hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Make the URLRequest test more accurate.

Browse Source
This commit is contained in:
Geoffrey White
2023-11-02 11:30:54 +00:00
parent 985d1990eb
commit b157d73c10
1 changed files with 15 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
swift/ql/test/library-tests/dataflow/taint/libraries/url.swift
View File

@@ -159,11 +159,12 @@ struct URLRequest : CustomStringConvertible, CustomDebugStringConvertible {
enum NetworkServiceType { case none }
enum Attribution { case none }
var cachePolicy: CachePolicy = .none
var httpMethod: String = ""
var url: URL = URL(string: "")!
var httpBody: Data = Data("")
var httpMethod: String? = ""
var url: URL? = URL(string: "")
var httpBody: Data? = Data("")
var httpBodyStream: InputStream? = nil
var mainDocument: URL = URL(string: "")!
var mainDocumentURL: URL? = URL(string: "")
var allHTTPHeaderFields: [String : String]? = nil
var timeoutInterval: TimeInterval = TimeInterval()
var httpShouldHandleCookies: Bool = false
@@ -204,7 +205,6 @@ func sink(data: Data) {}
func sink(string: String) {}
func sink(int: Int) {}
func sink(any: Any) {}
func taintThroughURL() {
let clean = "http://example.com/"
let tainted = source() as! String
@@ -436,14 +436,16 @@ func taintThroughUrlRequest() {
sink(any: tainted.cachePolicy)
sink(any: clean.httpMethod)
sink(any: tainted.httpMethod)
sink(any: clean.url)
sink(any: tainted.url) // $ tainted=431
sink(any: clean.httpBody)
sink(any: tainted.httpBody) // $ tainted=431
sink(any: clean.url!)
sink(any: tainted.url!) // $ tainted=431
sink(any: clean.httpBody!)
sink(any: tainted.httpBody!) // $ tainted=431
sink(any: clean.httpBodyStream!)
sink(any: tainted.httpBodyStream!) // $ tainted=431
sink(any: clean.mainDocument)
sink(any: tainted.mainDocument) // $ tainted=431
sink(any: clean.mainDocumentURL!)
sink(any: tainted.mainDocumentURL!) // $ MISSING: tainted=431
sink(any: clean.allHTTPHeaderFields!)
sink(any: tainted.allHTTPHeaderFields!) // $ tainted=431
sink(any: clean.timeoutInterval)
@@ -481,19 +483,19 @@ func taintThroughUrlResource() {
let tainted = source() as! URLResource
sink(string: clean.name)
sink(string: tainted.name) // $ tainted=481
sink(string: tainted.name) // $ tainted=483
sink(string: clean.subdirectory!)
sink(string: tainted.subdirectory!) // $ tainted=481
sink(string: tainted.subdirectory!) // $ tainted=483
}
func taintUrlAsync() async throws {
let tainted = source() as! String
let urlTainted = URL(string: tainted)!
sink(any: urlTainted.lines) // $ tainted=490
sink(any: urlTainted.lines) // $ tainted=492
for try await line in urlTainted.lines {
sink(string: line) // $ MISSING: tainted=490
sink(string: line) // $ MISSING: tainted=492
}
}
@@ -510,5 +512,5 @@ func closureReturnValue() {
ptr in
return source() as! String
})
sink(string: r2) // $ tainted=511
sink(string: r2) // $ tainted=513
}