hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Separate out a FormatString library as well.

Browse Source
This commit is contained in:
Geoffrey White
2022-12-01 17:46:43 +00:00
parent 43596869e7
commit ad05cc3cb1
2 changed files with 75 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
swift/ql/lib/codeql/swift/FormatString.qll Normal file
View File

@@ -0,0 +1,74 @@
/**
* Provides classes and predicates for reasoning about string formatting.
*/
import swift
/**
* A function that takes a `printf` style format argument.
*/
abstract class FormattingFunction extends AbstractFunctionDecl {
/**
* Gets the position of the format argument.
*/
abstract int getFormatParameterIndex();
}
/**
* A call to a function that takes a `printf` style format argument.
*/
class FormattingFunctionCall extends CallExpr {
FormattingFunction target;
FormattingFunctionCall() { target = this.getStaticTarget() }
/**
* Gets the format expression used in this call.
*/
Expr getFormat() { result = this.getArgument(target.getFormatParameterIndex()).getExpr() }
}
/**
* An initializer for `String`, `NSString` or `NSMutableString` that takes a
* `printf` style format argument.
*/
class StringInitWithFormat extends FormattingFunction, MethodDecl {
StringInitWithFormat() {
exists(string fName |
this.hasQualifiedName(["String", "NSString", "NSMutableString"], fName) and
fName.matches("init(format:%")
)
}
override int getFormatParameterIndex() { result = 0 }
}
/**
* The `localizedStringWithFormat` method of `String`, `NSString` and `NSMutableString`.
*/
class LocalizedStringWithFormat extends FormattingFunction, MethodDecl {
LocalizedStringWithFormat() {
this.hasQualifiedName(["String", "NSString", "NSMutableString"],
"localizedStringWithFormat(_:_:)")
}
override int getFormatParameterIndex() { result = 0 }
}
/**
* The functions `NSLog` and `NSLogv`.
*/
class NsLog extends FormattingFunction, FreeFunctionDecl {
NsLog() { this.getName() = ["NSLog(_:_:)", "NSLogv(_:_:)"] }
override int getFormatParameterIndex() { result = 0 }
}
/**
* The `NSException.raise` method.
*/
class NsExceptionRaise extends FormattingFunction, MethodDecl {
NsExceptionRaise() { this.hasQualifiedName("NSException", "raise(_:format:arguments:)") }
override int getFormatParameterIndex() { result = 1 }
}

70
swift/ql/lib/codeql/swift/security/UncontrolledFormatStringQuery.qll
View File

@@ -4,79 +4,11 @@
*/ */
import swift import swift
import codeql.swift.StringFormat
import codeql.swift.dataflow.DataFlow import codeql.swift.dataflow.DataFlow
import codeql.swift.dataflow.TaintTracking import codeql.swift.dataflow.TaintTracking
import codeql.swift.dataflow.FlowSources import codeql.swift.dataflow.FlowSources
/**
* A function that takes a `printf` style format argument.
*/
abstract class FormattingFunction extends AbstractFunctionDecl {
/**
* Gets the position of the format argument.
*/
abstract int getFormatParameterIndex();
}
/**
* An initializer for `String`, `NSString` or `NSMutableString` that takes a
* `printf` style format argument.
*/
class StringInitWithFormat extends FormattingFunction, MethodDecl {
StringInitWithFormat() {
exists(string fName |
this.hasQualifiedName(["String", "NSString", "NSMutableString"], fName) and
fName.matches("init(format:%")
)
}
override int getFormatParameterIndex() { result = 0 }
}
/**
* The `localizedStringWithFormat` method of `String`, `NSString` and `NSMutableString`.
*/
class LocalizedStringWithFormat extends FormattingFunction, MethodDecl {
LocalizedStringWithFormat() {
this.hasQualifiedName(["String", "NSString", "NSMutableString"],
"localizedStringWithFormat(_:_:)")
}
override int getFormatParameterIndex() { result = 0 }
}
/**
* The functions `NSLog` and `NSLogv`.
*/
class NsLog extends FormattingFunction, FreeFunctionDecl {
NsLog() { this.getName() = ["NSLog(_:_:)", "NSLogv(_:_:)"] }
override int getFormatParameterIndex() { result = 0 }
}
/**
* The `NSException.raise` method.
*/
class NsExceptionRaise extends FormattingFunction, MethodDecl {
NsExceptionRaise() { this.hasQualifiedName("NSException", "raise(_:format:arguments:)") }
override int getFormatParameterIndex() { result = 1 }
}
/**
* A call to a function that takes a `printf` style format argument.
*/
class FormattingFunctionCall extends CallExpr {
FormattingFunction target;
FormattingFunctionCall() { target = this.getStaticTarget() }
/**
* Gets the format expression used in this call.
*/
Expr getFormat() { result = this.getArgument(target.getFormatParameterIndex()).getExpr() }
}
/** /**
* A taint configuration for tainted data that reaches a format string. * A taint configuration for tainted data that reaches a format string.
*/ */