hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Create a model for RegexCreation.

Browse Source
This commit is contained in:
Geoffrey White
2023-07-13 18:13:09 +01:00
parent 734a00d616
commit c76d85df1b
2 changed files with 36 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
swift/ql/lib/codeql/swift/regex/Regex.qll
View File

@@ -28,6 +28,39 @@ private class ParsedStringRegex extends RegExp, StringLiteralExpr {
RegexEval getEval() { result = eval } RegexEval getEval() { result = eval }
} }
/**
* A data-flow node where a regular expression object is created.
*/
abstract class RegexCreation extends DataFlow::Node {
/**
* Gets a dataflow node for the string that the regular expression object is
* created from.
*/
abstract DataFlow::Node getStringInput();
}
/**
* A data-flow node where a `Regex` or `NSRegularExpression` object is created.
*/
private class StandardRegexCreation extends RegexCreation {
DataFlow::Node input;
StandardRegexCreation() {
exists(CallExpr call |
(
call.getStaticTarget().(Method).hasQualifiedName("Regex", ["init(_:)", "init(_:as:)"]) or
call.getStaticTarget()
.(Method)
.hasQualifiedName("NSRegularExpression", "init(pattern:options:)")
) and
input.asExpr() = call.getArgument(0).getExpr() and
this.asExpr() = call
)
}
override DataFlow::Node getStringInput() { result = input }
}
/** /**
* A call that evaluates a regular expression. For example, the call to `firstMatch` in: * A call that evaluates a regular expression. For example, the call to `firstMatch` in:
* ``` * ```

12
swift/ql/lib/codeql/swift/regex/internal/RegexTracking.qll
View File

@@ -21,15 +21,9 @@ private module StringLiteralUseConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
// flow through `Regex` initializer, i.e. from a string to a `Regex` object. // flow through `Regex` initializer, i.e. from a string to a `Regex` object.
exists(CallExpr call | exists(RegexCreation regexCreation |
( nodeFrom = regexCreation.getStringInput() and
call.getStaticTarget().(Method).hasQualifiedName("Regex", ["init(_:)", "init(_:as:)"]) or nodeTo = regexCreation
call.getStaticTarget()
.(Method)
.hasQualifiedName("NSRegularExpression", "init(pattern:options:)")
) and
nodeFrom.asExpr() = call.getArgument(0).getExpr() and
nodeTo.asExpr() = call
) )
} }
} }