigEndian) // $ tainted=56
// ---
sink(arg: sourceFloat()) // $ tainted=60
sink(arg: Float(sourceFloat())) // $ MISSING: tainted=
sink(arg: UInt8(sourceFloat())) // $ MISSING: tainted=
sink(arg: Float(sourceFloat())) // $ tainted=61
sink(arg: UInt8(sourceFloat())) // $ tainted=62
sink(arg: String(sourceFloat())) // $ tainted=63
sink(arg: String(sourceFloat()).utf8) // $ tainted=64
sink(arg: Float(sourceFloat())) // MISSING: tainted=
sink(arg: Float(sign: .plus, exponent: sourceInt(), significand: 0.0)) // MISSING: tainted=
sink(arg: Float(sign: .plus, exponent: 0, significand: sourceFloat())) // MISSING: tainted=
sink(arg: Float(sourceFloat())) // $ tainted=66
sink(arg: Float(sign: .plus, exponent: sourceInt(), significand: 0.0)) // $ tainted=67
sink(arg: Float(sign: .plus, exponent: 0, significand: sourceFloat())) // $ tainted=68
sink(arg: Float(signOf: sourceFloat(), magnitudeOf: 0.0)) // (good)
sink(arg: Float(signOf: 0.0, magnitudeOf: sourceFloat())) // MISSING: tainted=
sink(arg: Float(signOf: 0.0, magnitudeOf: sourceFloat())) // $ tainted=70
sink(arg: sourceFloat().exponent) // $ MISSING: tainted=
sink(arg: sourceFloat().significand) // $ MISSING: tainted=
sink(arg: sourceFloat().exponent) // $ tainted=72
sink(arg: sourceFloat().significand) // $ tainted=73
// ---
@@ -96,6 +96,6 @@ func testConversions() {
sink(arg: parent as! MyChildClass) // $ tainted=94
let v3: MyChildClass = unsafeDowncast(parent, to: MyChildClass.self)
sink(arg: v3) // $ MISSING: tainted=
sink(arg: v3 as! MyParentClass) // $ MISSING: tainted=
sink(arg: v3) // $ tainted=94
sink(arg: v3 as! MyParentClass) // $ tainted=94
}