Swift: Model getVaList, correct NSLogv sink for swift/cleartext-logging.

2026-05-05 21:55:19 +02:00 · 2023-08-15 13:23:19 +01:00
parent f5d776571b
commit b4595d8b92
4 changed files with 16 additions and 3 deletions
--- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CInterop.qll
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CInterop.qll
@@ -0,0 +1,12 @@
+/**
+ * Provides models for Swift "C Interoperability" functions.
+ */
+
+import swift
+private import codeql.swift.dataflow.ExternalFlow
+
+private class CInteropSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row = ";;false;getVaList(_:);;;Argument[0].ArrayElement;ReturnValue;value"
+  }
+}
--- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/StandardLibrary.qll
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/StandardLibrary.qll
@@ -3,6 +3,7 @@
 */

 private import Array
+private import CInterop
 private import Collection
 private import CustomUrlSchemes
 private import Data
--- a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
@@ -94,7 +94,7 @@ private class LoggingSinks extends SinkModelCsv {
        ";;false;NSLog(_:_:);;;Argument[0];log-injection",
        ";;false;NSLog(_:_:);;;Argument[1].ArrayElement;log-injection",
        ";;false;NSLogv(_:_:);;;Argument[0];log-injection",
-        ";;false;NSLogv(_:_:);;;Argument[1].ArrayElement;log-injection",
+        ";;false;NSLogv(_:_:);;;Argument[1];log-injection",
        ";;false;vfprintf(_:_:_:);;;Agument[1..2];log-injection",
        ";Logger;true;log(_:);;;Argument[0];log-injection",
        ";Logger;true;log(level:_:);;;Argument[1];log-injection",
--- a/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift
+++ b/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift
@@ -96,8 +96,8 @@ func test1(password: String, passwordHash : String, passphrase: String, pass_phr
    NSLog("%@", password as! CVarArg) // $ MISSING: hasCleartextLogging=96
    NSLog("%@ %@", "" as! CVarArg, password as! CVarArg) // $ MISSING: hasCleartextLogging=97
    NSLog("\(password)") // $ hasCleartextLogging=98
-    NSLogv("%@", getVaList([password as! CVarArg])) // $ MISSING: hasCleartextLogging=99
-    NSLogv("%@ %@", getVaList(["" as! CVarArg, password as! CVarArg])) // $ MISSING: hasCleartextLogging=100
+    NSLogv("%@", getVaList([password as! CVarArg])) // $ hasCleartextLogging=99
+    NSLogv("%@ %@", getVaList(["" as! CVarArg, password as! CVarArg])) // $ hasCleartextLogging=100
    NSLog(passwordHash) // SAfe
    NSLogv("%@", getVaList([passwordHash as! CVarArg])) // Safe