mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Merge pull request #19817 from d10c/d10c/convert-tests-to-qlref
Convert remaining `{go,swift,ruby}-code-scanning.qls` query tests to `.qlref`
This commit is contained in:
Nora Dimitrijević
15
go/ql/test/query-tests/Security/CWE-681/FilterTestResults.ql
Normal file
15
go/ql/test/query-tests/Security/CWE-681/FilterTestResults.ql
Normal file
@@ -0,0 +1,15 @@
|
||||
/**
|
||||
* @kind test-postprocess
|
||||
* @description Remove the query predicates that differ based on 32/64-bit architecture. This should leave behind `invalidModelRowAdd` and `testFailures` in case of test failures.
|
||||
*/
|
||||
|
||||
/**
|
||||
* The input test results: query predicate `relation` contains `data` at (`row`, `column`).
|
||||
*/
|
||||
external private predicate queryResults(string relation, int row, int column, string data);
|
||||
|
||||
/** Holds if the test output's query predicate `relation` contains `data` at (`row`, `column`). */
|
||||
query predicate results(string relation, int row, int column, string data) {
|
||||
queryResults(relation, row, column, data) and
|
||||
not relation in ["#select", "nodes", "edges"]
|
||||
}
|
||||
@@ -1,2 +0,0 @@
|
||||
invalidModelRow
|
||||
testFailures
|
||||
|
||||
@@ -24,7 +24,7 @@ func lookupNumberByName(reg *registry, name string) (int32, error) {
|
||||
return 567, nil
|
||||
}
|
||||
func lab(s string) (*something, error) {
|
||||
num, err := strconv.Atoi(s)
|
||||
num, err := strconv.Atoi(s) // $ Source
|
||||
|
||||
if err != nil {
|
||||
number, err := lookupNumberByName(®istry{}, s)
|
||||
@@ -33,7 +33,7 @@ func lab(s string) (*something, error) {
|
||||
}
|
||||
num = int(number)
|
||||
}
|
||||
target, err := lookupTarget(&config{}, int32(num)) // $ hasValueFlow="num"
|
||||
target, err := lookupTarget(&config{}, int32(num)) // $ Alert
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -63,12 +63,12 @@ func testParseInt() {
|
||||
_ = uint(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseInt("3456", 10, 16)
|
||||
parsed, err := strconv.ParseInt("3456", 10, 16) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed)
|
||||
_ = uint16(parsed)
|
||||
_ = int32(parsed)
|
||||
@@ -79,14 +79,14 @@ func testParseInt() {
|
||||
_ = uint(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseInt("3456", 10, 32)
|
||||
parsed, err := strconv.ParseInt("3456", 10, 32) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed)
|
||||
_ = uint32(parsed)
|
||||
_ = int64(parsed)
|
||||
@@ -95,32 +95,32 @@ func testParseInt() {
|
||||
_ = uint(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseInt("3456", 10, 64)
|
||||
parsed, err := strconv.ParseInt("3456", 10, 64) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed) // $ Alert
|
||||
_ = int64(parsed)
|
||||
_ = uint64(parsed)
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed) // $ Alert
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseInt("3456", 10, 0)
|
||||
parsed, err := strconv.ParseInt("3456", 10, 0) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed) // $ Alert
|
||||
_ = int64(parsed)
|
||||
_ = uint64(parsed)
|
||||
_ = int(parsed)
|
||||
@@ -130,11 +130,11 @@ func testParseInt() {
|
||||
|
||||
func testParseUint() {
|
||||
{
|
||||
parsed, err := strconv.ParseUint("3456", 10, 8)
|
||||
parsed, err := strconv.ParseUint("3456", 10, 8) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed)
|
||||
_ = int16(parsed)
|
||||
_ = uint16(parsed)
|
||||
@@ -146,13 +146,13 @@ func testParseUint() {
|
||||
_ = uint(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint("3456", 10, 16)
|
||||
parsed, err := strconv.ParseUint("3456", 10, 16) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed)
|
||||
_ = int32(parsed)
|
||||
_ = uint32(parsed)
|
||||
@@ -162,66 +162,66 @@ func testParseUint() {
|
||||
_ = uint(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint("3456", 10, 32)
|
||||
parsed, err := strconv.ParseUint("3456", 10, 32) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed)
|
||||
_ = int64(parsed)
|
||||
_ = uint64(parsed)
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint("3456", 10, 64)
|
||||
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int64(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed) // $ Alert
|
||||
_ = int64(parsed) // $ Alert
|
||||
_ = uint64(parsed)
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed) // $ Alert
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint("3456", 10, 0)
|
||||
parsed, err := strconv.ParseUint("3456", 10, 0) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int64(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed) // $ Alert
|
||||
_ = int64(parsed) // $ Alert
|
||||
_ = uint64(parsed)
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed)
|
||||
}
|
||||
}
|
||||
|
||||
func testAtoi() {
|
||||
parsed, err := strconv.Atoi("3456")
|
||||
parsed, err := strconv.Atoi("3456") // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed) // $ Alert
|
||||
_ = int64(parsed)
|
||||
_ = uint64(parsed)
|
||||
_ = int(parsed)
|
||||
@@ -233,19 +233,19 @@ type customInt int16
|
||||
// these should be caught:
|
||||
func typeAliases(input string) {
|
||||
{
|
||||
parsed, err := strconv.ParseInt(input, 10, 32)
|
||||
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
// NOTE: byte is uint8
|
||||
_ = byte(parsed) // $ hasValueFlow="parsed"
|
||||
_ = customInt(parsed) // $ hasValueFlow="parsed"
|
||||
_ = byte(parsed) // $ Alert
|
||||
_ = customInt(parsed) // $ Alert
|
||||
}
|
||||
}
|
||||
|
||||
func testBoundsChecking(input string) {
|
||||
{
|
||||
parsed, err := strconv.Atoi(input)
|
||||
parsed, err := strconv.Atoi(input) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
@@ -253,13 +253,13 @@ func testBoundsChecking(input string) {
|
||||
_ = int8(parsed)
|
||||
}
|
||||
if parsed < math.MaxInt8 {
|
||||
_ = int8(parsed) // $ MISSING: hasValueFlow="parsed" // Not found because we only check for upper bounds
|
||||
_ = int8(parsed) // $ MISSING: Alert // Not found because we only check for upper bounds
|
||||
if parsed >= 0 {
|
||||
_ = int16(parsed)
|
||||
}
|
||||
}
|
||||
if parsed >= math.MinInt8 {
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
if parsed <= 0 {
|
||||
_ = int16(parsed)
|
||||
}
|
||||
@@ -271,51 +271,51 @@ func testBoundsChecking(input string) {
|
||||
}
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint(input, 10, 0)
|
||||
parsed, err := strconv.ParseUint(input, 10, 0) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if parsed <= math.MaxUint64 {
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int64(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed) // $ Alert
|
||||
_ = int64(parsed) // $ Alert
|
||||
_ = uint64(parsed)
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed)
|
||||
}
|
||||
if parsed <= math.MaxInt64 {
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed) // $ Alert
|
||||
_ = int64(parsed)
|
||||
_ = uint64(parsed)
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed)
|
||||
}
|
||||
if parsed <= math.MaxUint32 {
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed)
|
||||
_ = int64(parsed)
|
||||
_ = uint64(parsed)
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed)
|
||||
}
|
||||
if parsed <= math.MaxInt32 {
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed)
|
||||
_ = uint32(parsed)
|
||||
_ = int64(parsed)
|
||||
@@ -325,25 +325,25 @@ func testBoundsChecking(input string) {
|
||||
}
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint(input, 10, 32)
|
||||
parsed, err := strconv.ParseUint(input, 10, 32) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if parsed <= math.MaxUint16 {
|
||||
_ = uint16(parsed)
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ Alert
|
||||
}
|
||||
if parsed <= 255 {
|
||||
_ = uint8(parsed)
|
||||
}
|
||||
if parsed <= 256 {
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ Alert
|
||||
}
|
||||
if err == nil && 1 == 1 && parsed < math.MaxInt8 {
|
||||
_ = int8(parsed)
|
||||
}
|
||||
if parsed > 42 {
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ Alert
|
||||
}
|
||||
if parsed >= math.MaxUint8+1 {
|
||||
return
|
||||
@@ -389,64 +389,64 @@ func testRightShifted(input string) {
|
||||
_ = byte(parsed >> 8 & 0xff)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseInt(input, 10, 16)
|
||||
parsed, err := strconv.ParseInt(input, 10, 16) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = byte(parsed) // $ hasValueFlow="parsed"
|
||||
_ = byte(parsed) // $ Alert
|
||||
_ = byte(parsed << 8)
|
||||
}
|
||||
}
|
||||
|
||||
func testPathWithMoreThanOneSink(input string) {
|
||||
{
|
||||
parsed, err := strconv.ParseInt(input, 10, 32)
|
||||
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
v1 := int16(parsed) // $ hasValueFlow="parsed"
|
||||
v1 := int16(parsed) // $ Alert
|
||||
_ = int16(v1)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseInt(input, 10, 32)
|
||||
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
v := int16(parsed) // $ hasValueFlow="parsed"
|
||||
v := int16(parsed) // $ Alert
|
||||
_ = int8(v)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseInt(input, 10, 32)
|
||||
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
v1 := int32(parsed)
|
||||
v2 := int16(v1) // $ hasValueFlow="v1"
|
||||
v2 := int16(v1) // $ Alert
|
||||
_ = int8(v2)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseInt(input, 10, 16)
|
||||
parsed, err := strconv.ParseInt(input, 10, 16) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
v1 := int64(parsed)
|
||||
v2 := int32(v1)
|
||||
v3 := int16(v2)
|
||||
_ = int8(v3) // $ hasValueFlow="v3"
|
||||
_ = int8(v3) // $ Alert
|
||||
}
|
||||
}
|
||||
|
||||
func testUsingStrConvIntSize(input string) {
|
||||
parsed, err := strconv.ParseInt(input, 10, strconv.IntSize)
|
||||
parsed, err := strconv.ParseInt(input, 10, strconv.IntSize) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint8(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint16(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int8(parsed) // $ Alert
|
||||
_ = uint8(parsed) // $ Alert
|
||||
_ = int16(parsed) // $ Alert
|
||||
_ = uint16(parsed) // $ Alert
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed) // $ Alert
|
||||
_ = int64(parsed)
|
||||
_ = uint64(parsed)
|
||||
_ = int(parsed)
|
||||
@@ -490,7 +490,7 @@ func dealWithArchSizeCorrectly(s string) uint {
|
||||
}
|
||||
|
||||
func typeSwitch1(s string) {
|
||||
i64, _ := strconv.ParseInt(s, 10, 64)
|
||||
i64, _ := strconv.ParseInt(s, 10, 64) // $ Source
|
||||
var input any = i64
|
||||
switch v := input.(type) {
|
||||
case int16, string:
|
||||
@@ -498,19 +498,19 @@ func typeSwitch1(s string) {
|
||||
return
|
||||
}
|
||||
_ = int16(v.(int16))
|
||||
_ = int8(v.(int16)) // $ hasValueFlow="type assertion"
|
||||
_ = int8(v.(int16)) // $ Alert
|
||||
case int32:
|
||||
_ = int32(v)
|
||||
_ = int8(v) // $ hasValueFlow="v"
|
||||
_ = int8(v) // $ Alert
|
||||
case int64:
|
||||
_ = int8(v) // $ hasValueFlow="v"
|
||||
_ = int8(v) // $ Alert
|
||||
default:
|
||||
_ = int8(v.(int64)) // $ hasValueFlow="type assertion"
|
||||
_ = int8(v.(int64)) // $ Alert
|
||||
}
|
||||
}
|
||||
|
||||
func typeSwitch2(s string) {
|
||||
i64, _ := strconv.ParseInt(s, 10, 64)
|
||||
i64, _ := strconv.ParseInt(s, 10, 64) // $ Source
|
||||
var input any = i64
|
||||
switch input.(type) {
|
||||
case int16, string:
|
||||
@@ -518,25 +518,25 @@ func typeSwitch2(s string) {
|
||||
return
|
||||
}
|
||||
_ = int16(input.(int16))
|
||||
_ = int8(input.(int16)) // $ hasValueFlow="type assertion"
|
||||
_ = int8(input.(int16)) // $ Alert
|
||||
case int32:
|
||||
_ = int32(input.(int32))
|
||||
_ = int8(input.(int32)) // $ hasValueFlow="type assertion"
|
||||
_ = int8(input.(int32)) // $ Alert
|
||||
case int64:
|
||||
_ = int8(input.(int64)) // $ hasValueFlow="type assertion"
|
||||
_ = int8(input.(int64)) // $ Alert
|
||||
default:
|
||||
_ = int8(input.(int64)) // $ hasValueFlow="type assertion"
|
||||
_ = int8(input.(int64)) // $ Alert
|
||||
}
|
||||
}
|
||||
|
||||
func checkedTypeAssertion(s string) {
|
||||
i64, _ := strconv.ParseInt(s, 10, 64)
|
||||
i64, _ := strconv.ParseInt(s, 10, 64) // $ Source
|
||||
var input any = i64
|
||||
if v, ok := input.(int16); ok {
|
||||
// Need to account for the fact that within this case clause, v is an int16
|
||||
_ = int16(v)
|
||||
_ = int8(v) // $ hasValueFlow="v"
|
||||
_ = int8(v) // $ Alert
|
||||
} else if v, ok := input.(int32); ok {
|
||||
_ = int16(v) // $ hasValueFlow="v"
|
||||
_ = int16(v) // $ Alert
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,20 +0,0 @@
|
||||
import go
|
||||
import semmle.go.dataflow.ExternalFlow
|
||||
import ModelValidation
|
||||
import utils.test.InlineExpectationsTest
|
||||
import semmle.go.security.IncorrectIntegerConversionLib
|
||||
|
||||
module TestIncorrectIntegerConversion implements TestSig {
|
||||
string getARelevantTag() { result = "hasValueFlow" }
|
||||
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasValueFlow" and
|
||||
exists(DataFlow::Node sink | Flow::flowTo(sink) |
|
||||
sink.getLocation() = location and
|
||||
element = sink.toString() and
|
||||
value = "\"" + sink.toString() + "\""
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<TestIncorrectIntegerConversion>
|
||||
@@ -0,0 +1,5 @@
|
||||
query: Security/CWE-681/IncorrectIntegerConversionQuery.ql
|
||||
postprocess:
|
||||
- utils/test/PrettyPrintModels.ql
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
- ./FilterTestResults.ql
|
||||
@@ -16,11 +16,11 @@ func testIntSource386() {
|
||||
_ = uint32(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint("3456", 10, 0)
|
||||
parsed, err := strconv.ParseUint("3456", 10, 0) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed)
|
||||
}
|
||||
{
|
||||
|
||||
@@ -19,11 +19,11 @@ func testIntSource32() {
|
||||
_ = uint32(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint("3456", 10, 0)
|
||||
parsed, err := strconv.ParseUint("3456", 10, 0) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed)
|
||||
}
|
||||
{
|
||||
|
||||
@@ -16,11 +16,11 @@ func testIntSinkAmd64() {
|
||||
_ = uint(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint("3456", 10, 64)
|
||||
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,11 +19,11 @@ func testIntSink64() {
|
||||
_ = uint(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint("3456", 10, 64)
|
||||
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,19 +9,19 @@ import (
|
||||
|
||||
func testIntSizeIsArchicturallyDependent1() {
|
||||
{
|
||||
parsed, err := strconv.ParseInt("3456", 10, 0)
|
||||
parsed, err := strconv.ParseInt("3456", 10, 0) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint32(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int32(parsed) // $ Alert
|
||||
_ = uint32(parsed) // $ Alert
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseInt("3456", 10, 64)
|
||||
parsed, err := strconv.ParseInt("3456", 10, 64) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = uint(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed) // $ Alert
|
||||
}
|
||||
}
|
||||
|
||||
@@ -20,11 +20,11 @@ func oldTestIntSink64() {
|
||||
_ = uint(parsed)
|
||||
}
|
||||
{
|
||||
parsed, err := strconv.ParseUint("3456", 10, 64)
|
||||
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
_ = int(parsed) // $ hasValueFlow="parsed"
|
||||
_ = int(parsed) // $ Alert
|
||||
_ = uint(parsed)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,2 +1,22 @@
|
||||
invalidModelRow
|
||||
testFailures
|
||||
#select
|
||||
| UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | This memory allocation depends on a $@. | UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | user-provided value |
|
||||
edges
|
||||
| UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | provenance | Src:MaD:1 MaD:2 |
|
||||
| UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | UncontrolledAllocationSizeBad.go:13:15:13:20 | source | provenance | |
|
||||
| UncontrolledAllocationSizeBad.go:13:15:13:20 | source | UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | provenance | MaD:3 |
|
||||
| UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | provenance | |
|
||||
| UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | provenance | |
|
||||
| UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | provenance | Config |
|
||||
models
|
||||
| 1 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
|
||||
| 2 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual |
|
||||
| 3 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
|
||||
nodes
|
||||
| UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | semmle.label | selection of URL |
|
||||
| UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | semmle.label | call to Query |
|
||||
| UncontrolledAllocationSizeBad.go:13:15:13:20 | source | semmle.label | source |
|
||||
| UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | semmle.label | call to Get |
|
||||
| UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | semmle.label | ... := ...[0] |
|
||||
| UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | semmle.label | sourceStr |
|
||||
| UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | semmle.label | sink |
|
||||
subpaths
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
import go
|
||||
import semmle.go.dataflow.ExternalFlow
|
||||
import ModelValidation
|
||||
import semmle.go.security.UncontrolledAllocationSize
|
||||
import utils.test.InlineFlowTest
|
||||
import FlowTest<UncontrolledAllocationSize::Config, UncontrolledAllocationSize::Config>
|
||||
@@ -0,0 +1,4 @@
|
||||
query: Security/CWE-770/UncontrolledAllocationSize.ql
|
||||
postprocess:
|
||||
- utils/test/PrettyPrintModels.ql
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
@@ -8,7 +8,7 @@ import (
|
||||
)
|
||||
|
||||
func OutOfMemoryBad(w http.ResponseWriter, r *http.Request) {
|
||||
source := r.URL.Query()
|
||||
source := r.URL.Query() // $ Source
|
||||
|
||||
sourceStr := source.Get("n")
|
||||
sink, err := strconv.Atoi(sourceStr)
|
||||
@@ -17,7 +17,7 @@ func OutOfMemoryBad(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
result := make([]string, sink) // $hasTaintFlow="sink"
|
||||
result := make([]string, sink) // $ Alert
|
||||
for i := 0; i < sink; i++ {
|
||||
result[i] = fmt.Sprintf("Item %d", i+1)
|
||||
}
|
||||
|
||||
6
ruby/ql/lib/utils/test/PrettyPrintModels.ql
Normal file
6
ruby/ql/lib/utils/test/PrettyPrintModels.ql
Normal file
@@ -0,0 +1,6 @@
|
||||
/**
|
||||
* @kind test-postprocess
|
||||
*/
|
||||
|
||||
import codeql.ruby.frameworks.data.internal.ApiGraphModels
|
||||
import codeql.dataflow.test.ProvenancePathGraph::TestPostProcessing::TranslateProvenanceResults<interpretModelForTest/2>
|
||||
@@ -1,32 +1,49 @@
|
||||
models
|
||||
| 1 | Sink: Terrapin::CommandLine!; Method[new].Argument[0]; command-injection |
|
||||
| 2 | Sink: Terrapin::CommandLine!; Method[new].Argument[1]; command-injection |
|
||||
#select
|
||||
| CommandInjection.rb:7:10:7:15 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:7:10:7:15 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:8:16:8:18 | cmd | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:8:16:8:18 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:10:14:10:16 | cmd | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:10:14:10:16 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:11:17:11:22 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:11:17:11:22 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:13:9:13:14 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:13:9:13:14 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:30:19:30:24 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:30:19:30:24 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:34:24:34:36 | "echo #{...}" | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:34:24:34:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:35:39:35:51 | "grep #{...}" | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:35:39:35:51 | "grep #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:51:24:51:36 | "echo #{...}" | CommandInjection.rb:47:15:47:20 | call to params | CommandInjection.rb:51:24:51:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:47:15:47:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:60:14:60:16 | cmd | CommandInjection.rb:55:13:55:18 | call to params | CommandInjection.rb:60:14:60:16 | cmd | This command depends on a $@. | CommandInjection.rb:55:13:55:18 | call to params | user-provided value |
|
||||
| CommandInjection.rb:75:14:75:29 | "echo #{...}" | CommandInjection.rb:74:18:74:23 | number | CommandInjection.rb:75:14:75:29 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:74:18:74:23 | number | user-provided value |
|
||||
| CommandInjection.rb:83:14:83:34 | "echo #{...}" | CommandInjection.rb:82:23:82:33 | blah_number | CommandInjection.rb:83:14:83:34 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:82:23:82:33 | blah_number | user-provided value |
|
||||
| CommandInjection.rb:92:14:92:39 | "echo #{...}" | CommandInjection.rb:92:22:92:37 | ...[...] | CommandInjection.rb:92:14:92:39 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:92:22:92:37 | ...[...] | user-provided value |
|
||||
| CommandInjection.rb:105:16:105:28 | "cat #{...}" | CommandInjection.rb:104:16:104:21 | call to params | CommandInjection.rb:105:16:105:28 | "cat #{...}" | This command depends on a $@. | CommandInjection.rb:104:16:104:21 | call to params | user-provided value |
|
||||
| CommandInjection.rb:112:33:112:44 | ...[...] | CommandInjection.rb:112:33:112:38 | call to params | CommandInjection.rb:112:33:112:44 | ...[...] | This command depends on a $@. | CommandInjection.rb:112:33:112:38 | call to params | user-provided value |
|
||||
| CommandInjection.rb:114:41:114:56 | "#{...}" | CommandInjection.rb:114:44:114:49 | call to params | CommandInjection.rb:114:41:114:56 | "#{...}" | This command depends on a $@. | CommandInjection.rb:114:44:114:49 | call to params | user-provided value |
|
||||
edges
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:7:10:7:15 | #{...} | provenance | |
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:8:16:8:18 | cmd | provenance | |
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:10:14:10:16 | cmd | provenance | |
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:11:17:11:22 | #{...} | provenance | |
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:13:9:13:14 | #{...} | provenance | |
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:29:19:29:24 | #{...} | provenance | |
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:33:24:33:36 | "echo #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:34:39:34:51 | "grep #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:30:19:30:24 | #{...} | provenance | |
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:34:24:34:36 | "echo #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:35:39:35:51 | "grep #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:6:15:6:26 | ...[...] | provenance | |
|
||||
| CommandInjection.rb:6:15:6:26 | ...[...] | CommandInjection.rb:6:9:6:11 | cmd | provenance | |
|
||||
| CommandInjection.rb:46:9:46:11 | cmd | CommandInjection.rb:50:24:50:36 | "echo #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:46:15:46:20 | call to params | CommandInjection.rb:46:15:46:26 | ...[...] | provenance | |
|
||||
| CommandInjection.rb:46:15:46:26 | ...[...] | CommandInjection.rb:46:9:46:11 | cmd | provenance | |
|
||||
| CommandInjection.rb:54:7:54:9 | cmd | CommandInjection.rb:59:14:59:16 | cmd | provenance | |
|
||||
| CommandInjection.rb:54:13:54:18 | call to params | CommandInjection.rb:54:13:54:24 | ...[...] | provenance | |
|
||||
| CommandInjection.rb:54:13:54:24 | ...[...] | CommandInjection.rb:54:7:54:9 | cmd | provenance | |
|
||||
| CommandInjection.rb:73:18:73:23 | number | CommandInjection.rb:74:14:74:29 | "echo #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:81:23:81:33 | blah_number | CommandInjection.rb:82:14:82:34 | "echo #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:91:22:91:37 | ...[...] | CommandInjection.rb:91:14:91:39 | "echo #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:103:9:103:12 | file | CommandInjection.rb:104:16:104:28 | "cat #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:103:16:103:21 | call to params | CommandInjection.rb:103:16:103:28 | ...[...] | provenance | |
|
||||
| CommandInjection.rb:103:16:103:28 | ...[...] | CommandInjection.rb:103:9:103:12 | file | provenance | |
|
||||
| CommandInjection.rb:111:33:111:38 | call to params | CommandInjection.rb:111:33:111:44 | ...[...] | provenance | Sink:MaD:1 |
|
||||
| CommandInjection.rb:113:44:113:49 | call to params | CommandInjection.rb:113:44:113:54 | ...[...] | provenance | |
|
||||
| CommandInjection.rb:113:44:113:54 | ...[...] | CommandInjection.rb:113:41:113:56 | "#{...}" | provenance | AdditionalTaintStep Sink:MaD:2 |
|
||||
| CommandInjection.rb:47:9:47:11 | cmd | CommandInjection.rb:51:24:51:36 | "echo #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:47:15:47:20 | call to params | CommandInjection.rb:47:15:47:26 | ...[...] | provenance | |
|
||||
| CommandInjection.rb:47:15:47:26 | ...[...] | CommandInjection.rb:47:9:47:11 | cmd | provenance | |
|
||||
| CommandInjection.rb:55:7:55:9 | cmd | CommandInjection.rb:60:14:60:16 | cmd | provenance | |
|
||||
| CommandInjection.rb:55:13:55:18 | call to params | CommandInjection.rb:55:13:55:24 | ...[...] | provenance | |
|
||||
| CommandInjection.rb:55:13:55:24 | ...[...] | CommandInjection.rb:55:7:55:9 | cmd | provenance | |
|
||||
| CommandInjection.rb:74:18:74:23 | number | CommandInjection.rb:75:14:75:29 | "echo #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:82:23:82:33 | blah_number | CommandInjection.rb:83:14:83:34 | "echo #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:92:22:92:37 | ...[...] | CommandInjection.rb:92:14:92:39 | "echo #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:104:9:104:12 | file | CommandInjection.rb:105:16:105:28 | "cat #{...}" | provenance | AdditionalTaintStep |
|
||||
| CommandInjection.rb:104:16:104:21 | call to params | CommandInjection.rb:104:16:104:28 | ...[...] | provenance | |
|
||||
| CommandInjection.rb:104:16:104:28 | ...[...] | CommandInjection.rb:104:9:104:12 | file | provenance | |
|
||||
| CommandInjection.rb:112:33:112:38 | call to params | CommandInjection.rb:112:33:112:44 | ...[...] | provenance | Sink:MaD:1 |
|
||||
| CommandInjection.rb:114:44:114:49 | call to params | CommandInjection.rb:114:44:114:54 | ...[...] | provenance | |
|
||||
| CommandInjection.rb:114:44:114:54 | ...[...] | CommandInjection.rb:114:41:114:56 | "#{...}" | provenance | AdditionalTaintStep Sink:MaD:2 |
|
||||
models
|
||||
| 1 | Sink: Terrapin::CommandLine!; Method[new].Argument[0]; command-injection |
|
||||
| 2 | Sink: Terrapin::CommandLine!; Method[new].Argument[1]; command-injection |
|
||||
nodes
|
||||
| CommandInjection.rb:6:9:6:11 | cmd | semmle.label | cmd |
|
||||
| CommandInjection.rb:6:15:6:20 | call to params | semmle.label | call to params |
|
||||
@@ -36,47 +53,30 @@ nodes
|
||||
| CommandInjection.rb:10:14:10:16 | cmd | semmle.label | cmd |
|
||||
| CommandInjection.rb:11:17:11:22 | #{...} | semmle.label | #{...} |
|
||||
| CommandInjection.rb:13:9:13:14 | #{...} | semmle.label | #{...} |
|
||||
| CommandInjection.rb:29:19:29:24 | #{...} | semmle.label | #{...} |
|
||||
| CommandInjection.rb:33:24:33:36 | "echo #{...}" | semmle.label | "echo #{...}" |
|
||||
| CommandInjection.rb:34:39:34:51 | "grep #{...}" | semmle.label | "grep #{...}" |
|
||||
| CommandInjection.rb:46:9:46:11 | cmd | semmle.label | cmd |
|
||||
| CommandInjection.rb:46:15:46:20 | call to params | semmle.label | call to params |
|
||||
| CommandInjection.rb:46:15:46:26 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:50:24:50:36 | "echo #{...}" | semmle.label | "echo #{...}" |
|
||||
| CommandInjection.rb:54:7:54:9 | cmd | semmle.label | cmd |
|
||||
| CommandInjection.rb:54:13:54:18 | call to params | semmle.label | call to params |
|
||||
| CommandInjection.rb:54:13:54:24 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:59:14:59:16 | cmd | semmle.label | cmd |
|
||||
| CommandInjection.rb:73:18:73:23 | number | semmle.label | number |
|
||||
| CommandInjection.rb:74:14:74:29 | "echo #{...}" | semmle.label | "echo #{...}" |
|
||||
| CommandInjection.rb:81:23:81:33 | blah_number | semmle.label | blah_number |
|
||||
| CommandInjection.rb:82:14:82:34 | "echo #{...}" | semmle.label | "echo #{...}" |
|
||||
| CommandInjection.rb:91:14:91:39 | "echo #{...}" | semmle.label | "echo #{...}" |
|
||||
| CommandInjection.rb:91:22:91:37 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:103:9:103:12 | file | semmle.label | file |
|
||||
| CommandInjection.rb:103:16:103:21 | call to params | semmle.label | call to params |
|
||||
| CommandInjection.rb:103:16:103:28 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:104:16:104:28 | "cat #{...}" | semmle.label | "cat #{...}" |
|
||||
| CommandInjection.rb:111:33:111:38 | call to params | semmle.label | call to params |
|
||||
| CommandInjection.rb:111:33:111:44 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:113:41:113:56 | "#{...}" | semmle.label | "#{...}" |
|
||||
| CommandInjection.rb:113:44:113:49 | call to params | semmle.label | call to params |
|
||||
| CommandInjection.rb:113:44:113:54 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:30:19:30:24 | #{...} | semmle.label | #{...} |
|
||||
| CommandInjection.rb:34:24:34:36 | "echo #{...}" | semmle.label | "echo #{...}" |
|
||||
| CommandInjection.rb:35:39:35:51 | "grep #{...}" | semmle.label | "grep #{...}" |
|
||||
| CommandInjection.rb:47:9:47:11 | cmd | semmle.label | cmd |
|
||||
| CommandInjection.rb:47:15:47:20 | call to params | semmle.label | call to params |
|
||||
| CommandInjection.rb:47:15:47:26 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:51:24:51:36 | "echo #{...}" | semmle.label | "echo #{...}" |
|
||||
| CommandInjection.rb:55:7:55:9 | cmd | semmle.label | cmd |
|
||||
| CommandInjection.rb:55:13:55:18 | call to params | semmle.label | call to params |
|
||||
| CommandInjection.rb:55:13:55:24 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:60:14:60:16 | cmd | semmle.label | cmd |
|
||||
| CommandInjection.rb:74:18:74:23 | number | semmle.label | number |
|
||||
| CommandInjection.rb:75:14:75:29 | "echo #{...}" | semmle.label | "echo #{...}" |
|
||||
| CommandInjection.rb:82:23:82:33 | blah_number | semmle.label | blah_number |
|
||||
| CommandInjection.rb:83:14:83:34 | "echo #{...}" | semmle.label | "echo #{...}" |
|
||||
| CommandInjection.rb:92:14:92:39 | "echo #{...}" | semmle.label | "echo #{...}" |
|
||||
| CommandInjection.rb:92:22:92:37 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:104:9:104:12 | file | semmle.label | file |
|
||||
| CommandInjection.rb:104:16:104:21 | call to params | semmle.label | call to params |
|
||||
| CommandInjection.rb:104:16:104:28 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:105:16:105:28 | "cat #{...}" | semmle.label | "cat #{...}" |
|
||||
| CommandInjection.rb:112:33:112:38 | call to params | semmle.label | call to params |
|
||||
| CommandInjection.rb:112:33:112:44 | ...[...] | semmle.label | ...[...] |
|
||||
| CommandInjection.rb:114:41:114:56 | "#{...}" | semmle.label | "#{...}" |
|
||||
| CommandInjection.rb:114:44:114:49 | call to params | semmle.label | call to params |
|
||||
| CommandInjection.rb:114:44:114:54 | ...[...] | semmle.label | ...[...] |
|
||||
subpaths
|
||||
#select
|
||||
| CommandInjection.rb:7:10:7:15 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:7:10:7:15 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:8:16:8:18 | cmd | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:8:16:8:18 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:10:14:10:16 | cmd | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:10:14:10:16 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:11:17:11:22 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:11:17:11:22 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:13:9:13:14 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:13:9:13:14 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:29:19:29:24 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:29:19:29:24 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:33:24:33:36 | "echo #{...}" | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:33:24:33:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:34:39:34:51 | "grep #{...}" | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:34:39:34:51 | "grep #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:50:24:50:36 | "echo #{...}" | CommandInjection.rb:46:15:46:20 | call to params | CommandInjection.rb:50:24:50:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:46:15:46:20 | call to params | user-provided value |
|
||||
| CommandInjection.rb:59:14:59:16 | cmd | CommandInjection.rb:54:13:54:18 | call to params | CommandInjection.rb:59:14:59:16 | cmd | This command depends on a $@. | CommandInjection.rb:54:13:54:18 | call to params | user-provided value |
|
||||
| CommandInjection.rb:74:14:74:29 | "echo #{...}" | CommandInjection.rb:73:18:73:23 | number | CommandInjection.rb:74:14:74:29 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:73:18:73:23 | number | user-provided value |
|
||||
| CommandInjection.rb:82:14:82:34 | "echo #{...}" | CommandInjection.rb:81:23:81:33 | blah_number | CommandInjection.rb:82:14:82:34 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:81:23:81:33 | blah_number | user-provided value |
|
||||
| CommandInjection.rb:91:14:91:39 | "echo #{...}" | CommandInjection.rb:91:22:91:37 | ...[...] | CommandInjection.rb:91:14:91:39 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:91:22:91:37 | ...[...] | user-provided value |
|
||||
| CommandInjection.rb:104:16:104:28 | "cat #{...}" | CommandInjection.rb:103:16:103:21 | call to params | CommandInjection.rb:104:16:104:28 | "cat #{...}" | This command depends on a $@. | CommandInjection.rb:103:16:103:21 | call to params | user-provided value |
|
||||
| CommandInjection.rb:111:33:111:44 | ...[...] | CommandInjection.rb:111:33:111:38 | call to params | CommandInjection.rb:111:33:111:44 | ...[...] | This command depends on a $@. | CommandInjection.rb:111:33:111:38 | call to params | user-provided value |
|
||||
| CommandInjection.rb:113:41:113:56 | "#{...}" | CommandInjection.rb:113:44:113:49 | call to params | CommandInjection.rb:113:41:113:56 | "#{...}" | This command depends on a $@. | CommandInjection.rb:113:44:113:49 | call to params | user-provided value |
|
||||
|
||||
@@ -1,16 +0,0 @@
|
||||
/**
|
||||
* @kind path-problem
|
||||
*/
|
||||
|
||||
import codeql.ruby.AST
|
||||
import codeql.ruby.security.CommandInjectionQuery
|
||||
import codeql.dataflow.test.ProvenancePathGraph
|
||||
import codeql.ruby.frameworks.data.internal.ApiGraphModels
|
||||
import ShowProvenance<interpretModelForTest/2, CommandInjectionFlow::PathNode, CommandInjectionFlow::PathGraph>
|
||||
|
||||
from CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, Source sourceNode
|
||||
where
|
||||
CommandInjectionFlow::flowPath(source, sink) and
|
||||
sourceNode = source.getNode()
|
||||
select sink.getNode(), source, sink, "This command depends on a $@.", sourceNode,
|
||||
sourceNode.getSourceType()
|
||||
@@ -0,0 +1,4 @@
|
||||
query: queries/security/cwe-078/CommandInjection.ql
|
||||
postprocess:
|
||||
- utils/test/PrettyPrintModels.ql
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
@@ -3,14 +3,15 @@ require "open3"
|
||||
|
||||
class UsersController < ActionController::Base
|
||||
def create
|
||||
cmd = params[:cmd]
|
||||
`#{cmd}`
|
||||
system(cmd)
|
||||
cmd = params[:cmd] # $ Source
|
||||
`#{cmd}` # $ Alert
|
||||
system(cmd) # $ Alert
|
||||
system("echo", cmd) # OK, because cmd is not shell interpreted
|
||||
exec(cmd)
|
||||
%x(echo #{cmd})
|
||||
exec(cmd) # $ Alert
|
||||
%x(echo #{cmd}) # $ Alert
|
||||
result = <<`EOF`
|
||||
#{cmd}
|
||||
#{cmd} #{# $ Alert
|
||||
}
|
||||
EOF
|
||||
|
||||
safe_cmd_1 = Shellwords.escape(cmd)
|
||||
@@ -26,12 +27,12 @@ EOF
|
||||
if %w(foo bar).include? cmd
|
||||
`echo #{cmd}`
|
||||
else
|
||||
`echo #{cmd}`
|
||||
`echo #{cmd}` # $ Alert
|
||||
end
|
||||
|
||||
# Open3 methods
|
||||
Open3.capture2("echo #{cmd}")
|
||||
Open3.pipeline("cat foo.txt", "grep #{cmd}")
|
||||
Open3.capture2("echo #{cmd}") # $ Alert
|
||||
Open3.pipeline("cat foo.txt", "grep #{cmd}") # $ Alert
|
||||
Open3.pipeline(["echo", cmd], "tail") # OK, because cmd is not shell interpreted
|
||||
end
|
||||
|
||||
@@ -43,20 +44,20 @@ EOF
|
||||
end
|
||||
|
||||
def index
|
||||
cmd = params[:key]
|
||||
cmd = params[:key] # $ Source
|
||||
if %w(foo bar).include? cmd
|
||||
`echo #{cmd}`
|
||||
end
|
||||
Open3.capture2("echo #{cmd}")
|
||||
Open3.capture2("echo #{cmd}") # $ Alert
|
||||
end
|
||||
|
||||
def update
|
||||
cmd = params[:key]
|
||||
cmd = params[:key] # $ Source
|
||||
case cmd
|
||||
when "foo"
|
||||
system(cmd)
|
||||
end
|
||||
system(cmd)
|
||||
system(cmd) # $ Alert
|
||||
end
|
||||
end
|
||||
|
||||
@@ -70,16 +71,16 @@ module Types
|
||||
field :with_arg, String, null: false, description: "A field with an argument" do
|
||||
argument :number, Int, "A number", required: true
|
||||
end
|
||||
def with_arg(number:)
|
||||
system("echo #{number}")
|
||||
def with_arg(number:) # $ Source
|
||||
system("echo #{number}") # $ Alert
|
||||
number.to_s
|
||||
end
|
||||
|
||||
field :with_method, String, null: false, description: "A field with a custom resolver method", resolver_method: :custom_method do
|
||||
argument :blah_number, Int, "A number", required: true
|
||||
end
|
||||
def custom_method(blah_number:, number: nil)
|
||||
system("echo #{blah_number}")
|
||||
def custom_method(blah_number:, number: nil) # $ Source
|
||||
system("echo #{blah_number}") # $ Alert
|
||||
system("echo #{number}") # OK, number: is not an `argument` for this field
|
||||
blah_number.to_s
|
||||
end
|
||||
@@ -88,7 +89,7 @@ module Types
|
||||
argument :something, Int, "A number", required: true
|
||||
end
|
||||
def with_splat(**args)
|
||||
system("echo #{args[:something]}")
|
||||
system("echo #{args[:something]}") # $ Alert
|
||||
args[:something].to_s
|
||||
end
|
||||
|
||||
@@ -100,17 +101,17 @@ end
|
||||
|
||||
class Foo < ActionController::Base
|
||||
def create
|
||||
file = params[:file]
|
||||
system("cat #{file}")
|
||||
file = params[:file] # $ Source
|
||||
system("cat #{file}") # $ Alert
|
||||
# .shellescape
|
||||
system("cat #{file.shellescape}") # OK, because file is shell escaped
|
||||
|
||||
|
||||
end
|
||||
|
||||
def index
|
||||
Terrapin::CommandLine.new(params[:foo], "bar") # BAD
|
||||
Terrapin::CommandLine.new(params[:foo], "bar") # $ Alert
|
||||
|
||||
Terrapin::CommandLine.new("echo", "#{params[foo]}") # BAD
|
||||
Terrapin::CommandLine.new("echo", "#{params[foo]}") # $ Alert
|
||||
|
||||
cmd = Terrapin::CommandLine.new("echo", ":msg")
|
||||
cmd.run(msg: params[:foo]) # GOOD
|
||||
|
||||
@@ -1,4 +1,14 @@
|
||||
testFailures
|
||||
#select
|
||||
| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | $@ of sensitive file from $@. | insecure_download.rb:27:5:27:46 | call to get | Download | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | HTTP source |
|
||||
| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | $@ of sensitive file from $@. | insecure_download.rb:27:5:27:46 | call to get | Download | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | HTTP source |
|
||||
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | insecure_download.rb:33:15:33:17 | url | $@ of sensitive file from $@. | insecure_download.rb:33:5:33:18 | call to get | Download | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | HTTP source |
|
||||
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | insecure_download.rb:33:15:33:17 | url | $@ of sensitive file from $@. | insecure_download.rb:33:5:33:18 | call to get | Download | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | HTTP source |
|
||||
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | $@ of sensitive file from $@. | insecure_download.rb:33:5:33:18 | call to get | Download | insecure_download.rb:33:15:33:17 | url | HTTP source |
|
||||
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | $@ of sensitive file from $@. | insecure_download.rb:33:5:33:18 | call to get | Download | insecure_download.rb:33:15:33:17 | url | HTTP source |
|
||||
| insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | $@ of sensitive file from $@. | insecure_download.rb:37:32:37:69 | call to get | Download | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | HTTP source |
|
||||
| insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | $@ of sensitive file from $@. | insecure_download.rb:41:27:41:64 | call to get | Download | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | HTTP source |
|
||||
| insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | $@ of sensitive file from $@. | insecure_download.rb:43:12:43:57 | call to get | Download | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | HTTP source |
|
||||
| insecure_download.rb:53:65:53:78 | "/myscript.sh" | insecure_download.rb:53:65:53:78 | "/myscript.sh" | insecure_download.rb:53:65:53:78 | "/myscript.sh" | $@ of sensitive file from $@. | insecure_download.rb:53:14:53:79 | call to get | Download | insecure_download.rb:53:65:53:78 | "/myscript.sh" | HTTP source |
|
||||
edges
|
||||
| insecure_download.rb:31:5:31:7 | url : String | insecure_download.rb:33:15:33:17 | url | provenance | |
|
||||
| insecure_download.rb:31:5:31:7 | url : String | insecure_download.rb:33:15:33:17 | url | provenance | |
|
||||
@@ -18,14 +28,3 @@ nodes
|
||||
| insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | semmle.label | "http://example.org/unsafe.unk..." |
|
||||
| insecure_download.rb:53:65:53:78 | "/myscript.sh" | semmle.label | "/myscript.sh" |
|
||||
subpaths
|
||||
#select
|
||||
| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | $@ | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | "http://example.org/unsafe.APK" |
|
||||
| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | $@ | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | "http://example.org/unsafe.APK" |
|
||||
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | "http://example.org/unsafe.APK" : String |
|
||||
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | "http://example.org/unsafe.APK" : String |
|
||||
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:33:15:33:17 | url | url |
|
||||
| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:33:15:33:17 | url | url |
|
||||
| insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | $@ | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | "http://example.org/unsafe" |
|
||||
| insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | $@ | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | "http://example.org/unsafe" |
|
||||
| insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | $@ | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | "http://example.org/unsafe.unk..." |
|
||||
| insecure_download.rb:53:65:53:78 | "/myscript.sh" | insecure_download.rb:53:65:53:78 | "/myscript.sh" | insecure_download.rb:53:65:53:78 | "/myscript.sh" | $@ | insecure_download.rb:53:65:53:78 | "/myscript.sh" | "/myscript.sh" |
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
import codeql.ruby.security.InsecureDownloadQuery
|
||||
import InsecureDownloadFlow::PathGraph
|
||||
import utils.test.InlineExpectationsTest
|
||||
import utils.test.InlineFlowTestUtil
|
||||
|
||||
module FlowTest implements TestSig {
|
||||
string getARelevantTag() { result = "BAD" }
|
||||
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "BAD" and
|
||||
exists(DataFlow::Node src, DataFlow::Node sink | InsecureDownloadFlow::flow(src, sink) |
|
||||
sink.getLocation() = location and
|
||||
element = sink.toString() and
|
||||
if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<FlowTest>
|
||||
|
||||
from InsecureDownloadFlow::PathNode source, InsecureDownloadFlow::PathNode sink
|
||||
where InsecureDownloadFlow::flowPath(source, sink)
|
||||
select sink, source, sink, "$@", source, source.toString()
|
||||
@@ -0,0 +1,4 @@
|
||||
query: queries/security/cwe-829/InsecureDownload.ql
|
||||
postprocess:
|
||||
- utils/test/PrettyPrintModels.ql
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
@@ -2,7 +2,7 @@ require "excon"
|
||||
|
||||
def foo
|
||||
def download_tools(installer)
|
||||
Excon.get(installer[:url]) # $ MISSING: BAD= (requires hash flow)
|
||||
Excon.get(installer[:url]) # $ MISSING: Alert (requires hash flow)
|
||||
end
|
||||
|
||||
constants = {
|
||||
@@ -24,23 +24,23 @@ def bar
|
||||
|
||||
Excon.get("https://download.microsoft.com/download/5/f/7/5f7acaeb-8363-451f-9425-68a90f98b238/visualcppbuildtools_full.exe") # GOOD
|
||||
|
||||
Excon.get("http://example.org/unsafe.APK") # $BAD=
|
||||
Excon.get("http://example.org/unsafe.APK") # $ Alert
|
||||
end
|
||||
|
||||
def baz
|
||||
url = "http://example.org/unsafe.APK"
|
||||
url = "http://example.org/unsafe.APK" # $ Source
|
||||
|
||||
Excon.get(url) # $BAD=
|
||||
Excon.get(url) # $ Alert
|
||||
end
|
||||
|
||||
def test
|
||||
File.open("foo.exe").write(Excon.get("http://example.org/unsafe").body) # $BAD=
|
||||
File.open("foo.exe").write(Excon.get("http://example.org/unsafe").body) # $ Alert
|
||||
|
||||
File.open("foo.safe").write(Excon.get("http://example.org/unsafe").body) # GOOD
|
||||
|
||||
File.write("foo.exe", Excon.get("http://example.org/unsafe").body) # $BAD=
|
||||
File.write("foo.exe", Excon.get("http://example.org/unsafe").body) # $ Alert
|
||||
|
||||
resp = Excon.get("http://example.org/unsafe.unknown") # $BAD=
|
||||
resp = Excon.get("http://example.org/unsafe.unknown") # $ Alert
|
||||
file = File.open("unsafe.exe", "w")
|
||||
file.write(resp.body)
|
||||
|
||||
@@ -50,6 +50,6 @@ def test
|
||||
end
|
||||
|
||||
def sh
|
||||
script = Net::HTTP.new("http://mydownload.example.org").get("/myscript.sh").body # $BAD=
|
||||
script = Net::HTTP.new("http://mydownload.example.org").get("/myscript.sh").body # $ Alert
|
||||
system(script)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -0,0 +1,415 @@
|
||||
#select
|
||||
| file://:0:0:0:0 | [post] self | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | file://:0:0:0:0 | [post] self | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| file://:0:0:0:0 | [post] self | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | file://:0:0:0:0 | [post] self | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:295:24:295:24 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:295:24:295:24 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:298:30:298:30 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:298:30:298:30 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:299:22:299:22 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:299:22:299:22 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:300:34:300:34 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:300:34:300:34 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:301:26:301:26 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:301:26:301:26 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:304:40:304:40 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:304:40:304:40 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:305:44:305:44 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:305:44:305:44 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:306:31:306:31 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:306:31:306:31 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:307:35:307:35 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:307:35:307:35 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:308:44:308:44 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:308:44:308:44 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:309:33:309:33 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:309:33:309:33 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:310:28:310:28 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:310:28:310:28 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:311:40:311:40 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:311:40:311:40 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:312:35:312:35 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:312:35:312:35 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:313:23:313:23 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:313:23:313:23 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:314:27:314:27 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:314:27:314:27 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:315:22:315:22 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:315:22:315:22 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:316:30:316:30 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:316:30:316:30 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:317:51:317:51 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:317:51:317:51 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:318:24:318:24 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:318:24:318:24 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:319:45:319:45 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:319:45:319:45 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:320:21:320:21 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:320:21:320:21 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:321:34:321:34 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:321:34:321:34 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:322:25:322:25 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:322:25:322:25 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:323:37:323:37 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:323:37:323:37 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:324:21:324:21 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:324:21:324:21 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:325:34:325:34 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:325:34:325:34 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:326:25:326:25 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:326:25:326:25 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:327:37:327:37 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:327:37:327:37 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:328:31:328:31 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:328:31:328:31 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:329:60:329:60 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:329:60:329:60 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:330:35:330:35 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:330:35:330:35 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:331:60:331:60 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:331:60:331:60 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:332:21:332:21 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:332:21:332:21 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:333:34:333:34 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:333:34:333:34 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:334:25:334:25 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:334:25:334:25 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:335:37:335:37 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:335:37:335:37 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:336:50:336:50 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:336:50:336:50 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:337:35:337:35 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:337:35:337:35 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:338:35:338:35 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:338:35:338:35 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:339:41:339:41 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:339:41:339:41 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:340:33:340:33 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:340:33:340:33 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:341:38:341:38 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:341:38:341:38 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:342:51:342:51 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:342:51:342:51 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:343:43:343:43 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:343:43:343:43 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:344:34:344:34 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:344:34:344:34 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:346:50:346:50 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:346:50:346:50 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:347:42:347:42 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:347:42:347:42 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:348:40:348:40 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:348:40:348:40 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:349:43:349:43 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:349:43:349:43 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:350:60:350:60 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:350:60:350:60 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:351:50:351:50 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:351:50:351:50 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:352:50:352:50 | remoteNsUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:352:50:352:50 | remoteNsUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:353:76:353:76 | remoteNsUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:353:76:353:76 | remoteNsUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:356:41:356:41 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:356:41:356:41 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:357:41:357:41 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:357:41:357:41 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:358:41:358:41 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:358:41:358:41 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:360:43:360:43 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:360:43:360:43 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:361:43:361:43 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:361:43:361:43 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:362:26:362:26 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:362:26:362:26 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:363:30:363:30 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:363:30:363:30 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:365:59:365:59 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:365:59:365:59 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:366:46:366:46 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:366:46:366:46 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:367:42:367:42 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:367:42:367:42 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:368:48:368:84 | call to FilePath.init(stringLiteral:) | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:368:48:368:84 | call to FilePath.init(stringLiteral:) | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:369:44:369:80 | call to FilePath.init(stringLiteral:) | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:369:44:369:80 | call to FilePath.init(stringLiteral:) | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:370:25:370:25 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:370:25:370:25 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:371:26:371:26 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:371:26:371:26 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:375:28:375:28 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:375:28:375:28 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:377:32:377:32 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:377:32:377:32 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:379:33:379:33 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:379:33:379:33 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:381:40:381:40 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:381:40:381:40 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:383:38:383:38 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:383:38:383:38 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:385:38:385:38 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:385:38:385:38 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:387:38:387:38 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:387:38:387:38 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:389:38:389:38 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:389:38:389:38 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:395:35:395:35 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:395:35:395:35 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:397:40:397:40 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:397:40:397:40 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:401:2:401:2 | [post] config | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:401:2:401:2 | [post] config | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:403:2:403:2 | [post] config | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:403:2:403:2 | [post] config | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:414:22:414:22 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:414:22:414:22 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:416:24:416:24 | buffer2 | testPathInjection.swift:409:22:409:87 | call to Data.init(contentsOf:options:) | testPathInjection.swift:416:24:416:24 | buffer2 | This path depends on a $@. | testPathInjection.swift:409:22:409:87 | call to Data.init(contentsOf:options:) | user-provided value |
|
||||
| testPathInjection.swift:418:25:418:25 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:418:25:418:25 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:427:49:427:49 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:427:49:427:49 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:429:25:429:25 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:429:25:429:25 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:441:33:441:33 | remoteString | testPathInjection.swift:433:24:433:78 | call to String.init(contentsOf:) | testPathInjection.swift:441:33:441:33 | remoteString | This path depends on a $@. | testPathInjection.swift:433:24:433:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:450:28:450:66 | call to appendingPathComponent(_:) | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:450:28:450:66 | call to appendingPathComponent(_:) | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:451:28:451:93 | call to appendingPathComponent(_:) | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:451:28:451:93 | call to appendingPathComponent(_:) | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:453:28:453:28 | u1 | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:453:28:453:28 | u1 | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:455:28:455:28 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:455:28:455:28 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:456:28:456:28 | u2 | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:456:28:456:28 | u2 | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:461:24:461:63 | ...! | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:461:24:461:63 | ...! | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:464:24:464:38 | ...! | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:464:24:464:38 | ...! | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:465:24:465:53 | ...! | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:465:24:465:53 | ...! | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:467:32:467:32 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:467:32:467:32 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:468:38:468:38 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:468:38:468:38 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:469:45:469:45 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:469:45:469:45 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:473:32:473:35 | .pointee | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:473:32:473:35 | .pointee | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:482:32:482:36 | ...[...] | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:482:32:482:36 | ...[...] | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:484:35:484:35 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:484:35:484:35 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:485:41:485:41 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:485:41:485:41 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:507:25:507:25 | remoteString | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:507:25:507:25 | remoteString | This path depends on a $@. | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:508:17:508:17 | remoteString | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:508:17:508:17 | remoteString | This path depends on a $@. | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:509:41:509:41 | remoteString | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:509:41:509:41 | remoteString | This path depends on a $@. | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:511:38:511:38 | remoteString | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:511:38:511:38 | remoteString | This path depends on a $@. | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testPathInjection.swift:513:22:513:22 | remoteString | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:513:22:513:22 | remoteString | This path depends on a $@. | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
edges
|
||||
| file://:0:0:0:0 | [post] self [fileURL] | testPathInjection.swift:248:7:248:7 | self [Return] [fileURL] | provenance | |
|
||||
| file://:0:0:0:0 | [post] self [seedFilePath] | testPathInjection.swift:249:13:249:13 | self [Return] [seedFilePath] | provenance | |
|
||||
| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self | provenance | |
|
||||
| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self | provenance | |
|
||||
| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [fileURL] | provenance | |
|
||||
| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [seedFilePath] | provenance | |
|
||||
| testPathInjection.swift:248:7:248:7 | value | file://:0:0:0:0 | value | provenance | |
|
||||
| testPathInjection.swift:249:13:249:13 | value | file://:0:0:0:0 | value | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:290:33:290:33 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:291:37:291:37 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:300:34:300:34 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:301:26:301:26 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:305:44:305:44 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:307:35:307:35 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:308:44:308:44 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:309:33:309:33 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:311:40:311:40 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:312:35:312:35 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:314:27:314:27 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:322:25:322:25 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:323:37:323:37 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:326:25:326:25 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:327:37:327:37 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:330:35:330:35 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:331:60:331:60 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:334:25:334:25 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:335:37:335:37 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:336:50:336:50 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:337:35:337:35 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:338:35:338:35 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:339:41:339:41 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:340:33:340:33 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:341:38:341:38 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:342:51:342:51 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:343:43:343:43 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:346:50:346:50 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:347:42:347:42 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:348:40:348:40 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:349:43:349:43 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:350:60:350:60 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:351:50:351:50 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:356:41:356:41 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:357:41:357:41 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:358:41:358:41 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:360:43:360:43 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:361:43:361:43 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:363:30:363:30 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:365:59:365:59 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:366:46:366:46 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:367:42:367:42 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:368:72:368:72 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:369:68:369:68 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:371:26:371:26 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:375:28:375:28 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:377:32:377:32 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:379:33:379:33 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:381:40:381:40 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:383:38:383:38 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:385:38:385:38 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:387:38:387:38 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:389:38:389:38 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:414:22:414:22 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:418:25:418:25 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:427:49:427:49 | remoteString | provenance | |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:429:25:429:25 | remoteString | provenance | |
|
||||
| testPathInjection.swift:290:21:290:45 | call to URL.init(string:) [some:0] | testPathInjection.swift:290:21:290:46 | ...! | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:295:24:295:24 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:298:30:298:30 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:299:22:299:22 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:304:40:304:40 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:306:31:306:31 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:310:28:310:28 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:313:23:313:23 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:315:22:315:22 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:316:30:316:30 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:317:51:317:51 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:318:24:318:24 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:319:45:319:45 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:320:21:320:21 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:321:34:321:34 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:324:21:324:21 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:325:34:325:34 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:328:31:328:31 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:329:60:329:60 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:332:21:332:21 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:333:34:333:34 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:344:34:344:34 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:362:26:362:26 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:370:25:370:25 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:395:35:395:35 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:397:40:397:40 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:401:19:401:19 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:403:24:403:24 | remoteUrl | provenance | |
|
||||
| testPathInjection.swift:290:33:290:33 | remoteString | testPathInjection.swift:290:21:290:45 | call to URL.init(string:) [some:0] | provenance | |
|
||||
| testPathInjection.swift:291:23:291:49 | call to NSURL.init(string:) [some:0] | testPathInjection.swift:291:23:291:50 | ...! | provenance | |
|
||||
| testPathInjection.swift:291:23:291:50 | ...! | testPathInjection.swift:352:50:352:50 | remoteNsUrl | provenance | |
|
||||
| testPathInjection.swift:291:23:291:50 | ...! | testPathInjection.swift:353:76:353:76 | remoteNsUrl | provenance | |
|
||||
| testPathInjection.swift:291:37:291:37 | remoteString | testPathInjection.swift:291:23:291:49 | call to NSURL.init(string:) [some:0] | provenance | |
|
||||
| testPathInjection.swift:368:72:368:72 | remoteString | testPathInjection.swift:368:48:368:84 | call to FilePath.init(stringLiteral:) | provenance | |
|
||||
| testPathInjection.swift:369:68:369:68 | remoteString | testPathInjection.swift:369:44:369:80 | call to FilePath.init(stringLiteral:) | provenance | |
|
||||
| testPathInjection.swift:401:19:401:19 | remoteUrl | testPathInjection.swift:248:7:248:7 | value | provenance | |
|
||||
| testPathInjection.swift:401:19:401:19 | remoteUrl | testPathInjection.swift:401:2:401:2 | [post] config | provenance | |
|
||||
| testPathInjection.swift:403:24:403:24 | remoteUrl | testPathInjection.swift:249:13:249:13 | value | provenance | |
|
||||
| testPathInjection.swift:403:24:403:24 | remoteUrl | testPathInjection.swift:403:2:403:2 | [post] config | provenance | |
|
||||
| testPathInjection.swift:409:22:409:87 | call to Data.init(contentsOf:options:) | testPathInjection.swift:411:5:411:5 | remoteData | provenance | |
|
||||
| testPathInjection.swift:411:5:411:5 | remoteData | testPathInjection.swift:411:30:411:30 | [post] buffer2 | provenance | |
|
||||
| testPathInjection.swift:411:30:411:30 | [post] buffer2 | testPathInjection.swift:416:24:416:24 | buffer2 | provenance | |
|
||||
| testPathInjection.swift:433:24:433:78 | call to String.init(contentsOf:) | testPathInjection.swift:441:33:441:33 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:450:54:450:54 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:451:54:451:54 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:452:28:452:28 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:455:28:455:28 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:455:28:455:28 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:461:50:461:50 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:463:28:463:28 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:467:32:467:32 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:468:38:468:38 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:469:45:469:45 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:472:18:472:18 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:480:9:480:9 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:484:35:484:35 | remoteString | provenance | |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:485:41:485:41 | remoteString | provenance | |
|
||||
| testPathInjection.swift:450:54:450:54 | remoteString | testPathInjection.swift:450:28:450:66 | call to appendingPathComponent(_:) | provenance | |
|
||||
| testPathInjection.swift:451:28:451:66 | call to appendingPathComponent(_:) | testPathInjection.swift:451:28:451:93 | call to appendingPathComponent(_:) | provenance | |
|
||||
| testPathInjection.swift:451:54:451:54 | remoteString | testPathInjection.swift:451:28:451:66 | call to appendingPathComponent(_:) | provenance | |
|
||||
| testPathInjection.swift:452:5:452:5 | [post] u1 | testPathInjection.swift:453:28:453:28 | u1 | provenance | |
|
||||
| testPathInjection.swift:452:28:452:28 | remoteString | testPathInjection.swift:452:5:452:5 | [post] u1 | provenance | |
|
||||
| testPathInjection.swift:455:14:455:40 | call to URL.init(filePath:directoryHint:relativeTo:) | testPathInjection.swift:456:28:456:28 | u2 | provenance | |
|
||||
| testPathInjection.swift:455:28:455:28 | remoteString | testPathInjection.swift:455:14:455:40 | call to URL.init(filePath:directoryHint:relativeTo:) | provenance | |
|
||||
| testPathInjection.swift:461:24:461:62 | call to appendingPathComponent(_:) | testPathInjection.swift:461:24:461:63 | ...! | provenance | |
|
||||
| testPathInjection.swift:461:50:461:50 | remoteString | testPathInjection.swift:461:24:461:62 | call to appendingPathComponent(_:) | provenance | |
|
||||
| testPathInjection.swift:463:14:463:40 | call to NSURL.init(string:) [some:0] | testPathInjection.swift:463:14:463:41 | ...! | provenance | |
|
||||
| testPathInjection.swift:463:14:463:41 | ...! | testPathInjection.swift:464:24:464:38 | ...! | provenance | |
|
||||
| testPathInjection.swift:463:14:463:41 | ...! | testPathInjection.swift:465:24:465:24 | u4 | provenance | |
|
||||
| testPathInjection.swift:463:28:463:28 | remoteString | testPathInjection.swift:463:14:463:40 | call to NSURL.init(string:) [some:0] | provenance | |
|
||||
| testPathInjection.swift:465:24:465:24 | u4 | testPathInjection.swift:465:24:465:52 | call to appendingPathComponent(_:) | provenance | |
|
||||
| testPathInjection.swift:465:24:465:52 | call to appendingPathComponent(_:) | testPathInjection.swift:465:24:465:53 | ...! | provenance | |
|
||||
| testPathInjection.swift:472:5:472:5 | [post] s1 [pointee] | testPathInjection.swift:473:32:473:32 | s1 [pointee] | provenance | |
|
||||
| testPathInjection.swift:472:18:472:18 | remoteString | testPathInjection.swift:472:5:472:5 | [post] s1 [pointee] | provenance | |
|
||||
| testPathInjection.swift:473:32:473:32 | s1 [pointee] | testPathInjection.swift:473:32:473:35 | .pointee | provenance | |
|
||||
| testPathInjection.swift:480:9:480:9 | remoteString | testPathInjection.swift:480:41:480:41 | [post] s3 [Collection element] | provenance | |
|
||||
| testPathInjection.swift:480:41:480:41 | [post] s3 [Collection element] | testPathInjection.swift:482:32:482:32 | s3 [Collection element] | provenance | |
|
||||
| testPathInjection.swift:482:32:482:32 | s3 [Collection element] | testPathInjection.swift:482:32:482:36 | ...[...] | provenance | |
|
||||
| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:507:25:507:25 | remoteString | provenance | |
|
||||
| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:508:17:508:17 | remoteString | provenance | |
|
||||
| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:509:41:509:41 | remoteString | provenance | |
|
||||
| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:511:38:511:38 | remoteString | provenance | |
|
||||
| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:513:22:513:22 | remoteString | provenance | |
|
||||
nodes
|
||||
| file://:0:0:0:0 | [post] self | semmle.label | [post] self |
|
||||
| file://:0:0:0:0 | [post] self | semmle.label | [post] self |
|
||||
| file://:0:0:0:0 | [post] self [fileURL] | semmle.label | [post] self [fileURL] |
|
||||
| file://:0:0:0:0 | [post] self [seedFilePath] | semmle.label | [post] self [seedFilePath] |
|
||||
| file://:0:0:0:0 | value | semmle.label | value |
|
||||
| file://:0:0:0:0 | value | semmle.label | value |
|
||||
| testPathInjection.swift:248:7:248:7 | self [Return] [fileURL] | semmle.label | self [Return] [fileURL] |
|
||||
| testPathInjection.swift:248:7:248:7 | value | semmle.label | value |
|
||||
| testPathInjection.swift:249:13:249:13 | self [Return] [seedFilePath] | semmle.label | self [Return] [seedFilePath] |
|
||||
| testPathInjection.swift:249:13:249:13 | value | semmle.label | value |
|
||||
| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testPathInjection.swift:290:21:290:45 | call to URL.init(string:) [some:0] | semmle.label | call to URL.init(string:) [some:0] |
|
||||
| testPathInjection.swift:290:21:290:46 | ...! | semmle.label | ...! |
|
||||
| testPathInjection.swift:290:33:290:33 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:291:23:291:49 | call to NSURL.init(string:) [some:0] | semmle.label | call to NSURL.init(string:) [some:0] |
|
||||
| testPathInjection.swift:291:23:291:50 | ...! | semmle.label | ...! |
|
||||
| testPathInjection.swift:291:37:291:37 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:295:24:295:24 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:298:30:298:30 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:299:22:299:22 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:300:34:300:34 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:301:26:301:26 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:304:40:304:40 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:305:44:305:44 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:306:31:306:31 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:307:35:307:35 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:308:44:308:44 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:309:33:309:33 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:310:28:310:28 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:311:40:311:40 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:312:35:312:35 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:313:23:313:23 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:314:27:314:27 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:315:22:315:22 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:316:30:316:30 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:317:51:317:51 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:318:24:318:24 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:319:45:319:45 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:320:21:320:21 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:321:34:321:34 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:322:25:322:25 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:323:37:323:37 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:324:21:324:21 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:325:34:325:34 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:326:25:326:25 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:327:37:327:37 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:328:31:328:31 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:329:60:329:60 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:330:35:330:35 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:331:60:331:60 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:332:21:332:21 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:333:34:333:34 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:334:25:334:25 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:335:37:335:37 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:336:50:336:50 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:337:35:337:35 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:338:35:338:35 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:339:41:339:41 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:340:33:340:33 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:341:38:341:38 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:342:51:342:51 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:343:43:343:43 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:344:34:344:34 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:346:50:346:50 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:347:42:347:42 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:348:40:348:40 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:349:43:349:43 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:350:60:350:60 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:351:50:351:50 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:352:50:352:50 | remoteNsUrl | semmle.label | remoteNsUrl |
|
||||
| testPathInjection.swift:353:76:353:76 | remoteNsUrl | semmle.label | remoteNsUrl |
|
||||
| testPathInjection.swift:356:41:356:41 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:357:41:357:41 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:358:41:358:41 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:360:43:360:43 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:361:43:361:43 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:362:26:362:26 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:363:30:363:30 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:365:59:365:59 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:366:46:366:46 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:367:42:367:42 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:368:48:368:84 | call to FilePath.init(stringLiteral:) | semmle.label | call to FilePath.init(stringLiteral:) |
|
||||
| testPathInjection.swift:368:72:368:72 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:369:44:369:80 | call to FilePath.init(stringLiteral:) | semmle.label | call to FilePath.init(stringLiteral:) |
|
||||
| testPathInjection.swift:369:68:369:68 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:370:25:370:25 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:371:26:371:26 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:375:28:375:28 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:377:32:377:32 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:379:33:379:33 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:381:40:381:40 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:383:38:383:38 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:385:38:385:38 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:387:38:387:38 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:389:38:389:38 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:395:35:395:35 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:397:40:397:40 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:401:2:401:2 | [post] config | semmle.label | [post] config |
|
||||
| testPathInjection.swift:401:19:401:19 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:403:2:403:2 | [post] config | semmle.label | [post] config |
|
||||
| testPathInjection.swift:403:24:403:24 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testPathInjection.swift:409:22:409:87 | call to Data.init(contentsOf:options:) | semmle.label | call to Data.init(contentsOf:options:) |
|
||||
| testPathInjection.swift:411:5:411:5 | remoteData | semmle.label | remoteData |
|
||||
| testPathInjection.swift:411:30:411:30 | [post] buffer2 | semmle.label | [post] buffer2 |
|
||||
| testPathInjection.swift:414:22:414:22 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:416:24:416:24 | buffer2 | semmle.label | buffer2 |
|
||||
| testPathInjection.swift:418:25:418:25 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:427:49:427:49 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:429:25:429:25 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:433:24:433:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testPathInjection.swift:441:33:441:33 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testPathInjection.swift:450:28:450:66 | call to appendingPathComponent(_:) | semmle.label | call to appendingPathComponent(_:) |
|
||||
| testPathInjection.swift:450:54:450:54 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:451:28:451:66 | call to appendingPathComponent(_:) | semmle.label | call to appendingPathComponent(_:) |
|
||||
| testPathInjection.swift:451:28:451:93 | call to appendingPathComponent(_:) | semmle.label | call to appendingPathComponent(_:) |
|
||||
| testPathInjection.swift:451:54:451:54 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:452:5:452:5 | [post] u1 | semmle.label | [post] u1 |
|
||||
| testPathInjection.swift:452:28:452:28 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:453:28:453:28 | u1 | semmle.label | u1 |
|
||||
| testPathInjection.swift:455:14:455:40 | call to URL.init(filePath:directoryHint:relativeTo:) | semmle.label | call to URL.init(filePath:directoryHint:relativeTo:) |
|
||||
| testPathInjection.swift:455:28:455:28 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:455:28:455:28 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:456:28:456:28 | u2 | semmle.label | u2 |
|
||||
| testPathInjection.swift:461:24:461:62 | call to appendingPathComponent(_:) | semmle.label | call to appendingPathComponent(_:) |
|
||||
| testPathInjection.swift:461:24:461:63 | ...! | semmle.label | ...! |
|
||||
| testPathInjection.swift:461:50:461:50 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:463:14:463:40 | call to NSURL.init(string:) [some:0] | semmle.label | call to NSURL.init(string:) [some:0] |
|
||||
| testPathInjection.swift:463:14:463:41 | ...! | semmle.label | ...! |
|
||||
| testPathInjection.swift:463:28:463:28 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:464:24:464:38 | ...! | semmle.label | ...! |
|
||||
| testPathInjection.swift:465:24:465:24 | u4 | semmle.label | u4 |
|
||||
| testPathInjection.swift:465:24:465:52 | call to appendingPathComponent(_:) | semmle.label | call to appendingPathComponent(_:) |
|
||||
| testPathInjection.swift:465:24:465:53 | ...! | semmle.label | ...! |
|
||||
| testPathInjection.swift:467:32:467:32 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:468:38:468:38 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:469:45:469:45 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:472:5:472:5 | [post] s1 [pointee] | semmle.label | [post] s1 [pointee] |
|
||||
| testPathInjection.swift:472:18:472:18 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:473:32:473:32 | s1 [pointee] | semmle.label | s1 [pointee] |
|
||||
| testPathInjection.swift:473:32:473:35 | .pointee | semmle.label | .pointee |
|
||||
| testPathInjection.swift:480:9:480:9 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:480:41:480:41 | [post] s3 [Collection element] | semmle.label | [post] s3 [Collection element] |
|
||||
| testPathInjection.swift:482:32:482:32 | s3 [Collection element] | semmle.label | s3 [Collection element] |
|
||||
| testPathInjection.swift:482:32:482:36 | ...[...] | semmle.label | ...[...] |
|
||||
| testPathInjection.swift:484:35:484:35 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:485:41:485:41 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testPathInjection.swift:507:25:507:25 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:508:17:508:17 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:509:41:509:41 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:511:38:511:38 | remoteString | semmle.label | remoteString |
|
||||
| testPathInjection.swift:513:22:513:22 | remoteString | semmle.label | remoteString |
|
||||
subpaths
|
||||
| testPathInjection.swift:401:19:401:19 | remoteUrl | testPathInjection.swift:248:7:248:7 | value | testPathInjection.swift:248:7:248:7 | self [Return] [fileURL] | testPathInjection.swift:401:2:401:2 | [post] config |
|
||||
| testPathInjection.swift:403:24:403:24 | remoteUrl | testPathInjection.swift:249:13:249:13 | value | testPathInjection.swift:249:13:249:13 | self [Return] [seedFilePath] | testPathInjection.swift:403:2:403:2 | [post] config |
|
||||
|
||||
@@ -1,22 +0,0 @@
|
||||
import swift
|
||||
import codeql.swift.dataflow.DataFlow
|
||||
import codeql.swift.dataflow.FlowSources
|
||||
import codeql.swift.security.PathInjectionQuery
|
||||
import utils.test.InlineExpectationsTest
|
||||
|
||||
module PathInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasPathInjection" }
|
||||
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(DataFlow::Node source, DataFlow::Node sink |
|
||||
PathInjectionFlow::flow(source, sink) and
|
||||
location = sink.getLocation() and
|
||||
element = sink.toString() and
|
||||
tag = "hasPathInjection" and
|
||||
location.getFile().getName() != "" and
|
||||
value = source.asExpr().getLocation().getStartLine().toString()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<PathInjectionTest>
|
||||
@@ -0,0 +1,3 @@
|
||||
query: queries/Security/CWE-022/PathInjection.ql
|
||||
postprocess:
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
@@ -286,151 +286,151 @@ class Connection {
|
||||
// --- tests ---
|
||||
|
||||
func test(buffer1: UnsafeMutablePointer<UInt8>, buffer2: UnsafeMutablePointer<UInt8>) {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let remoteUrl = URL(string: remoteString)!
|
||||
let remoteNsUrl = NSURL(string: remoteString)!
|
||||
let safeUrl = URL(string: "")!
|
||||
let safeNsUrl = NSURL(string: "")!
|
||||
|
||||
Data("").write(to: remoteUrl, options: []) // $ hasPathInjection=289
|
||||
Data("").write(to: remoteUrl, options: []) // $ Alert
|
||||
|
||||
let nsData = NSData()
|
||||
let _ = nsData.write(to: remoteUrl, atomically: false) // $ hasPathInjection=289
|
||||
nsData.write(to: remoteUrl, options: []) // $ hasPathInjection=289
|
||||
let _ = nsData.write(toFile: remoteString, atomically: false) // $ hasPathInjection=289
|
||||
nsData.write(toFile: remoteString, options: []) // $ hasPathInjection=289
|
||||
let _ = nsData.write(to: remoteUrl, atomically: false) // $ Alert
|
||||
nsData.write(to: remoteUrl, options: []) // $ Alert
|
||||
let _ = nsData.write(toFile: remoteString, atomically: false) // $ Alert
|
||||
nsData.write(toFile: remoteString, options: []) // $ Alert
|
||||
|
||||
let fm = FileManager()
|
||||
let _ = fm.contentsOfDirectory(at: remoteUrl, includingPropertiesForKeys: [], options: []) // $ hasPathInjection=289
|
||||
let _ = fm.contentsOfDirectory(atPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.enumerator(at: remoteUrl, includingPropertiesForKeys: [], options: [], errorHandler: nil) // $ hasPathInjection=289
|
||||
let _ = fm.enumerator(atPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.subpathsOfDirectory(atPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.subpaths(atPath: remoteString) // $ hasPathInjection=289
|
||||
fm.createDirectory(at: remoteUrl, withIntermediateDirectories: false, attributes: [:]) // $ hasPathInjection=289
|
||||
let _ = fm.createDirectory(atPath: remoteString, attributes: [:]) // $ hasPathInjection=289
|
||||
let _ = fm.createFile(atPath: remoteString, contents: nil, attributes: [:]) // $ hasPathInjection=289
|
||||
fm.removeItem(at: remoteUrl) // $ hasPathInjection=289
|
||||
fm.removeItem(atPath: remoteString) // $ hasPathInjection=289
|
||||
fm.trashItem(at: remoteUrl, resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>()) // $ hasPathInjection=289
|
||||
let _ = fm.replaceItemAt(remoteUrl, withItemAt: safeUrl, backupItemName: nil, options: []) // $ hasPathInjection=289
|
||||
let _ = fm.replaceItemAt(safeUrl, withItemAt: remoteUrl, backupItemName: nil, options: []) // $ hasPathInjection=289
|
||||
fm.replaceItem(at: remoteUrl, withItemAt: safeUrl, backupItemName: nil, options: [], resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>()) // $ hasPathInjection=289
|
||||
fm.replaceItem(at: safeUrl, withItemAt: remoteUrl, backupItemName: nil, options: [], resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>()) // $ hasPathInjection=289
|
||||
fm.copyItem(at: remoteUrl, to: safeUrl) // $ hasPathInjection=289
|
||||
fm.copyItem(at: safeUrl, to: remoteUrl) // $ hasPathInjection=289
|
||||
fm.copyItem(atPath: remoteString, toPath: "") // $ hasPathInjection=289
|
||||
fm.copyItem(atPath: "", toPath: remoteString) // $ hasPathInjection=289
|
||||
fm.moveItem(at: remoteUrl, to: safeUrl) // $ hasPathInjection=289
|
||||
fm.moveItem(at: safeUrl, to: remoteUrl) // $ hasPathInjection=289
|
||||
fm.moveItem(atPath: remoteString, toPath: "") // $ hasPathInjection=289
|
||||
fm.moveItem(atPath: "", toPath: remoteString) // $ hasPathInjection=289
|
||||
fm.createSymbolicLink(at: remoteUrl, withDestinationURL: safeUrl) // $ hasPathInjection=289
|
||||
fm.createSymbolicLink(at: safeUrl, withDestinationURL: remoteUrl) // $ hasPathInjection=289
|
||||
fm.createSymbolicLink(atPath: remoteString, withDestinationPath: "") // $ hasPathInjection=289
|
||||
fm.createSymbolicLink(atPath: "", withDestinationPath: remoteString) // $ hasPathInjection=289
|
||||
fm.linkItem(at: remoteUrl, to: safeUrl) // $ hasPathInjection=289
|
||||
fm.linkItem(at: safeUrl, to: remoteUrl) // $ hasPathInjection=289
|
||||
fm.linkItem(atPath: remoteString, toPath: "") // $ hasPathInjection=289
|
||||
fm.linkItem(atPath: "", toPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.destinationOfSymbolicLink(atPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.fileExists(atPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.fileExists(atPath: remoteString, isDirectory: UnsafeMutablePointer<ObjCBool>.init(bitPattern: 0)) // $ hasPathInjection=289
|
||||
fm.setAttributes([:], ofItemAtPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.contents(atPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.contentsEqual(atPath: remoteString, andPath: "") // $ hasPathInjection=289
|
||||
let _ = fm.contentsEqual(atPath: "", andPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.changeCurrentDirectoryPath(remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.unmountVolume(at: remoteUrl, options: [], completionHandler: { _ in }) // $ hasPathInjection=289
|
||||
let _ = fm.contentsOfDirectory(at: remoteUrl, includingPropertiesForKeys: [], options: []) // $ Alert
|
||||
let _ = fm.contentsOfDirectory(atPath: remoteString) // $ Alert
|
||||
let _ = fm.enumerator(at: remoteUrl, includingPropertiesForKeys: [], options: [], errorHandler: nil) // $ Alert
|
||||
let _ = fm.enumerator(atPath: remoteString) // $ Alert
|
||||
let _ = fm.subpathsOfDirectory(atPath: remoteString) // $ Alert
|
||||
let _ = fm.subpaths(atPath: remoteString) // $ Alert
|
||||
fm.createDirectory(at: remoteUrl, withIntermediateDirectories: false, attributes: [:]) // $ Alert
|
||||
let _ = fm.createDirectory(atPath: remoteString, attributes: [:]) // $ Alert
|
||||
let _ = fm.createFile(atPath: remoteString, contents: nil, attributes: [:]) // $ Alert
|
||||
fm.removeItem(at: remoteUrl) // $ Alert
|
||||
fm.removeItem(atPath: remoteString) // $ Alert
|
||||
fm.trashItem(at: remoteUrl, resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>()) // $ Alert
|
||||
let _ = fm.replaceItemAt(remoteUrl, withItemAt: safeUrl, backupItemName: nil, options: []) // $ Alert
|
||||
let _ = fm.replaceItemAt(safeUrl, withItemAt: remoteUrl, backupItemName: nil, options: []) // $ Alert
|
||||
fm.replaceItem(at: remoteUrl, withItemAt: safeUrl, backupItemName: nil, options: [], resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>()) // $ Alert
|
||||
fm.replaceItem(at: safeUrl, withItemAt: remoteUrl, backupItemName: nil, options: [], resultingItemURL: AutoreleasingUnsafeMutablePointer<NSURL?>()) // $ Alert
|
||||
fm.copyItem(at: remoteUrl, to: safeUrl) // $ Alert
|
||||
fm.copyItem(at: safeUrl, to: remoteUrl) // $ Alert
|
||||
fm.copyItem(atPath: remoteString, toPath: "") // $ Alert
|
||||
fm.copyItem(atPath: "", toPath: remoteString) // $ Alert
|
||||
fm.moveItem(at: remoteUrl, to: safeUrl) // $ Alert
|
||||
fm.moveItem(at: safeUrl, to: remoteUrl) // $ Alert
|
||||
fm.moveItem(atPath: remoteString, toPath: "") // $ Alert
|
||||
fm.moveItem(atPath: "", toPath: remoteString) // $ Alert
|
||||
fm.createSymbolicLink(at: remoteUrl, withDestinationURL: safeUrl) // $ Alert
|
||||
fm.createSymbolicLink(at: safeUrl, withDestinationURL: remoteUrl) // $ Alert
|
||||
fm.createSymbolicLink(atPath: remoteString, withDestinationPath: "") // $ Alert
|
||||
fm.createSymbolicLink(atPath: "", withDestinationPath: remoteString) // $ Alert
|
||||
fm.linkItem(at: remoteUrl, to: safeUrl) // $ Alert
|
||||
fm.linkItem(at: safeUrl, to: remoteUrl) // $ Alert
|
||||
fm.linkItem(atPath: remoteString, toPath: "") // $ Alert
|
||||
fm.linkItem(atPath: "", toPath: remoteString) // $ Alert
|
||||
let _ = fm.destinationOfSymbolicLink(atPath: remoteString) // $ Alert
|
||||
let _ = fm.fileExists(atPath: remoteString) // $ Alert
|
||||
let _ = fm.fileExists(atPath: remoteString, isDirectory: UnsafeMutablePointer<ObjCBool>.init(bitPattern: 0)) // $ Alert
|
||||
fm.setAttributes([:], ofItemAtPath: remoteString) // $ Alert
|
||||
let _ = fm.contents(atPath: remoteString) // $ Alert
|
||||
let _ = fm.contentsEqual(atPath: remoteString, andPath: "") // $ Alert
|
||||
let _ = fm.contentsEqual(atPath: "", andPath: remoteString) // $ Alert
|
||||
let _ = fm.changeCurrentDirectoryPath(remoteString) // $ Alert
|
||||
let _ = fm.unmountVolume(at: remoteUrl, options: [], completionHandler: { _ in }) // $ Alert
|
||||
// Deprecated methods
|
||||
let _ = fm.changeFileAttributes([:], atPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.directoryContents(atPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.createDirectory(atPath: remoteString, attributes: [:]) // $ hasPathInjection=289
|
||||
let _ = fm.createSymbolicLink(atPath: remoteString, pathContent: "") // $ hasPathInjection=289
|
||||
let _ = fm.createSymbolicLink(atPath: "", pathContent: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.pathContentOfSymbolicLink(atPath: remoteString) // $ hasPathInjection=289
|
||||
let _ = fm.replaceItemAtURL(originalItemURL: remoteNsUrl, withItemAtURL: safeNsUrl, backupItemName: nil, options: []) // $ hasPathInjection=289
|
||||
let _ = fm.replaceItemAtURL(originalItemURL: safeNsUrl, withItemAtURL: remoteNsUrl, backupItemName: nil, options: []) // $ hasPathInjection=289
|
||||
let _ = fm.changeFileAttributes([:], atPath: remoteString) // $ Alert
|
||||
let _ = fm.directoryContents(atPath: remoteString) // $ Alert
|
||||
let _ = fm.createDirectory(atPath: remoteString, attributes: [:]) // $ Alert
|
||||
let _ = fm.createSymbolicLink(atPath: remoteString, pathContent: "") // $ Alert
|
||||
let _ = fm.createSymbolicLink(atPath: "", pathContent: remoteString) // $ Alert
|
||||
let _ = fm.pathContentOfSymbolicLink(atPath: remoteString) // $ Alert
|
||||
let _ = fm.replaceItemAtURL(originalItemURL: remoteNsUrl, withItemAtURL: safeNsUrl, backupItemName: nil, options: []) // $ Alert
|
||||
let _ = fm.replaceItemAtURL(originalItemURL: safeNsUrl, withItemAtURL: remoteNsUrl, backupItemName: nil, options: []) // $ Alert
|
||||
|
||||
var encoding = String.Encoding.utf8
|
||||
let _ = try! String(contentsOfFile: remoteString) // $ hasPathInjection=289
|
||||
let _ = try! String(contentsOfFile: remoteString, encoding: String.Encoding.utf8) // $ hasPathInjection=289
|
||||
let _ = try! String(contentsOfFile: remoteString, usedEncoding: &encoding) // $ hasPathInjection=289
|
||||
let _ = try! String(contentsOfFile: remoteString) // $ Alert
|
||||
let _ = try! String(contentsOfFile: remoteString, encoding: String.Encoding.utf8) // $ Alert
|
||||
let _ = try! String(contentsOfFile: remoteString, usedEncoding: &encoding) // $ Alert
|
||||
|
||||
let _ = try! NSString(contentsOfFile: remoteString, encoding: 0) // $ hasPathInjection=289
|
||||
let _ = try! NSString(contentsOfFile: remoteString, usedEncoding: nil) // $ hasPathInjection=289
|
||||
NSString().write(to: remoteUrl, atomically: true, encoding: 0) // $ hasPathInjection=289
|
||||
NSString().write(toFile: remoteString, atomically: true, encoding: 0) // $ hasPathInjection=289
|
||||
let _ = try! NSString(contentsOfFile: remoteString, encoding: 0) // $ Alert
|
||||
let _ = try! NSString(contentsOfFile: remoteString, usedEncoding: nil) // $ Alert
|
||||
NSString().write(to: remoteUrl, atomically: true, encoding: 0) // $ Alert
|
||||
NSString().write(toFile: remoteString, atomically: true, encoding: 0) // $ Alert
|
||||
|
||||
let _ = NSKeyedUnarchiver().unarchiveObject(withFile: remoteString) // $ hasPathInjection=289
|
||||
let _ = ArchiveByteStream.fileStream(fd: remoteString as! FileDescriptor, automaticClose: true) // $ hasPathInjection=289
|
||||
ArchiveByteStream.withFileStream(fd: remoteString as! FileDescriptor, automaticClose: true) { _ in } // $ hasPathInjection=289
|
||||
let _ = ArchiveByteStream.fileStream(path: FilePath(stringLiteral: remoteString), mode: .readOnly, options: .append, permissions: .ownerRead) // $ hasPathInjection=289
|
||||
ArchiveByteStream.withFileStream(path: FilePath(stringLiteral: remoteString), mode: .readOnly, options: .append, permissions: .ownerRead) { _ in } // $ hasPathInjection=289
|
||||
let _ = Bundle(url: remoteUrl) // $ hasPathInjection=289
|
||||
let _ = Bundle(path: remoteString) // $ hasPathInjection=289
|
||||
let _ = NSKeyedUnarchiver().unarchiveObject(withFile: remoteString) // $ Alert
|
||||
let _ = ArchiveByteStream.fileStream(fd: remoteString as! FileDescriptor, automaticClose: true) // $ Alert
|
||||
ArchiveByteStream.withFileStream(fd: remoteString as! FileDescriptor, automaticClose: true) { _ in } // $ Alert
|
||||
let _ = ArchiveByteStream.fileStream(path: FilePath(stringLiteral: remoteString), mode: .readOnly, options: .append, permissions: .ownerRead) // $ Alert
|
||||
ArchiveByteStream.withFileStream(path: FilePath(stringLiteral: remoteString), mode: .readOnly, options: .append, permissions: .ownerRead) { _ in } // $ Alert
|
||||
let _ = Bundle(url: remoteUrl) // $ Alert
|
||||
let _ = Bundle(path: remoteString) // $ Alert
|
||||
|
||||
// GRDB
|
||||
|
||||
let _ = Database(path: remoteString, description: "", configuration: Configuration()) // $ hasPathInjection=289
|
||||
let _ = Database(path: remoteString, description: "", configuration: Configuration()) // $ Alert
|
||||
let _ = Database(path: "", description: "", configuration: Configuration()) // Safe
|
||||
let _ = DatabasePool(path: remoteString, configuration: Configuration()) // $ hasPathInjection=289
|
||||
let _ = DatabasePool(path: remoteString, configuration: Configuration()) // $ Alert
|
||||
let _ = DatabasePool(path: "", configuration: Configuration()) // Safe
|
||||
let _ = DatabaseQueue(path: remoteString, configuration: Configuration()) // $ hasPathInjection=289
|
||||
let _ = DatabaseQueue(path: remoteString, configuration: Configuration()) // $ Alert
|
||||
let _ = DatabaseQueue(path: "", configuration: Configuration()) // Safe
|
||||
let _ = DatabaseSnapshotPool(path: remoteString, configuration: Configuration()) // $ hasPathInjection=289
|
||||
let _ = DatabaseSnapshotPool(path: remoteString, configuration: Configuration()) // $ Alert
|
||||
let _ = DatabaseSnapshotPool(path: "", configuration: Configuration()) // Safe
|
||||
let _ = SerializedDatabase(path: remoteString, defaultLabel: "") // $ hasPathInjection=289
|
||||
let _ = SerializedDatabase(path: remoteString, defaultLabel: "") // $ Alert
|
||||
let _ = SerializedDatabase(path: "", defaultLabel: "") // Safe
|
||||
let _ = SerializedDatabase(path: remoteString, defaultLabel: "", purpose: nil) // $ hasPathInjection=289
|
||||
let _ = SerializedDatabase(path: remoteString, defaultLabel: "", purpose: nil) // $ Alert
|
||||
let _ = SerializedDatabase(path: "", defaultLabel: "", purpose: nil) // Safe
|
||||
let _ = SerializedDatabase(path: remoteString, configuration: Configuration(), defaultLabel: "") // $ hasPathInjection=289
|
||||
let _ = SerializedDatabase(path: remoteString, configuration: Configuration(), defaultLabel: "") // $ Alert
|
||||
let _ = SerializedDatabase(path: "", configuration: Configuration(), defaultLabel: "") // Safe
|
||||
let _ = SerializedDatabase(path: remoteString, configuration: Configuration(), defaultLabel: "", purpose: nil) // $ hasPathInjection=289
|
||||
let _ = SerializedDatabase(path: remoteString, configuration: Configuration(), defaultLabel: "", purpose: nil) // $ Alert
|
||||
let _ = SerializedDatabase(path: "", configuration: Configuration(), defaultLabel: "", purpose: nil) // Safe
|
||||
|
||||
// Realm
|
||||
|
||||
_ = Realm.Configuration(fileURL: safeUrl) // GOOD
|
||||
_ = Realm.Configuration(fileURL: remoteUrl) // $ hasPathInjection=289
|
||||
_ = Realm.Configuration(fileURL: remoteUrl) // $ Alert
|
||||
_ = Realm.Configuration(seedFilePath: safeUrl) // GOOD
|
||||
_ = Realm.Configuration(seedFilePath: remoteUrl) // $ hasPathInjection=289
|
||||
_ = Realm.Configuration(seedFilePath: remoteUrl) // $ Alert
|
||||
|
||||
var config = Realm.Configuration() // GOOD
|
||||
config.fileURL = safeUrl // GOOD
|
||||
config.fileURL = remoteUrl // $ hasPathInjection=289
|
||||
config.fileURL = remoteUrl // $ Alert
|
||||
config.seedFilePath = safeUrl // GOOD
|
||||
config.seedFilePath = remoteUrl // $ hasPathInjection=289
|
||||
config.seedFilePath = remoteUrl // $ Alert
|
||||
|
||||
// sqlite3
|
||||
|
||||
var db: OpaquePointer?
|
||||
let localData = Data(0)
|
||||
let remoteData = Data(contentsOf: URL(string: "http://example.com/")!, options: [])
|
||||
let remoteData = Data(contentsOf: URL(string: "http://example.com/")!, options: []) // $ Source
|
||||
localData.copyBytes(to: buffer1, count: localData.count)
|
||||
remoteData.copyBytes(to: buffer2, count: remoteData.count)
|
||||
|
||||
_ = sqlite3_open("myFile.sqlite3", &db) // GOOD
|
||||
_ = sqlite3_open(remoteString, &db) // $ hasPathInjection=289
|
||||
_ = sqlite3_open(remoteString, &db) // $ Alert
|
||||
_ = sqlite3_open16(buffer1, &db) // GOOD
|
||||
_ = sqlite3_open16(buffer2, &db) // $ hasPathInjection=409
|
||||
_ = sqlite3_open16(buffer2, &db) // $ Alert
|
||||
_ = sqlite3_open_v2("myFile.sqlite3", &db, 0, nil) // GOOD
|
||||
_ = sqlite3_open_v2(remoteString, &db, 0, nil) // $ hasPathInjection=289
|
||||
_ = sqlite3_open_v2(remoteString, &db, 0, nil) // $ Alert
|
||||
|
||||
sqlite3_temp_directory = UnsafeMutablePointer<CChar>(mutating: NSString(string: "myFile.sqlite3").utf8String) // GOOD
|
||||
sqlite3_temp_directory = UnsafeMutablePointer<CChar>(mutating: NSString(string: remoteString).utf8String) // $ MISSING: hasPathInjection=289
|
||||
sqlite3_temp_directory = UnsafeMutablePointer<CChar>(mutating: NSString(string: remoteString).utf8String) // $ MISSING: Alert
|
||||
|
||||
// SQLite.swift
|
||||
|
||||
try! _ = Connection()
|
||||
try! _ = Connection(Connection.Location.uri("myFile.sqlite3")) // GOOD
|
||||
try! _ = Connection(Connection.Location.uri(remoteString)) // $ hasPathInjection=289
|
||||
try! _ = Connection(Connection.Location.uri(remoteString)) // $ Alert
|
||||
try! _ = Connection("myFile.sqlite3") // GOOD
|
||||
try! _ = Connection(remoteString) // $ hasPathInjection=289
|
||||
try! _ = Connection(remoteString) // $ Alert
|
||||
}
|
||||
|
||||
func testBarriers() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
|
||||
let fm = FileManager()
|
||||
|
||||
@@ -438,51 +438,51 @@ func testBarriers() {
|
||||
if (filePath.lexicallyNormalized().starts(with: "/safe")) {
|
||||
let _ = fm.contents(atPath: remoteString) // Safe
|
||||
}
|
||||
let _ = fm.contents(atPath: remoteString) // $ hasPathInjection=433
|
||||
let _ = fm.contents(atPath: remoteString) // $ Alert
|
||||
}
|
||||
|
||||
func testPathInjection2(s1: UnsafeMutablePointer<String>, s2: UnsafeMutablePointer<String>, s3: UnsafeMutablePointer<String>, fm: FileManager) throws {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
|
||||
var u1 = URL(filePath: "")
|
||||
_ = NSData(contentsOf: u1)
|
||||
_ = NSData(contentsOf: u1.appendingPathComponent(""))
|
||||
_ = NSData(contentsOf: u1.appendingPathComponent(remoteString)) // $ hasPathInjection=445
|
||||
_ = NSData(contentsOf: u1.appendingPathComponent(remoteString).appendingPathComponent("")) // $ hasPathInjection=445
|
||||
_ = NSData(contentsOf: u1.appendingPathComponent(remoteString)) // $ Alert
|
||||
_ = NSData(contentsOf: u1.appendingPathComponent(remoteString).appendingPathComponent("")) // $ Alert
|
||||
u1.appendPathComponent(remoteString)
|
||||
_ = NSData(contentsOf: u1) // $ hasPathInjection=445
|
||||
_ = NSData(contentsOf: u1) // $ Alert
|
||||
|
||||
let u2 = URL(filePath: remoteString) // $ hasPathInjection=445
|
||||
_ = NSData(contentsOf: u2) // $ hasPathInjection=445
|
||||
let u2 = URL(filePath: remoteString) // $ Alert
|
||||
_ = NSData(contentsOf: u2) // $ Alert
|
||||
|
||||
let u3 = NSURL(string: "")!
|
||||
Data("").write(to: u3.filePathURL!, options: [])
|
||||
Data("").write(to: u3.appendingPathComponent("")!, options: [])
|
||||
Data("").write(to: u3.appendingPathComponent(remoteString)!, options: []) // $ hasPathInjection=445
|
||||
Data("").write(to: u3.appendingPathComponent(remoteString)!, options: []) // $ Alert
|
||||
|
||||
let u4 = NSURL(string: remoteString)!
|
||||
Data("").write(to: u4.filePathURL!, options: []) // $ hasPathInjection=445
|
||||
Data("").write(to: u4.appendingPathComponent("")!, options: []) // $ hasPathInjection=445
|
||||
Data("").write(to: u4.filePathURL!, options: []) // $ Alert
|
||||
Data("").write(to: u4.appendingPathComponent("")!, options: []) // $ Alert
|
||||
|
||||
_ = NSData(contentsOfFile: remoteString)! // $ hasPathInjection=445
|
||||
_ = NSData(contentsOfMappedFile: remoteString)! // $ hasPathInjection=445
|
||||
_ = NSData.dataWithContentsOfMappedFile(remoteString)! // $ hasPathInjection=445
|
||||
_ = NSData(contentsOfFile: remoteString)! // $ Alert
|
||||
_ = NSData(contentsOfMappedFile: remoteString)! // $ Alert
|
||||
_ = NSData.dataWithContentsOfMappedFile(remoteString)! // $ Alert
|
||||
|
||||
_ = NSData().write(toFile: s1.pointee, atomically: true)
|
||||
s1.pointee = remoteString
|
||||
_ = NSData().write(toFile: s1.pointee, atomically: true) // $ hasPathInjection=445
|
||||
_ = NSData().write(toFile: s1[0], atomically: true) // $ MISSING: hasPathInjection=445
|
||||
_ = NSData().write(toFile: s1.pointee, atomically: true) // $ Alert
|
||||
_ = NSData().write(toFile: s1[0], atomically: true) // $ MISSING: Alert
|
||||
|
||||
_ = "".completePath(into: s2, caseSensitive: false, matchesInto: nil, filterTypes: nil)
|
||||
_ = NSData().write(toFile: s2.pointee, atomically: true)
|
||||
_ = NSData().write(toFile: s2[0], atomically: true)
|
||||
|
||||
_ = remoteString.completePath(into: s3, caseSensitive: false, matchesInto: nil, filterTypes: nil)
|
||||
_ = NSData().write(toFile: s3.pointee, atomically: true) // $ MISSING: hasPathInjection=445
|
||||
_ = NSData().write(toFile: s3[0], atomically: true) // $ hasPathInjection=445
|
||||
_ = NSData().write(toFile: s3.pointee, atomically: true) // $ MISSING: Alert
|
||||
_ = NSData().write(toFile: s3[0], atomically: true) // $ Alert
|
||||
|
||||
_ = fm.fileAttributes(atPath: remoteString, traverseLink: true) // $ hasPathInjection=445
|
||||
_ = try fm.attributesOfItem(atPath: remoteString) // $ hasPathInjection=445
|
||||
_ = fm.fileAttributes(atPath: remoteString, traverseLink: true) // $ Alert
|
||||
_ = try fm.attributesOfItem(atPath: remoteString) // $ Alert
|
||||
}
|
||||
|
||||
// ---
|
||||
@@ -502,18 +502,18 @@ class MyFile {
|
||||
}
|
||||
|
||||
func testPathInjectionHeuristics() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
|
||||
myOpenFile1(atPath: remoteString) // $ hasPathInjection=505
|
||||
myOpenFile2(remoteString) // $ hasPathInjection=505
|
||||
myFindFiles(ofType: 0, inDirectory: remoteString) // $ hasPathInjection=505
|
||||
myOpenFile1(atPath: remoteString) // $ Alert
|
||||
myOpenFile2(remoteString) // $ Alert
|
||||
myFindFiles(ofType: 0, inDirectory: remoteString) // $ Alert
|
||||
|
||||
let mc = MyClass(contentsOfFile: remoteString) // $ hasPathInjection=505
|
||||
let mc = MyClass(contentsOfFile: remoteString) // $ Alert
|
||||
mc.doSomething(keyPath: remoteString) // good - not a path
|
||||
mc.write(toFile: remoteString) // $ hasPathInjection=505
|
||||
mc.write(toFile: remoteString) // $ Alert
|
||||
|
||||
let mf1 = MyFile(path: "")
|
||||
let mf2 = MyFile(path: remoteString) // $ MISSING: hasPathInjection=
|
||||
let mf2 = MyFile(path: remoteString) // $ MISSING: Alert
|
||||
|
||||
_ = NSSortDescriptor(key: remoteString, ascending: true) // good - not a path
|
||||
_ = NSSortDescriptor(keyPath: remoteString as! KeyPath<Int, Int>, ascending: true) // good - not a path
|
||||
|
||||
@@ -0,0 +1,297 @@
|
||||
#select
|
||||
| cleartextLoggingTest.swift:167:11:167:11 | [...] | cleartextLoggingTest.swift:167:11:167:11 | password | cleartextLoggingTest.swift:167:11:167:11 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:167:11:167:11 | password | password |
|
||||
| cleartextLoggingTest.swift:168:11:168:11 | [...] | cleartextLoggingTest.swift:168:11:168:11 | password | cleartextLoggingTest.swift:168:11:168:11 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:168:11:168:11 | password | password |
|
||||
| cleartextLoggingTest.swift:169:26:169:26 | password | cleartextLoggingTest.swift:169:26:169:26 | password | cleartextLoggingTest.swift:169:26:169:26 | password | This operation writes 'password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:169:26:169:26 | password | password |
|
||||
| cleartextLoggingTest.swift:170:11:170:11 | [...] | cleartextLoggingTest.swift:170:11:170:11 | password | cleartextLoggingTest.swift:170:11:170:11 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:170:11:170:11 | password | password |
|
||||
| cleartextLoggingTest.swift:171:26:171:26 | password | cleartextLoggingTest.swift:171:26:171:26 | password | cleartextLoggingTest.swift:171:26:171:26 | password | This operation writes 'password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:171:26:171:26 | password | password |
|
||||
| cleartextLoggingTest.swift:172:42:172:42 | password | cleartextLoggingTest.swift:172:42:172:42 | password | cleartextLoggingTest.swift:172:42:172:42 | password | This operation writes 'password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:172:42:172:42 | password | password |
|
||||
| cleartextLoggingTest.swift:175:16:175:16 | [...] | cleartextLoggingTest.swift:175:16:175:16 | password | cleartextLoggingTest.swift:175:16:175:16 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:175:16:175:16 | password | password |
|
||||
| cleartextLoggingTest.swift:177:10:177:10 | password | cleartextLoggingTest.swift:177:10:177:10 | password | cleartextLoggingTest.swift:177:10:177:10 | password | This operation writes 'password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:177:10:177:10 | password | password |
|
||||
| cleartextLoggingTest.swift:179:11:179:11 | password | cleartextLoggingTest.swift:179:11:179:11 | password | cleartextLoggingTest.swift:179:11:179:11 | password | This operation writes 'password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:179:11:179:11 | password | password |
|
||||
| cleartextLoggingTest.swift:180:17:180:17 | [...] | cleartextLoggingTest.swift:180:17:180:17 | password | cleartextLoggingTest.swift:180:17:180:17 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:180:17:180:17 | password | password |
|
||||
| cleartextLoggingTest.swift:181:20:181:24 | [...] | cleartextLoggingTest.swift:181:24:181:24 | password | cleartextLoggingTest.swift:181:20:181:24 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:181:24:181:24 | password | password |
|
||||
| cleartextLoggingTest.swift:182:11:182:11 | "..." | cleartextLoggingTest.swift:182:14:182:14 | password | cleartextLoggingTest.swift:182:11:182:11 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:182:14:182:14 | password | password |
|
||||
| cleartextLoggingTest.swift:183:18:183:38 | call to getVaList(_:) | cleartextLoggingTest.swift:183:29:183:29 | password | cleartextLoggingTest.swift:183:18:183:38 | call to getVaList(_:) | This operation writes 'call to getVaList(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:183:29:183:29 | password | password |
|
||||
| cleartextLoggingTest.swift:184:21:184:45 | call to getVaList(_:) | cleartextLoggingTest.swift:184:36:184:36 | password | cleartextLoggingTest.swift:184:21:184:45 | call to getVaList(_:) | This operation writes 'call to getVaList(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:184:36:184:36 | password | password |
|
||||
| cleartextLoggingTest.swift:220:11:220:11 | passphrase | cleartextLoggingTest.swift:220:11:220:11 | passphrase | cleartextLoggingTest.swift:220:11:220:11 | passphrase | This operation writes 'passphrase' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:220:11:220:11 | passphrase | passphrase |
|
||||
| cleartextLoggingTest.swift:221:11:221:11 | pass_phrase | cleartextLoggingTest.swift:221:11:221:11 | pass_phrase | cleartextLoggingTest.swift:221:11:221:11 | pass_phrase | This operation writes 'pass_phrase' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:221:11:221:11 | pass_phrase | pass_phrase |
|
||||
| cleartextLoggingTest.swift:224:49:224:49 | [...] | cleartextLoggingTest.swift:224:49:224:49 | password | cleartextLoggingTest.swift:224:49:224:49 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:224:49:224:49 | password | password |
|
||||
| cleartextLoggingTest.swift:225:55:225:63 | [...] | cleartextLoggingTest.swift:225:63:225:63 | password | cleartextLoggingTest.swift:225:55:225:63 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:225:63:225:63 | password | password |
|
||||
| cleartextLoggingTest.swift:241:8:241:8 | x | cleartextLoggingTest.swift:240:24:240:24 | x | cleartextLoggingTest.swift:241:8:241:8 | x | This operation writes 'x' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:240:24:240:24 | x | x |
|
||||
| cleartextLoggingTest.swift:244:8:244:8 | y | cleartextLoggingTest.swift:243:10:243:22 | call to getPassword() | cleartextLoggingTest.swift:244:8:244:8 | y | This operation writes 'y' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:243:10:243:22 | call to getPassword() | call to getPassword() |
|
||||
| cleartextLoggingTest.swift:248:8:248:10 | .password | cleartextLoggingTest.swift:248:8:248:10 | .password | cleartextLoggingTest.swift:248:8:248:10 | .password | This operation writes '.password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:248:8:248:10 | .password | .password |
|
||||
| cleartextLoggingTest.swift:263:8:263:20 | .value | cleartextLoggingTest.swift:263:8:263:11 | .password | cleartextLoggingTest.swift:263:8:263:20 | .value | This operation writes '.value' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:263:8:263:11 | .password | .password |
|
||||
| cleartextLoggingTest.swift:287:8:287:8 | [...] | cleartextLoggingTest.swift:286:8:286:8 | password | cleartextLoggingTest.swift:287:8:287:8 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:286:8:286:8 | password | password |
|
||||
| cleartextLoggingTest.swift:290:8:290:8 | [...] | cleartextLoggingTest.swift:289:18:289:18 | password | cleartextLoggingTest.swift:290:8:290:8 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:289:18:289:18 | password | password |
|
||||
| cleartextLoggingTest.swift:296:13:296:13 | [...] | cleartextLoggingTest.swift:295:13:295:13 | password | cleartextLoggingTest.swift:296:13:296:13 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:295:13:295:13 | password | password |
|
||||
| cleartextLoggingTest.swift:302:7:302:7 | myString7 | cleartextLoggingTest.swift:301:7:301:7 | password | cleartextLoggingTest.swift:302:7:302:7 | myString7 | This operation writes 'myString7' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:301:7:301:7 | password | password |
|
||||
| cleartextLoggingTest.swift:308:8:308:8 | [...] | cleartextLoggingTest.swift:307:18:307:18 | password | cleartextLoggingTest.swift:308:8:308:8 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:307:18:307:18 | password | password |
|
||||
| cleartextLoggingTest.swift:313:8:313:8 | [...] | cleartextLoggingTest.swift:311:19:311:19 | password | cleartextLoggingTest.swift:313:8:313:8 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:311:19:311:19 | password | password |
|
||||
| cleartextLoggingTest.swift:319:8:319:8 | [...] | cleartextLoggingTest.swift:318:2:318:2 | password | cleartextLoggingTest.swift:319:8:319:8 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:318:2:318:2 | password | password |
|
||||
| cleartextLoggingTest.swift:334:17:334:17 | { ... } | cleartextLoggingTest.swift:334:17:334:17 | password | cleartextLoggingTest.swift:334:17:334:17 | { ... } | This operation writes '{ ... }' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:334:17:334:17 | password | password |
|
||||
| cleartextLoggingTest.swift:336:20:336:20 | { ... } | cleartextLoggingTest.swift:336:20:336:20 | password | cleartextLoggingTest.swift:336:20:336:20 | { ... } | This operation writes '{ ... }' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:336:20:336:20 | password | password |
|
||||
| cleartextLoggingTest.swift:338:23:338:23 | { ... } | cleartextLoggingTest.swift:338:23:338:23 | password | cleartextLoggingTest.swift:338:23:338:23 | { ... } | This operation writes '{ ... }' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:338:23:338:23 | password | password |
|
||||
| cleartextLoggingTest.swift:340:23:340:23 | { ... } | cleartextLoggingTest.swift:340:23:340:23 | password | cleartextLoggingTest.swift:340:23:340:23 | { ... } | This operation writes '{ ... }' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:340:23:340:23 | password | password |
|
||||
| cleartextLoggingTest.swift:342:14:342:14 | { ... } | cleartextLoggingTest.swift:342:14:342:14 | password | cleartextLoggingTest.swift:342:14:342:14 | { ... } | This operation writes '{ ... }' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:342:14:342:14 | password | password |
|
||||
| cleartextLoggingTest.swift:347:69:347:69 | "..." | cleartextLoggingTest.swift:347:72:347:72 | passwordString | cleartextLoggingTest.swift:347:69:347:69 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:347:72:347:72 | passwordString | passwordString |
|
||||
| cleartextLoggingTest.swift:350:61:350:61 | "..." | cleartextLoggingTest.swift:350:64:350:64 | passwordString | cleartextLoggingTest.swift:350:61:350:61 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:350:64:350:64 | passwordString | passwordString |
|
||||
| cleartextLoggingTest.swift:351:92:351:118 | call to getVaList(_:) | cleartextLoggingTest.swift:351:103:351:103 | passwordString | cleartextLoggingTest.swift:351:92:351:118 | call to getVaList(_:) | This operation writes 'call to getVaList(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:351:103:351:103 | passwordString | passwordString |
|
||||
| cleartextLoggingTest.swift:353:20:353:20 | "..." | cleartextLoggingTest.swift:353:23:353:23 | passwordString | cleartextLoggingTest.swift:353:20:353:20 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:353:23:353:23 | passwordString | passwordString |
|
||||
| cleartextLoggingTest.swift:354:40:354:40 | [...] | cleartextLoggingTest.swift:354:40:354:40 | passwordString | cleartextLoggingTest.swift:354:40:354:40 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:354:40:354:40 | passwordString | passwordString |
|
||||
| cleartextLoggingTest.swift:355:44:355:51 | [...] | cleartextLoggingTest.swift:355:51:355:51 | passwordString | cleartextLoggingTest.swift:355:44:355:51 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:355:51:355:51 | passwordString | passwordString |
|
||||
| cleartextLoggingTest.swift:356:17:356:17 | "..." | cleartextLoggingTest.swift:356:20:356:20 | passwordString | cleartextLoggingTest.swift:356:17:356:17 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:356:20:356:20 | passwordString | passwordString |
|
||||
| cleartextLoggingTest.swift:357:37:357:63 | call to getVaList(_:) | cleartextLoggingTest.swift:357:48:357:48 | passwordString | cleartextLoggingTest.swift:357:37:357:63 | call to getVaList(_:) | This operation writes 'call to getVaList(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:357:48:357:48 | passwordString | passwordString |
|
||||
| cleartextLoggingTest.swift:358:23:358:23 | "..." | cleartextLoggingTest.swift:358:26:358:26 | passwordString | cleartextLoggingTest.swift:358:23:358:23 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:358:26:358:26 | passwordString | passwordString |
|
||||
| cleartextLoggingTest.swift:359:43:359:69 | call to getVaList(_:) | cleartextLoggingTest.swift:359:54:359:54 | passwordString | cleartextLoggingTest.swift:359:43:359:69 | call to getVaList(_:) | This operation writes 'call to getVaList(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:359:54:359:54 | passwordString | passwordString |
|
||||
| cleartextLoggingTest.swift:365:18:365:18 | authKey | cleartextLoggingTest.swift:365:18:365:18 | authKey | cleartextLoggingTest.swift:365:18:365:18 | authKey | This operation writes 'authKey' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:365:18:365:18 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:366:18:366:33 | call to String.init(_:) | cleartextLoggingTest.swift:366:25:366:25 | authKey2 | cleartextLoggingTest.swift:366:18:366:33 | call to String.init(_:) | This operation writes 'call to String.init(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:366:25:366:25 | authKey2 | authKey2 |
|
||||
| cleartextLoggingTest.swift:369:16:369:40 | call to NSString.init(string:) | cleartextLoggingTest.swift:369:33:369:33 | authKey | cleartextLoggingTest.swift:369:16:369:40 | call to NSString.init(string:) | This operation writes 'call to NSString.init(string:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:369:33:369:33 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:370:13:370:13 | authKey | cleartextLoggingTest.swift:370:13:370:13 | authKey | cleartextLoggingTest.swift:370:13:370:13 | authKey | This operation writes 'authKey' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:370:13:370:13 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:371:24:371:24 | authKey | cleartextLoggingTest.swift:371:24:371:24 | authKey | cleartextLoggingTest.swift:371:24:371:24 | authKey | This operation writes 'authKey' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:371:24:371:24 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:378:16:378:16 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:378:16:378:16 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:379:18:379:18 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:379:18:379:18 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:380:18:380:18 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:380:18:380:18 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:381:17:381:37 | call to NSString.init(string:) | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:381:17:381:37 | call to NSString.init(string:) | This operation writes 'call to NSString.init(string:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:382:19:382:19 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:382:19:382:19 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:383:20:383:20 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:383:20:383:20 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:384:18:384:18 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:384:18:384:18 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:385:21:385:21 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:385:21:385:21 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey |
|
||||
| cleartextLoggingTest.swift:386:18:386:18 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:386:18:386:18 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey |
|
||||
edges
|
||||
| cleartextLoggingTest.swift:167:11:167:11 | [...] [Collection element] | cleartextLoggingTest.swift:167:11:167:11 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:167:11:167:11 | password | cleartextLoggingTest.swift:167:11:167:11 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:168:11:168:11 | [...] [Collection element] | cleartextLoggingTest.swift:168:11:168:11 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:168:11:168:11 | password | cleartextLoggingTest.swift:168:11:168:11 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:170:11:170:11 | [...] [Collection element] | cleartextLoggingTest.swift:170:11:170:11 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:170:11:170:11 | password | cleartextLoggingTest.swift:170:11:170:11 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:175:16:175:16 | [...] [Collection element] | cleartextLoggingTest.swift:175:16:175:16 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:175:16:175:16 | password | cleartextLoggingTest.swift:175:16:175:16 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:180:17:180:17 | [...] [Collection element] | cleartextLoggingTest.swift:180:17:180:17 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:180:17:180:17 | password | cleartextLoggingTest.swift:180:17:180:17 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:181:20:181:24 | [...] [Collection element] | cleartextLoggingTest.swift:181:20:181:24 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:181:24:181:24 | password | cleartextLoggingTest.swift:181:20:181:24 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:182:14:182:14 | password | cleartextLoggingTest.swift:182:11:182:11 | "..." | provenance | |
|
||||
| cleartextLoggingTest.swift:183:28:183:37 | [...] [Collection element] | cleartextLoggingTest.swift:183:18:183:38 | call to getVaList(_:) | provenance | |
|
||||
| cleartextLoggingTest.swift:183:29:183:29 | password | cleartextLoggingTest.swift:183:28:183:37 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:184:31:184:44 | [...] [Collection element] | cleartextLoggingTest.swift:184:21:184:45 | call to getVaList(_:) | provenance | |
|
||||
| cleartextLoggingTest.swift:184:36:184:36 | password | cleartextLoggingTest.swift:184:31:184:44 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:224:49:224:49 | [...] [Collection element] | cleartextLoggingTest.swift:224:49:224:49 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:224:49:224:49 | password | cleartextLoggingTest.swift:224:49:224:49 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:225:55:225:63 | [...] [Collection element] | cleartextLoggingTest.swift:225:55:225:63 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:225:63:225:63 | password | cleartextLoggingTest.swift:225:55:225:63 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:240:24:240:24 | x | cleartextLoggingTest.swift:241:8:241:8 | x | provenance | |
|
||||
| cleartextLoggingTest.swift:243:10:243:22 | call to getPassword() | cleartextLoggingTest.swift:244:8:244:8 | y | provenance | |
|
||||
| cleartextLoggingTest.swift:253:7:253:7 | self | file://:0:0:0:0 | self | provenance | |
|
||||
| cleartextLoggingTest.swift:263:8:263:11 | .password | cleartextLoggingTest.swift:253:7:253:7 | self | provenance | |
|
||||
| cleartextLoggingTest.swift:263:8:263:11 | .password | cleartextLoggingTest.swift:263:8:263:20 | .value | provenance | Config |
|
||||
| cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | cleartextLoggingTest.swift:286:23:286:23 | [post] myString2 | provenance | |
|
||||
| cleartextLoggingTest.swift:286:8:286:8 | password | cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:286:23:286:23 | [post] myString2 | cleartextLoggingTest.swift:287:8:287:8 | myString2 | provenance | |
|
||||
| cleartextLoggingTest.swift:287:8:287:8 | [...] [Collection element] | cleartextLoggingTest.swift:287:8:287:8 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:287:8:287:8 | myString2 | cleartextLoggingTest.swift:287:8:287:8 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:289:8:289:18 | ... .+(_:_:) ... | cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | cleartextLoggingTest.swift:289:33:289:33 | [post] myString3 | provenance | |
|
||||
| cleartextLoggingTest.swift:289:18:289:18 | password | cleartextLoggingTest.swift:289:8:289:18 | ... .+(_:_:) ... | provenance | |
|
||||
| cleartextLoggingTest.swift:289:33:289:33 | [post] myString3 | cleartextLoggingTest.swift:290:8:290:8 | myString3 | provenance | |
|
||||
| cleartextLoggingTest.swift:290:8:290:8 | [...] [Collection element] | cleartextLoggingTest.swift:290:8:290:8 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:290:8:290:8 | myString3 | cleartextLoggingTest.swift:290:8:290:8 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | cleartextLoggingTest.swift:295:28:295:28 | [post] myString5 | provenance | |
|
||||
| cleartextLoggingTest.swift:295:13:295:13 | password | cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:295:28:295:28 | [post] myString5 | cleartextLoggingTest.swift:296:13:296:13 | myString5 | provenance | |
|
||||
| cleartextLoggingTest.swift:296:13:296:13 | [...] [Collection element] | cleartextLoggingTest.swift:296:13:296:13 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:296:13:296:13 | myString5 | cleartextLoggingTest.swift:296:13:296:13 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:301:7:301:7 | password | cleartextLoggingTest.swift:301:22:301:22 | [post] myString7 | provenance | |
|
||||
| cleartextLoggingTest.swift:301:22:301:22 | [post] myString7 | cleartextLoggingTest.swift:302:7:302:7 | myString7 | provenance | |
|
||||
| cleartextLoggingTest.swift:307:2:307:2 | [post] myString9 | cleartextLoggingTest.swift:308:8:308:8 | myString9 | provenance | |
|
||||
| cleartextLoggingTest.swift:307:18:307:18 | password | cleartextLoggingTest.swift:307:2:307:2 | [post] myString9 | provenance | |
|
||||
| cleartextLoggingTest.swift:308:8:308:8 | [...] [Collection element] | cleartextLoggingTest.swift:308:8:308:8 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:308:8:308:8 | myString9 | cleartextLoggingTest.swift:308:8:308:8 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:311:2:311:2 | [post] myString10 | cleartextLoggingTest.swift:313:8:313:8 | myString10 | provenance | |
|
||||
| cleartextLoggingTest.swift:311:19:311:19 | password | cleartextLoggingTest.swift:311:2:311:2 | [post] myString10 | provenance | |
|
||||
| cleartextLoggingTest.swift:313:8:313:8 | [...] [Collection element] | cleartextLoggingTest.swift:313:8:313:8 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:313:8:313:8 | myString10 | cleartextLoggingTest.swift:313:8:313:8 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:318:2:318:2 | password | cleartextLoggingTest.swift:318:22:318:22 | [post] myString12 | provenance | |
|
||||
| cleartextLoggingTest.swift:318:22:318:22 | [post] myString12 | cleartextLoggingTest.swift:319:8:319:8 | myString12 | provenance | |
|
||||
| cleartextLoggingTest.swift:319:8:319:8 | [...] [Collection element] | cleartextLoggingTest.swift:319:8:319:8 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:319:8:319:8 | myString12 | cleartextLoggingTest.swift:319:8:319:8 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:334:17:334:17 | password | cleartextLoggingTest.swift:334:17:334:17 | { ... } | provenance | |
|
||||
| cleartextLoggingTest.swift:336:20:336:20 | password | cleartextLoggingTest.swift:336:20:336:20 | { ... } | provenance | |
|
||||
| cleartextLoggingTest.swift:338:23:338:23 | password | cleartextLoggingTest.swift:338:23:338:23 | { ... } | provenance | |
|
||||
| cleartextLoggingTest.swift:340:23:340:23 | password | cleartextLoggingTest.swift:340:23:340:23 | { ... } | provenance | |
|
||||
| cleartextLoggingTest.swift:342:14:342:14 | password | cleartextLoggingTest.swift:342:14:342:14 | { ... } | provenance | |
|
||||
| cleartextLoggingTest.swift:347:72:347:72 | passwordString | cleartextLoggingTest.swift:347:69:347:69 | "..." | provenance | |
|
||||
| cleartextLoggingTest.swift:350:64:350:64 | passwordString | cleartextLoggingTest.swift:350:61:350:61 | "..." | provenance | |
|
||||
| cleartextLoggingTest.swift:351:102:351:117 | [...] [Collection element] | cleartextLoggingTest.swift:351:92:351:118 | call to getVaList(_:) | provenance | |
|
||||
| cleartextLoggingTest.swift:351:103:351:103 | passwordString | cleartextLoggingTest.swift:351:102:351:117 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:353:23:353:23 | passwordString | cleartextLoggingTest.swift:353:20:353:20 | "..." | provenance | |
|
||||
| cleartextLoggingTest.swift:354:40:354:40 | [...] [Collection element] | cleartextLoggingTest.swift:354:40:354:40 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:354:40:354:40 | passwordString | cleartextLoggingTest.swift:354:40:354:40 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:355:44:355:51 | [...] [Collection element] | cleartextLoggingTest.swift:355:44:355:51 | [...] | provenance | |
|
||||
| cleartextLoggingTest.swift:355:51:355:51 | passwordString | cleartextLoggingTest.swift:355:44:355:51 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:356:20:356:20 | passwordString | cleartextLoggingTest.swift:356:17:356:17 | "..." | provenance | |
|
||||
| cleartextLoggingTest.swift:357:47:357:62 | [...] [Collection element] | cleartextLoggingTest.swift:357:37:357:63 | call to getVaList(_:) | provenance | |
|
||||
| cleartextLoggingTest.swift:357:48:357:48 | passwordString | cleartextLoggingTest.swift:357:47:357:62 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:358:26:358:26 | passwordString | cleartextLoggingTest.swift:358:23:358:23 | "..." | provenance | |
|
||||
| cleartextLoggingTest.swift:359:53:359:68 | [...] [Collection element] | cleartextLoggingTest.swift:359:43:359:69 | call to getVaList(_:) | provenance | |
|
||||
| cleartextLoggingTest.swift:359:54:359:54 | passwordString | cleartextLoggingTest.swift:359:53:359:68 | [...] [Collection element] | provenance | |
|
||||
| cleartextLoggingTest.swift:366:25:366:25 | authKey2 | cleartextLoggingTest.swift:366:18:366:33 | call to String.init(_:) | provenance | |
|
||||
| cleartextLoggingTest.swift:369:33:369:33 | authKey | cleartextLoggingTest.swift:369:16:369:40 | call to NSString.init(string:) | provenance | |
|
||||
| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:378:16:378:16 | msg | provenance | |
|
||||
| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:379:18:379:18 | msg | provenance | |
|
||||
| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:380:18:380:18 | msg | provenance | |
|
||||
| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:381:34:381:34 | msg | provenance | |
|
||||
| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:382:19:382:19 | msg | provenance | |
|
||||
| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:383:20:383:20 | msg | provenance | |
|
||||
| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:384:18:384:18 | msg | provenance | |
|
||||
| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:385:21:385:21 | msg | provenance | |
|
||||
| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:386:18:386:18 | msg | provenance | |
|
||||
| cleartextLoggingTest.swift:381:34:381:34 | msg | cleartextLoggingTest.swift:381:17:381:37 | call to NSString.init(string:) | provenance | |
|
||||
| file://:0:0:0:0 | self | file://:0:0:0:0 | .value | provenance | Config |
|
||||
nodes
|
||||
| cleartextLoggingTest.swift:167:11:167:11 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:167:11:167:11 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:167:11:167:11 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:168:11:168:11 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:168:11:168:11 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:168:11:168:11 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:169:26:169:26 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:170:11:170:11 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:170:11:170:11 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:170:11:170:11 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:171:26:171:26 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:172:42:172:42 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:175:16:175:16 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:175:16:175:16 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:175:16:175:16 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:177:10:177:10 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:179:11:179:11 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:180:17:180:17 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:180:17:180:17 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:180:17:180:17 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:181:20:181:24 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:181:20:181:24 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:181:24:181:24 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:182:11:182:11 | "..." | semmle.label | "..." |
|
||||
| cleartextLoggingTest.swift:182:14:182:14 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:183:18:183:38 | call to getVaList(_:) | semmle.label | call to getVaList(_:) |
|
||||
| cleartextLoggingTest.swift:183:28:183:37 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:183:29:183:29 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:184:21:184:45 | call to getVaList(_:) | semmle.label | call to getVaList(_:) |
|
||||
| cleartextLoggingTest.swift:184:31:184:44 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:184:36:184:36 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:220:11:220:11 | passphrase | semmle.label | passphrase |
|
||||
| cleartextLoggingTest.swift:221:11:221:11 | pass_phrase | semmle.label | pass_phrase |
|
||||
| cleartextLoggingTest.swift:224:49:224:49 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:224:49:224:49 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:224:49:224:49 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:225:55:225:63 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:225:55:225:63 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:225:63:225:63 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:240:24:240:24 | x | semmle.label | x |
|
||||
| cleartextLoggingTest.swift:241:8:241:8 | x | semmle.label | x |
|
||||
| cleartextLoggingTest.swift:243:10:243:22 | call to getPassword() | semmle.label | call to getPassword() |
|
||||
| cleartextLoggingTest.swift:244:8:244:8 | y | semmle.label | y |
|
||||
| cleartextLoggingTest.swift:248:8:248:10 | .password | semmle.label | .password |
|
||||
| cleartextLoggingTest.swift:253:7:253:7 | self | semmle.label | self |
|
||||
| cleartextLoggingTest.swift:263:8:263:11 | .password | semmle.label | .password |
|
||||
| cleartextLoggingTest.swift:263:8:263:20 | .value | semmle.label | .value |
|
||||
| cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:286:8:286:8 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:286:23:286:23 | [post] myString2 | semmle.label | [post] myString2 |
|
||||
| cleartextLoggingTest.swift:287:8:287:8 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:287:8:287:8 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:287:8:287:8 | myString2 | semmle.label | myString2 |
|
||||
| cleartextLoggingTest.swift:289:8:289:18 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
|
||||
| cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:289:18:289:18 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:289:33:289:33 | [post] myString3 | semmle.label | [post] myString3 |
|
||||
| cleartextLoggingTest.swift:290:8:290:8 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:290:8:290:8 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:290:8:290:8 | myString3 | semmle.label | myString3 |
|
||||
| cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:295:13:295:13 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:295:28:295:28 | [post] myString5 | semmle.label | [post] myString5 |
|
||||
| cleartextLoggingTest.swift:296:13:296:13 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:296:13:296:13 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:296:13:296:13 | myString5 | semmle.label | myString5 |
|
||||
| cleartextLoggingTest.swift:301:7:301:7 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:301:22:301:22 | [post] myString7 | semmle.label | [post] myString7 |
|
||||
| cleartextLoggingTest.swift:302:7:302:7 | myString7 | semmle.label | myString7 |
|
||||
| cleartextLoggingTest.swift:307:2:307:2 | [post] myString9 | semmle.label | [post] myString9 |
|
||||
| cleartextLoggingTest.swift:307:18:307:18 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:308:8:308:8 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:308:8:308:8 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:308:8:308:8 | myString9 | semmle.label | myString9 |
|
||||
| cleartextLoggingTest.swift:311:2:311:2 | [post] myString10 | semmle.label | [post] myString10 |
|
||||
| cleartextLoggingTest.swift:311:19:311:19 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:313:8:313:8 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:313:8:313:8 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:313:8:313:8 | myString10 | semmle.label | myString10 |
|
||||
| cleartextLoggingTest.swift:318:2:318:2 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:318:22:318:22 | [post] myString12 | semmle.label | [post] myString12 |
|
||||
| cleartextLoggingTest.swift:319:8:319:8 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:319:8:319:8 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:319:8:319:8 | myString12 | semmle.label | myString12 |
|
||||
| cleartextLoggingTest.swift:334:17:334:17 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:334:17:334:17 | { ... } | semmle.label | { ... } |
|
||||
| cleartextLoggingTest.swift:336:20:336:20 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:336:20:336:20 | { ... } | semmle.label | { ... } |
|
||||
| cleartextLoggingTest.swift:338:23:338:23 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:338:23:338:23 | { ... } | semmle.label | { ... } |
|
||||
| cleartextLoggingTest.swift:340:23:340:23 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:340:23:340:23 | { ... } | semmle.label | { ... } |
|
||||
| cleartextLoggingTest.swift:342:14:342:14 | password | semmle.label | password |
|
||||
| cleartextLoggingTest.swift:342:14:342:14 | { ... } | semmle.label | { ... } |
|
||||
| cleartextLoggingTest.swift:347:69:347:69 | "..." | semmle.label | "..." |
|
||||
| cleartextLoggingTest.swift:347:72:347:72 | passwordString | semmle.label | passwordString |
|
||||
| cleartextLoggingTest.swift:350:61:350:61 | "..." | semmle.label | "..." |
|
||||
| cleartextLoggingTest.swift:350:64:350:64 | passwordString | semmle.label | passwordString |
|
||||
| cleartextLoggingTest.swift:351:92:351:118 | call to getVaList(_:) | semmle.label | call to getVaList(_:) |
|
||||
| cleartextLoggingTest.swift:351:102:351:117 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:351:103:351:103 | passwordString | semmle.label | passwordString |
|
||||
| cleartextLoggingTest.swift:353:20:353:20 | "..." | semmle.label | "..." |
|
||||
| cleartextLoggingTest.swift:353:23:353:23 | passwordString | semmle.label | passwordString |
|
||||
| cleartextLoggingTest.swift:354:40:354:40 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:354:40:354:40 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:354:40:354:40 | passwordString | semmle.label | passwordString |
|
||||
| cleartextLoggingTest.swift:355:44:355:51 | [...] | semmle.label | [...] |
|
||||
| cleartextLoggingTest.swift:355:44:355:51 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:355:51:355:51 | passwordString | semmle.label | passwordString |
|
||||
| cleartextLoggingTest.swift:356:17:356:17 | "..." | semmle.label | "..." |
|
||||
| cleartextLoggingTest.swift:356:20:356:20 | passwordString | semmle.label | passwordString |
|
||||
| cleartextLoggingTest.swift:357:37:357:63 | call to getVaList(_:) | semmle.label | call to getVaList(_:) |
|
||||
| cleartextLoggingTest.swift:357:47:357:62 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:357:48:357:48 | passwordString | semmle.label | passwordString |
|
||||
| cleartextLoggingTest.swift:358:23:358:23 | "..." | semmle.label | "..." |
|
||||
| cleartextLoggingTest.swift:358:26:358:26 | passwordString | semmle.label | passwordString |
|
||||
| cleartextLoggingTest.swift:359:43:359:69 | call to getVaList(_:) | semmle.label | call to getVaList(_:) |
|
||||
| cleartextLoggingTest.swift:359:53:359:68 | [...] [Collection element] | semmle.label | [...] [Collection element] |
|
||||
| cleartextLoggingTest.swift:359:54:359:54 | passwordString | semmle.label | passwordString |
|
||||
| cleartextLoggingTest.swift:365:18:365:18 | authKey | semmle.label | authKey |
|
||||
| cleartextLoggingTest.swift:366:18:366:33 | call to String.init(_:) | semmle.label | call to String.init(_:) |
|
||||
| cleartextLoggingTest.swift:366:25:366:25 | authKey2 | semmle.label | authKey2 |
|
||||
| cleartextLoggingTest.swift:369:16:369:40 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
|
||||
| cleartextLoggingTest.swift:369:33:369:33 | authKey | semmle.label | authKey |
|
||||
| cleartextLoggingTest.swift:370:13:370:13 | authKey | semmle.label | authKey |
|
||||
| cleartextLoggingTest.swift:371:24:371:24 | authKey | semmle.label | authKey |
|
||||
| cleartextLoggingTest.swift:377:29:377:29 | authKey | semmle.label | authKey |
|
||||
| cleartextLoggingTest.swift:378:16:378:16 | msg | semmle.label | msg |
|
||||
| cleartextLoggingTest.swift:379:18:379:18 | msg | semmle.label | msg |
|
||||
| cleartextLoggingTest.swift:380:18:380:18 | msg | semmle.label | msg |
|
||||
| cleartextLoggingTest.swift:381:17:381:37 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
|
||||
| cleartextLoggingTest.swift:381:34:381:34 | msg | semmle.label | msg |
|
||||
| cleartextLoggingTest.swift:382:19:382:19 | msg | semmle.label | msg |
|
||||
| cleartextLoggingTest.swift:383:20:383:20 | msg | semmle.label | msg |
|
||||
| cleartextLoggingTest.swift:384:18:384:18 | msg | semmle.label | msg |
|
||||
| cleartextLoggingTest.swift:385:21:385:21 | msg | semmle.label | msg |
|
||||
| cleartextLoggingTest.swift:386:18:386:18 | msg | semmle.label | msg |
|
||||
| file://:0:0:0:0 | .value | semmle.label | .value |
|
||||
| file://:0:0:0:0 | self | semmle.label | self |
|
||||
subpaths
|
||||
| cleartextLoggingTest.swift:263:8:263:11 | .password | cleartextLoggingTest.swift:253:7:253:7 | self | file://:0:0:0:0 | .value | cleartextLoggingTest.swift:263:8:263:20 | .value |
|
||||
|
||||
@@ -1,20 +0,0 @@
|
||||
import swift
|
||||
import codeql.swift.dataflow.DataFlow
|
||||
import codeql.swift.security.CleartextLoggingQuery
|
||||
import utils.test.InlineExpectationsTest
|
||||
|
||||
module CleartextLogging implements TestSig {
|
||||
string getARelevantTag() { result = "hasCleartextLogging" }
|
||||
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(DataFlow::Node source, DataFlow::Node sink |
|
||||
CleartextLoggingFlow::flow(source, sink) and
|
||||
location = sink.getLocation() and
|
||||
element = sink.toString() and
|
||||
tag = "hasCleartextLogging" and
|
||||
value = source.asExpr().getLocation().getStartLine().toString()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<CleartextLogging>
|
||||
@@ -0,0 +1,3 @@
|
||||
query: queries/Security/CWE-312/CleartextLogging.ql
|
||||
postprocess:
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
@@ -164,24 +164,24 @@ class MyRemoteLogger {
|
||||
// --- tests ---
|
||||
|
||||
func test1(password: String, passwordHash : String, passphrase: String, pass_phrase: String) {
|
||||
print(password) // $ hasCleartextLogging=167
|
||||
print(password, separator: "") // $ $ hasCleartextLogging=168
|
||||
print("", separator: password) // $ hasCleartextLogging=169
|
||||
print(password, separator: "", terminator: "") // $ hasCleartextLogging=170
|
||||
print("", separator: password, terminator: "") // $ hasCleartextLogging=171
|
||||
print("", separator: "", terminator: password) // $ hasCleartextLogging=172
|
||||
print(password) // $ Alert
|
||||
print(password, separator: "") // $ Alert
|
||||
print("", separator: password) // $ Alert
|
||||
print(password, separator: "", terminator: "") // $ Alert
|
||||
print("", separator: password, terminator: "") // $ Alert
|
||||
print("", separator: "", terminator: password) // $ Alert
|
||||
print(passwordHash) // safe
|
||||
|
||||
debugPrint(password) // $ hasCleartextLogging=175
|
||||
debugPrint(password) // $ Alert
|
||||
|
||||
dump(password) // $ hasCleartextLogging=177
|
||||
dump(password) // $ Alert
|
||||
|
||||
NSLog(password) // $ hasCleartextLogging=179
|
||||
NSLog("%@", password) // $ hasCleartextLogging=180
|
||||
NSLog("%@ %@", "", password) // $ hasCleartextLogging=181
|
||||
NSLog("\(password)") // $ hasCleartextLogging=182
|
||||
NSLogv("%@", getVaList([password])) // $ hasCleartextLogging=183
|
||||
NSLogv("%@ %@", getVaList(["", password])) // $ hasCleartextLogging=184
|
||||
NSLog(password) // $ Alert
|
||||
NSLog("%@", password) // $ Alert
|
||||
NSLog("%@ %@", "", password) // $ Alert
|
||||
NSLog("\(password)") // $ Alert
|
||||
NSLogv("%@", getVaList([password])) // $ Alert
|
||||
NSLogv("%@ %@", getVaList(["", password])) // $ Alert
|
||||
NSLog(passwordHash) // safe
|
||||
NSLogv("%@", getVaList([passwordHash])) // safe
|
||||
|
||||
@@ -191,38 +191,38 @@ func test1(password: String, passwordHash : String, passphrase: String, pass_phr
|
||||
log.log("\(password)") // safe
|
||||
log.log("\(password, privacy: .auto)") // safe
|
||||
log.log("\(password, privacy: .private)") // safe
|
||||
log.log("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=194
|
||||
log.log("\(password, privacy: .public)") // $ MISSING: Alert
|
||||
log.log("\(passwordHash, privacy: .public)") // safe
|
||||
log.log("\(password, privacy: .sensitive)") // safe
|
||||
log.log("\(bankAccount)") // $ MISSING: hasCleartextLogging=197
|
||||
log.log("\(bankAccount, privacy: .auto)") // $ MISSING: hasCleartextLogging=198
|
||||
log.log("\(bankAccount)") // $ MISSING: Alert
|
||||
log.log("\(bankAccount, privacy: .auto)") // $ MISSING: Alert
|
||||
log.log("\(bankAccount, privacy: .private)") // safe
|
||||
log.log("\(bankAccount, privacy: .public)") // $ MISSING: hasCleartextLogging=200
|
||||
log.log("\(bankAccount, privacy: .public)") // $ MISSING: Alert
|
||||
log.log("\(bankAccount, privacy: .sensitive)") // safe
|
||||
log.log(level: .default, "\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=202
|
||||
log.trace("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=203
|
||||
log.log(level: .default, "\(password, privacy: .public)") // $ MISSING: Alert
|
||||
log.trace("\(password, privacy: .public)") // $ MISSING: Alert
|
||||
log.trace("\(passwordHash, privacy: .public)") // safe
|
||||
log.debug("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=205
|
||||
log.debug("\(password, privacy: .public)") // $ MISSING: Alert
|
||||
log.debug("\(passwordHash, privacy: .public)") // safe
|
||||
log.info("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=207
|
||||
log.info("\(password, privacy: .public)") // $ MISSING: Alert
|
||||
log.info("\(passwordHash, privacy: .public)") // safe
|
||||
log.notice("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=209
|
||||
log.notice("\(password, privacy: .public)") // $ MISSING: Alert
|
||||
log.notice("\(passwordHash, privacy: .public)") // safe
|
||||
log.warning("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=211
|
||||
log.warning("\(password, privacy: .public)") // $ MISSING: Alert
|
||||
log.warning("\(passwordHash, privacy: .public)") // safe
|
||||
log.error("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=213
|
||||
log.error("\(password, privacy: .public)") // $ MISSING: Alert
|
||||
log.error("\(passwordHash, privacy: .public)") // safe
|
||||
log.critical("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=215
|
||||
log.critical("\(password, privacy: .public)") // $ MISSING: Alert
|
||||
log.critical("\(passwordHash, privacy: .public)") // safe
|
||||
log.fault("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=217
|
||||
log.fault("\(password, privacy: .public)") // $ MISSING: Alert
|
||||
log.fault("\(passwordHash, privacy: .public)") // safe
|
||||
|
||||
NSLog(passphrase) // $ hasCleartextLogging=220
|
||||
NSLog(pass_phrase) // $ hasCleartextLogging=221
|
||||
NSLog(passphrase) // $ Alert
|
||||
NSLog(pass_phrase) // $ Alert
|
||||
|
||||
os_log("%@", log: .default, type: .default, "") // safe
|
||||
os_log("%@", log: .default, type: .default, password) // $ hasCleartextLogging=224
|
||||
os_log("%@ %@ %@", log: .default, type: .default, "", "", password) // $ hasCleartextLogging=225
|
||||
os_log("%@", log: .default, type: .default, password) // $ Alert
|
||||
os_log("%@ %@ %@", log: .default, type: .default, "", "", password) // $ Alert
|
||||
}
|
||||
|
||||
class MyClass {
|
||||
@@ -236,16 +236,16 @@ func doSomething(password: String) { }
|
||||
func test3(x: String) {
|
||||
// alternative evidence of sensitivity...
|
||||
|
||||
NSLog(x) // $ MISSING: hasCleartextLogging=240
|
||||
doSomething(password: x);
|
||||
NSLog(x) // $ hasCleartextLogging=240
|
||||
NSLog(x) // $ MISSING: Alert
|
||||
doSomething(password: x); // $ Source
|
||||
NSLog(x) // $ Alert
|
||||
|
||||
let y = getPassword();
|
||||
NSLog(y) // $ hasCleartextLogging=243
|
||||
let y = getPassword(); // $ Source
|
||||
NSLog(y) // $ Alert
|
||||
|
||||
let z = MyClass()
|
||||
NSLog(z.harmless) // safe
|
||||
NSLog(z.password) // $ hasCleartextLogging=248
|
||||
NSLog(z.password) // $ Alert
|
||||
}
|
||||
|
||||
struct MyOuter {
|
||||
@@ -260,7 +260,7 @@ struct MyOuter {
|
||||
func test3(mo : MyOuter) {
|
||||
// struct members...
|
||||
|
||||
NSLog(mo.password.value) // $ hasCleartextLogging=263
|
||||
NSLog(mo.password.value) // $ Alert
|
||||
NSLog(mo.harmless.value) // safe
|
||||
}
|
||||
|
||||
@@ -283,40 +283,40 @@ func test4(harmless: String, password: String) {
|
||||
print(harmless, to: &myString1)
|
||||
print(myString1) // safe
|
||||
|
||||
print(password, to: &myString2)
|
||||
print(myString2) // $ hasCleartextLogging=286
|
||||
print(password, to: &myString2) // $ Source
|
||||
print(myString2) // $ Alert
|
||||
|
||||
print("log: " + password, to: &myString3)
|
||||
print(myString3) // $ hasCleartextLogging=289
|
||||
print("log: " + password, to: &myString3) // $ Source
|
||||
print(myString3) // $ Alert
|
||||
|
||||
debugPrint(harmless, to: &myString4)
|
||||
debugPrint(myString4) // safe
|
||||
|
||||
debugPrint(password, to: &myString5)
|
||||
debugPrint(myString5) // $ hasCleartextLogging=295
|
||||
debugPrint(password, to: &myString5) // $ Source
|
||||
debugPrint(myString5) // $ Alert
|
||||
|
||||
dump(harmless, to: &myString6)
|
||||
dump(myString6) // safe
|
||||
|
||||
dump(password, to: &myString7)
|
||||
dump(myString7) // $ hasCleartextLogging=301
|
||||
dump(password, to: &myString7) // $ Source
|
||||
dump(myString7) // $ Alert
|
||||
|
||||
myString8.write(harmless)
|
||||
print(myString8)
|
||||
|
||||
myString9.write(password)
|
||||
print(myString9) // $ hasCleartextLogging=307
|
||||
myString9.write(password) // $ Source
|
||||
print(myString9) // $ Alert
|
||||
|
||||
myString10.write(harmless)
|
||||
myString10.write(password)
|
||||
myString10.write(password) // $ Source
|
||||
myString10.write(harmless)
|
||||
print(myString10) // $ hasCleartextLogging=311
|
||||
print(myString10) // $ Alert
|
||||
|
||||
harmless.write(to: &myString11)
|
||||
print(myString11)
|
||||
|
||||
password.write(to: &myString12)
|
||||
print(myString12) // $ hasCleartextLogging=318
|
||||
password.write(to: &myString12) // $ Source
|
||||
print(myString12) // $ Alert
|
||||
|
||||
print(password, to: &myString13) // $ safe - only printed to another string
|
||||
debugPrint(password, to: &myString13) // $ safe - only printed to another string
|
||||
@@ -331,59 +331,59 @@ func test5(password: String, caseNum: Int) {
|
||||
|
||||
switch caseNum {
|
||||
case 0:
|
||||
assert(false, password) // $ hasCleartextLogging=334
|
||||
assert(false, password) // $ Alert
|
||||
case 1:
|
||||
assertionFailure(password) // $ hasCleartextLogging=336
|
||||
assertionFailure(password) // $ Alert
|
||||
case 2:
|
||||
precondition(false, password) // $ hasCleartextLogging=338
|
||||
precondition(false, password) // $ Alert
|
||||
case 3:
|
||||
preconditionFailure(password) // $ hasCleartextLogging=340
|
||||
preconditionFailure(password) // $ Alert
|
||||
default:
|
||||
fatalError(password) // $ hasCleartextLogging=342
|
||||
fatalError(password) // $ Alert
|
||||
}
|
||||
}
|
||||
|
||||
func test6(passwordString: String) {
|
||||
let e = NSException(name: NSExceptionName("exception"), reason: "\(passwordString) is incorrect!", userInfo: nil) // $ hasCleartextLogging=347
|
||||
let e = NSException(name: NSExceptionName("exception"), reason: "\(passwordString) is incorrect!", userInfo: nil) // $ Alert
|
||||
e.raise()
|
||||
|
||||
NSException.raise(NSExceptionName("exception"), format: "\(passwordString) is incorrect!", arguments: getVaList([])) // $ hasCleartextLogging=350
|
||||
NSException.raise(NSExceptionName("exception"), format: "%s is incorrect!", arguments: getVaList([passwordString])) // $ hasCleartextLogging=351
|
||||
NSException.raise(NSExceptionName("exception"), format: "\(passwordString) is incorrect!", arguments: getVaList([])) // $ Alert
|
||||
NSException.raise(NSExceptionName("exception"), format: "%s is incorrect!", arguments: getVaList([passwordString])) // $ Alert
|
||||
|
||||
_ = dprintf(0, "\(passwordString) is incorrect!") // $ hasCleartextLogging=353
|
||||
_ = dprintf(0, "%s is incorrect!", passwordString) // $ hasCleartextLogging=354
|
||||
_ = dprintf(0, "%s: %s is incorrect!", "foo", passwordString) // $ hasCleartextLogging=355
|
||||
_ = vprintf("\(passwordString) is incorrect!", getVaList([])) // $ hasCleartextLogging=356
|
||||
_ = vprintf("%s is incorrect!", getVaList([passwordString])) // $ hasCleartextLogging=357
|
||||
_ = vfprintf(nil, "\(passwordString) is incorrect!", getVaList([])) // $ hasCleartextLogging=358
|
||||
_ = vfprintf(nil, "%s is incorrect!", getVaList([passwordString])) // $ hasCleartextLogging=359
|
||||
_ = dprintf(0, "\(passwordString) is incorrect!") // $ Alert
|
||||
_ = dprintf(0, "%s is incorrect!", passwordString) // $ Alert
|
||||
_ = dprintf(0, "%s: %s is incorrect!", "foo", passwordString) // $ Alert
|
||||
_ = vprintf("\(passwordString) is incorrect!", getVaList([])) // $ Alert
|
||||
_ = vprintf("%s is incorrect!", getVaList([passwordString])) // $ Alert
|
||||
_ = vfprintf(nil, "\(passwordString) is incorrect!", getVaList([])) // $ Alert
|
||||
_ = vfprintf(nil, "%s is incorrect!", getVaList([passwordString])) // $ Alert
|
||||
_ = vasprintf_l(nil, nil, "\(passwordString) is incorrect!", getVaList([])) // good (`sprintf` is not logging)
|
||||
_ = vasprintf_l(nil, nil, "%s is incorrect!", getVaList([passwordString])) // good (`sprintf` is not logging)
|
||||
}
|
||||
|
||||
func test7(authKey: String, authKey2: Int, authKey3: Float, password: String, secret: String) {
|
||||
log(message: authKey) // $ hasCleartextLogging=365
|
||||
log(message: String(authKey2)) // $ hasCleartextLogging=366
|
||||
logging(message: authKey) // $ MISSING: hasCleartextLogging=367
|
||||
logfile(file: 0, message: authKey) // $ MISSING: hasCleartextLogging=368
|
||||
logMessage(NSString(string: authKey)) // $ hasCleartextLogging=369
|
||||
logInfo(authKey) // $ hasCleartextLogging=370
|
||||
logError(errorMsg: authKey) // $ hasCleartextLogging=371
|
||||
log(message: authKey) // $ Alert
|
||||
log(message: String(authKey2)) // $ Alert
|
||||
logging(message: authKey) // $ MISSING: Alert
|
||||
logfile(file: 0, message: authKey) // $ MISSING: Alert
|
||||
logMessage(NSString(string: authKey)) // $ Alert
|
||||
logInfo(authKey) // $ Alert
|
||||
logError(errorMsg: authKey) // $ Alert
|
||||
harmless(authKey) // GOOD: not logging
|
||||
_ = logarithm(authKey3) // GOOD: not logging
|
||||
doLogin(login: authKey) // GOOD: not logging
|
||||
|
||||
let logger = LogFile()
|
||||
let msg = "authKey: " + authKey
|
||||
logger.log(msg) // $ hasCleartextLogging=377
|
||||
logger.trace(msg) // $ hasCleartextLogging=377
|
||||
logger.debug(msg) // $ hasCleartextLogging=377
|
||||
logger.info(NSString(string: msg)) // $ hasCleartextLogging=377
|
||||
logger.notice(msg) // $ hasCleartextLogging=377
|
||||
logger.warning(msg) // $ hasCleartextLogging=377
|
||||
logger.error(msg) // $ hasCleartextLogging=377
|
||||
logger.critical(msg) // $ hasCleartextLogging=377
|
||||
logger.fatal(msg) // $ hasCleartextLogging=377
|
||||
let msg = "authKey: " + authKey // $ Source
|
||||
logger.log(msg) // $ Alert
|
||||
logger.trace(msg) // $ Alert
|
||||
logger.debug(msg) // $ Alert
|
||||
logger.info(NSString(string: msg)) // $ Alert
|
||||
logger.notice(msg) // $ Alert
|
||||
logger.warning(msg) // $ Alert
|
||||
logger.error(msg) // $ Alert
|
||||
logger.critical(msg) // $ Alert
|
||||
logger.fatal(msg) // $ Alert
|
||||
|
||||
let logic = Logic()
|
||||
logic.addInt(authKey2) // GOOD: not logging
|
||||
|
||||
@@ -0,0 +1,85 @@
|
||||
#select
|
||||
| testAEXMLDocumentXXE.swift:51:32:51:32 | remoteString | testAEXMLDocumentXXE.swift:50:24:50:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:51:32:51:32 | remoteString | XML parsing depends on a $@ without guarding against external entity expansion. | testAEXMLDocumentXXE.swift:50:24:50:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testAEXMLDocumentXXE.swift:74:32:74:32 | remoteData | testAEXMLDocumentXXE.swift:70:24:70:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:74:32:74:32 | remoteData | XML parsing depends on a $@ without guarding against external entity expansion. | testAEXMLDocumentXXE.swift:70:24:70:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testAEXMLDocumentXXE.swift:99:17:99:17 | remoteData | testAEXMLDocumentXXE.swift:97:24:97:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:99:17:99:17 | remoteData | XML parsing depends on a $@ without guarding against external entity expansion. | testAEXMLDocumentXXE.swift:97:24:97:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testAEXMLDocumentXXE.swift:128:46:128:46 | remoteData | testAEXMLDocumentXXE.swift:126:24:126:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:128:46:128:46 | remoteData | XML parsing depends on a $@ without guarding against external entity expansion. | testAEXMLDocumentXXE.swift:126:24:126:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testXMLDocumentXXE.swift:40:37:40:37 | remoteUrl | testXMLDocumentXXE.swift:38:24:38:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:40:37:40:37 | remoteUrl | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLDocumentXXE.swift:38:24:38:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testXMLDocumentXXE.swift:58:31:58:31 | remoteData | testXMLDocumentXXE.swift:56:24:56:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:58:31:58:31 | remoteData | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLDocumentXXE.swift:56:24:56:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testXMLDocumentXXE.swift:75:36:75:36 | remoteString | testXMLDocumentXXE.swift:74:24:74:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:75:36:75:36 | remoteString | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLDocumentXXE.swift:74:24:74:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testXMLParserXXE.swift:34:34:34:34 | remoteData | testXMLParserXXE.swift:32:24:32:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:34:34:34:34 | remoteData | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLParserXXE.swift:32:24:32:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testXMLParserXXE.swift:42:36:42:36 | remoteStream | testXMLParserXXE.swift:39:24:39:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:42:36:42:36 | remoteStream | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLParserXXE.swift:39:24:39:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| testXMLParserXXE.swift:49:40:49:40 | remoteUrl | testXMLParserXXE.swift:47:24:47:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:49:40:49:40 | remoteUrl | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLParserXXE.swift:47:24:47:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
edges
|
||||
| testAEXMLDocumentXXE.swift:50:24:50:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:51:32:51:32 | remoteString | provenance | |
|
||||
| testAEXMLDocumentXXE.swift:70:24:70:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:71:27:71:27 | remoteString | provenance | |
|
||||
| testAEXMLDocumentXXE.swift:71:22:71:39 | call to Data.init(_:) | testAEXMLDocumentXXE.swift:74:32:74:32 | remoteData | provenance | |
|
||||
| testAEXMLDocumentXXE.swift:71:27:71:27 | remoteString | testAEXMLDocumentXXE.swift:71:22:71:39 | call to Data.init(_:) | provenance | |
|
||||
| testAEXMLDocumentXXE.swift:97:24:97:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:98:27:98:27 | remoteString | provenance | |
|
||||
| testAEXMLDocumentXXE.swift:98:22:98:39 | call to Data.init(_:) | testAEXMLDocumentXXE.swift:99:17:99:17 | remoteData | provenance | |
|
||||
| testAEXMLDocumentXXE.swift:98:27:98:27 | remoteString | testAEXMLDocumentXXE.swift:98:22:98:39 | call to Data.init(_:) | provenance | |
|
||||
| testAEXMLDocumentXXE.swift:126:24:126:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:127:27:127:27 | remoteString | provenance | |
|
||||
| testAEXMLDocumentXXE.swift:127:22:127:39 | call to Data.init(_:) | testAEXMLDocumentXXE.swift:128:46:128:46 | remoteData | provenance | |
|
||||
| testAEXMLDocumentXXE.swift:127:27:127:27 | remoteString | testAEXMLDocumentXXE.swift:127:22:127:39 | call to Data.init(_:) | provenance | |
|
||||
| testXMLDocumentXXE.swift:38:24:38:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:39:33:39:33 | remoteString | provenance | |
|
||||
| testXMLDocumentXXE.swift:39:21:39:45 | call to URL.init(string:) [some:0] | testXMLDocumentXXE.swift:39:21:39:46 | ...! | provenance | |
|
||||
| testXMLDocumentXXE.swift:39:21:39:46 | ...! | testXMLDocumentXXE.swift:40:37:40:37 | remoteUrl | provenance | |
|
||||
| testXMLDocumentXXE.swift:39:33:39:33 | remoteString | testXMLDocumentXXE.swift:39:21:39:45 | call to URL.init(string:) [some:0] | provenance | |
|
||||
| testXMLDocumentXXE.swift:56:24:56:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:57:27:57:27 | remoteString | provenance | |
|
||||
| testXMLDocumentXXE.swift:57:22:57:39 | call to Data.init(_:) | testXMLDocumentXXE.swift:58:31:58:31 | remoteData | provenance | |
|
||||
| testXMLDocumentXXE.swift:57:27:57:27 | remoteString | testXMLDocumentXXE.swift:57:22:57:39 | call to Data.init(_:) | provenance | |
|
||||
| testXMLDocumentXXE.swift:74:24:74:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:75:36:75:36 | remoteString | provenance | |
|
||||
| testXMLParserXXE.swift:32:24:32:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:33:27:33:27 | remoteString | provenance | |
|
||||
| testXMLParserXXE.swift:33:22:33:39 | call to Data.init(_:) | testXMLParserXXE.swift:34:34:34:34 | remoteData | provenance | |
|
||||
| testXMLParserXXE.swift:33:27:33:27 | remoteString | testXMLParserXXE.swift:33:22:33:39 | call to Data.init(_:) | provenance | |
|
||||
| testXMLParserXXE.swift:39:24:39:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:40:27:40:27 | remoteString | provenance | |
|
||||
| testXMLParserXXE.swift:40:22:40:39 | call to Data.init(_:) | testXMLParserXXE.swift:41:42:41:42 | remoteData | provenance | |
|
||||
| testXMLParserXXE.swift:40:22:40:39 | call to Data.init(_:) | testXMLParserXXE.swift:42:36:42:36 | remoteStream | provenance | AdditionalTaintStep |
|
||||
| testXMLParserXXE.swift:40:27:40:27 | remoteString | testXMLParserXXE.swift:40:22:40:39 | call to Data.init(_:) | provenance | |
|
||||
| testXMLParserXXE.swift:41:24:41:52 | call to InputStream.init(data:) | testXMLParserXXE.swift:42:36:42:36 | remoteStream | provenance | |
|
||||
| testXMLParserXXE.swift:41:42:41:42 | remoteData | testXMLParserXXE.swift:41:24:41:52 | call to InputStream.init(data:) | provenance | |
|
||||
| testXMLParserXXE.swift:47:24:47:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:48:33:48:33 | remoteString | provenance | |
|
||||
| testXMLParserXXE.swift:48:21:48:45 | call to URL.init(string:) [some:0] | testXMLParserXXE.swift:48:21:48:46 | ...! | provenance | |
|
||||
| testXMLParserXXE.swift:48:21:48:46 | ...! | testXMLParserXXE.swift:49:40:49:40 | remoteUrl | provenance | |
|
||||
| testXMLParserXXE.swift:48:33:48:33 | remoteString | testXMLParserXXE.swift:48:21:48:45 | call to URL.init(string:) [some:0] | provenance | |
|
||||
nodes
|
||||
| testAEXMLDocumentXXE.swift:50:24:50:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testAEXMLDocumentXXE.swift:51:32:51:32 | remoteString | semmle.label | remoteString |
|
||||
| testAEXMLDocumentXXE.swift:70:24:70:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testAEXMLDocumentXXE.swift:71:22:71:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
|
||||
| testAEXMLDocumentXXE.swift:71:27:71:27 | remoteString | semmle.label | remoteString |
|
||||
| testAEXMLDocumentXXE.swift:74:32:74:32 | remoteData | semmle.label | remoteData |
|
||||
| testAEXMLDocumentXXE.swift:97:24:97:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testAEXMLDocumentXXE.swift:98:22:98:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
|
||||
| testAEXMLDocumentXXE.swift:98:27:98:27 | remoteString | semmle.label | remoteString |
|
||||
| testAEXMLDocumentXXE.swift:99:17:99:17 | remoteData | semmle.label | remoteData |
|
||||
| testAEXMLDocumentXXE.swift:126:24:126:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testAEXMLDocumentXXE.swift:127:22:127:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
|
||||
| testAEXMLDocumentXXE.swift:127:27:127:27 | remoteString | semmle.label | remoteString |
|
||||
| testAEXMLDocumentXXE.swift:128:46:128:46 | remoteData | semmle.label | remoteData |
|
||||
| testXMLDocumentXXE.swift:38:24:38:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testXMLDocumentXXE.swift:39:21:39:45 | call to URL.init(string:) [some:0] | semmle.label | call to URL.init(string:) [some:0] |
|
||||
| testXMLDocumentXXE.swift:39:21:39:46 | ...! | semmle.label | ...! |
|
||||
| testXMLDocumentXXE.swift:39:33:39:33 | remoteString | semmle.label | remoteString |
|
||||
| testXMLDocumentXXE.swift:40:37:40:37 | remoteUrl | semmle.label | remoteUrl |
|
||||
| testXMLDocumentXXE.swift:56:24:56:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testXMLDocumentXXE.swift:57:22:57:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
|
||||
| testXMLDocumentXXE.swift:57:27:57:27 | remoteString | semmle.label | remoteString |
|
||||
| testXMLDocumentXXE.swift:58:31:58:31 | remoteData | semmle.label | remoteData |
|
||||
| testXMLDocumentXXE.swift:74:24:74:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testXMLDocumentXXE.swift:75:36:75:36 | remoteString | semmle.label | remoteString |
|
||||
| testXMLParserXXE.swift:32:24:32:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testXMLParserXXE.swift:33:22:33:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
|
||||
| testXMLParserXXE.swift:33:27:33:27 | remoteString | semmle.label | remoteString |
|
||||
| testXMLParserXXE.swift:34:34:34:34 | remoteData | semmle.label | remoteData |
|
||||
| testXMLParserXXE.swift:39:24:39:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testXMLParserXXE.swift:40:22:40:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
|
||||
| testXMLParserXXE.swift:40:27:40:27 | remoteString | semmle.label | remoteString |
|
||||
| testXMLParserXXE.swift:41:24:41:52 | call to InputStream.init(data:) | semmle.label | call to InputStream.init(data:) |
|
||||
| testXMLParserXXE.swift:41:42:41:42 | remoteData | semmle.label | remoteData |
|
||||
| testXMLParserXXE.swift:42:36:42:36 | remoteStream | semmle.label | remoteStream |
|
||||
| testXMLParserXXE.swift:47:24:47:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| testXMLParserXXE.swift:48:21:48:45 | call to URL.init(string:) [some:0] | semmle.label | call to URL.init(string:) [some:0] |
|
||||
| testXMLParserXXE.swift:48:21:48:46 | ...! | semmle.label | ...! |
|
||||
| testXMLParserXXE.swift:48:33:48:33 | remoteString | semmle.label | remoteString |
|
||||
| testXMLParserXXE.swift:49:40:49:40 | remoteUrl | semmle.label | remoteUrl |
|
||||
subpaths
|
||||
|
||||
@@ -1,27 +0,0 @@
|
||||
import swift
|
||||
import codeql.swift.dataflow.FlowSources
|
||||
import codeql.swift.security.XXEQuery
|
||||
import utils.test.InlineExpectationsTest
|
||||
|
||||
class TestRemoteSource extends RemoteFlowSource {
|
||||
TestRemoteSource() { this.asExpr().(ApplyExpr).getStaticTarget().getName().matches("source%") }
|
||||
|
||||
override string getSourceType() { result = "Test source" }
|
||||
}
|
||||
|
||||
module XxeTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasXXE" }
|
||||
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr |
|
||||
XxeFlow::flow(source, sink) and
|
||||
sinkExpr = sink.asExpr() and
|
||||
location = sinkExpr.getLocation() and
|
||||
element = sinkExpr.toString() and
|
||||
tag = "hasXXE" and
|
||||
value = source.asExpr().getLocation().getStartLine().toString()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<XxeTest>
|
||||
3
swift/ql/test/query-tests/Security/CWE-611/XXETest.qlref
Normal file
3
swift/ql/test/query-tests/Security/CWE-611/XXETest.qlref
Normal file
@@ -0,0 +1,3 @@
|
||||
query: queries/Security/CWE-611/XXE.ql
|
||||
postprocess:
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
@@ -47,8 +47,8 @@ func testString() {
|
||||
var options = AEXMLOptions()
|
||||
options.parserSettings.shouldResolveExternalEntities = true
|
||||
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let _ = AEXMLDocument(xml: remoteString, encoding: String.Encoding.utf8, options: options) // $ hasXXE=50
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let _ = AEXMLDocument(xml: remoteString, encoding: String.Encoding.utf8, options: options) // $ Alert
|
||||
}
|
||||
|
||||
func testStringSafeImplicit() {
|
||||
@@ -67,11 +67,11 @@ func testStringSafeExplicit() {
|
||||
}
|
||||
|
||||
func testData() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let remoteData = Data(remoteString)
|
||||
var options = AEXMLOptions()
|
||||
options.parserSettings.shouldResolveExternalEntities = true
|
||||
let _ = AEXMLDocument(xml: remoteData, options: options) // $ hasXXE=70
|
||||
let _ = AEXMLDocument(xml: remoteData, options: options) // $ Alert
|
||||
}
|
||||
|
||||
func testDataSafeImplicit() {
|
||||
@@ -94,9 +94,9 @@ func testDataLoadXml() {
|
||||
options.parserSettings.shouldResolveExternalEntities = true
|
||||
let doc = AEXMLDocument(root: nil, options: options)
|
||||
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let remoteData = Data(remoteString)
|
||||
doc.loadXML(remoteData) // $ hasXXE=97
|
||||
doc.loadXML(remoteData) // $ Alert
|
||||
}
|
||||
|
||||
func testDataLoadXmlSafeImplicit() {
|
||||
@@ -123,9 +123,9 @@ func testParser() {
|
||||
options.parserSettings.shouldResolveExternalEntities = true
|
||||
let doc = AEXMLDocument(root: nil, options: options)
|
||||
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let remoteData = Data(remoteString)
|
||||
let _ = AEXMLParser(document: doc, data: remoteData) // $ hasXXE=126
|
||||
let _ = AEXMLParser(document: doc, data: remoteData) // $ Alert
|
||||
}
|
||||
|
||||
func testParserSafeImplicit() {
|
||||
@@ -145,4 +145,4 @@ func testParserSafeExplicit() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteData = Data(remoteString)
|
||||
let _ = AEXMLParser(document: doc, data: remoteData) // NO XXE
|
||||
}
|
||||
}
|
||||
|
||||
@@ -35,9 +35,9 @@ class XMLDocument {
|
||||
// --- tests ---
|
||||
|
||||
func testUrl() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let remoteUrl = URL(string: remoteString)!
|
||||
let _ = XMLDocument(contentsOf: remoteUrl, options: [.nodeLoadExternalEntitiesAlways]) // $ hasXXE=38
|
||||
let _ = XMLDocument(contentsOf: remoteUrl, options: [.nodeLoadExternalEntitiesAlways]) // $ Alert
|
||||
}
|
||||
|
||||
func testUrlSafeImplicit() {
|
||||
@@ -53,9 +53,9 @@ func testUrlSafeExplicit() {
|
||||
}
|
||||
|
||||
func testData() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let remoteData = Data(remoteString)
|
||||
let _ = XMLDocument(data: remoteData, options: [.nodeLoadExternalEntitiesAlways]) // $ hasXXE=56
|
||||
let _ = XMLDocument(data: remoteData, options: [.nodeLoadExternalEntitiesAlways]) // $ Alert
|
||||
}
|
||||
|
||||
func testDataSafeImplicit() {
|
||||
@@ -71,8 +71,8 @@ func testDataSafeExplicit() {
|
||||
}
|
||||
|
||||
func testString() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let _ = XMLDocument(xmlString: remoteString, options: [.nodeLoadExternalEntitiesAlways]) // $ hasXXE=74
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let _ = XMLDocument(xmlString: remoteString, options: [.nodeLoadExternalEntitiesAlways]) // $ Alert
|
||||
}
|
||||
|
||||
func testStringSafeImplicit() {
|
||||
|
||||
@@ -29,24 +29,24 @@ class XMLParser {
|
||||
// --- tests ---
|
||||
|
||||
func testData() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let remoteData = Data(remoteString)
|
||||
let parser = XMLParser(data: remoteData) // $ hasXXE=32
|
||||
let parser = XMLParser(data: remoteData) // $ Alert
|
||||
parser.shouldResolveExternalEntities = true
|
||||
}
|
||||
|
||||
func testInputStream() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let remoteData = Data(remoteString)
|
||||
let remoteStream = InputStream(data: remoteData)
|
||||
let parser = XMLParser(stream: remoteStream) // $ hasXXE=39
|
||||
let parser = XMLParser(stream: remoteStream) // $ Alert
|
||||
parser.shouldResolveExternalEntities = true
|
||||
}
|
||||
|
||||
func testUrl() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let remoteUrl = URL(string: remoteString)!
|
||||
let parser = XMLParser(contentsOf: remoteUrl) // $ hasXXE=47
|
||||
let parser = XMLParser(contentsOf: remoteUrl) // $ Alert
|
||||
parser?.shouldResolveExternalEntities = true
|
||||
}
|
||||
|
||||
@@ -89,4 +89,4 @@ func testUrlSafeExplicit() {
|
||||
let remoteUrl = URL(string: remoteString)!
|
||||
let parser = XMLParser(contentsOf: remoteUrl) // NO XXE: parser disables external entities
|
||||
parser?.shouldResolveExternalEntities = false
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,20 @@
|
||||
#select
|
||||
| predicateInjection.swift:26:25:26:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:26:25:26:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| predicateInjection.swift:29:25:29:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:29:25:29:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| predicateInjection.swift:31:25:31:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:31:25:31:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| predicateInjection.swift:33:25:33:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:33:25:33:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
| predicateInjection.swift:36:42:36:42 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:36:42:36:42 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
|
||||
edges
|
||||
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:26:25:26:25 | remoteString | provenance | |
|
||||
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:29:25:29:25 | remoteString | provenance | |
|
||||
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:31:25:31:25 | remoteString | provenance | |
|
||||
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:33:25:33:25 | remoteString | provenance | |
|
||||
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:36:42:36:42 | remoteString | provenance | |
|
||||
nodes
|
||||
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
|
||||
| predicateInjection.swift:26:25:26:25 | remoteString | semmle.label | remoteString |
|
||||
| predicateInjection.swift:29:25:29:25 | remoteString | semmle.label | remoteString |
|
||||
| predicateInjection.swift:31:25:31:25 | remoteString | semmle.label | remoteString |
|
||||
| predicateInjection.swift:33:25:33:25 | remoteString | semmle.label | remoteString |
|
||||
| predicateInjection.swift:36:42:36:42 | remoteString | semmle.label | remoteString |
|
||||
subpaths
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
import swift
|
||||
import codeql.swift.dataflow.DataFlow
|
||||
import codeql.swift.security.PredicateInjectionQuery
|
||||
import utils.test.InlineExpectationsTest
|
||||
|
||||
module PredicateInjectionTest implements TestSig {
|
||||
string getARelevantTag() { result = "hasPredicateInjection" }
|
||||
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr |
|
||||
PredicateInjectionFlow::flow(source, sink) and
|
||||
sinkExpr = sink.asExpr() and
|
||||
location = sinkExpr.getLocation() and
|
||||
element = sinkExpr.toString() and
|
||||
tag = "hasPredicateInjection" and
|
||||
value = source.asExpr().getLocation().getStartLine().toString()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<PredicateInjectionTest>
|
||||
@@ -0,0 +1,3 @@
|
||||
query: queries/Security/CWE-943/PredicateInjection.ql
|
||||
postprocess:
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
@@ -20,19 +20,19 @@ class NSPredicate {
|
||||
// --- tests ---
|
||||
|
||||
func test() {
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
|
||||
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
|
||||
let safeString = "safe"
|
||||
|
||||
NSPredicate(format: remoteString, argumentArray: []) // $ hasPredicateInjection=23
|
||||
NSPredicate(format: remoteString, argumentArray: []) // $ Alert
|
||||
NSPredicate(format: safeString, argumentArray: []) // Safe
|
||||
NSPredicate(format: safeString, argumentArray: [remoteString]) // Safe
|
||||
NSPredicate(format: remoteString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // $ hasPredicateInjection=23
|
||||
NSPredicate(format: remoteString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // $ Alert
|
||||
NSPredicate(format: safeString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // Safe
|
||||
NSPredicate(format: remoteString) // $ hasPredicateInjection=23
|
||||
NSPredicate(format: remoteString) // $ Alert
|
||||
NSPredicate(format: safeString) // Safe
|
||||
NSPredicate(format: remoteString, "" as! CVarArg) // $ hasPredicateInjection=23
|
||||
NSPredicate(format: remoteString, "" as! CVarArg) // $ Alert
|
||||
NSPredicate(format: safeString, "" as! CVarArg) // Safe
|
||||
NSPredicate(format: safeString, remoteString as! CVarArg) // Safe
|
||||
NSPredicate(fromMetadataQueryString: remoteString) // $ hasPredicateInjection=23
|
||||
NSPredicate(fromMetadataQueryString: remoteString) // $ Alert
|
||||
NSPredicate(fromMetadataQueryString: safeString) // Safe
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user