hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Fix some NSString models.

Browse Source
This commit is contained in:
Geoffrey White
2023-11-03 15:59:24 +00:00
parent a59ed5bc49
commit d0ca7045d4
2 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll
View File

@@ -83,7 +83,7 @@ private class NsStringSummaries extends SummaryModelCsv {
";NSString;true;lowercased(with:);;;Argument[-1];ReturnValue;taint",
";NSString;true;uppercased(with:);;;Argument[-1];ReturnValue;taint",
";NSString;true;capitalized(with:);;;Argument[-1];ReturnValue;taint",
";NSString;true;components(separatedBy:);;;Argument[-1];ReturnValue;taint",
";NSString;true;components(separatedBy:);;;Argument[-1];ReturnValue.CollectionElement;taint",
";NSString;true;trimmingCharacters(in:);;;Argument[-1];ReturnValue;taint",
";NSString;true;substring(from:);;;Argument[-1];ReturnValue;taint",
";NSString;true;substring(with:);;;Argument[-1];ReturnValue;taint",
@@ -102,14 +102,15 @@ private class NsStringSummaries extends SummaryModelCsv {
";NSString;true;stringEncoding(for:encodingOptions:convertedString:usedLossyCompression:);;;Argument[0];Argument[2];taint",
";NSString;true;data(using:);;;Argument[-1];ReturnValue;taint",
";NSString;true;data(using:allowLossyConversion:);;;Argument[-1];ReturnValue;taint",
";NSString;true;path(withComponents:);;;Argument[0];ReturnValue;taint",
";NSString;true;path(withComponents:);;;Argument[0].CollectionElement;ReturnValue;taint",
";NSString;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0];taint",
";NSString;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2];taint",
";NSString;true;getFileSystemRepresentation(_:maxLength:);;;Argument[-1];Argument[0];taint",
";NSString;true;appendingPathComponent(_:);;;Argument[-1..0];ReturnValue;taint",
";NSString;true;appendingPathComponent(_:conformingTo:);;;Argument[-1..0];ReturnValue;taint",
";NSString;true;appendingPathExtension(_:);;;Argument[-1..0];ReturnValue;taint",
";NSString;true;strings(byAppendingPaths:);;;Argument[-1..0];ReturnValue;taint",
";NSString;true;strings(byAppendingPaths:);;;Argument[-1];ReturnValue;taint",
";NSString;true;strings(byAppendingPaths:);;;Argument[0].CollectionElement;ReturnValue;taint",
";NSString;true;addingPercentEncoding(withAllowedCharacters:);;;Argument[-1];ReturnValue;taint",
";NSString;true;string(withCString:);;;Argument[0];ReturnValue;taint",
";NSString;true;string(withCString:length:);;;Argument[0];ReturnValue;taint",

8
swift/ql/test/library-tests/dataflow/taint/libraries/nsstring.swift
View File

@@ -275,8 +275,8 @@ func taintThroughInterpolatedStrings() {
sink(arg: sourceNSString().replacingOccurrences(of: "a", with: "b", range: NSRange(location: 0, length: 10))) // $ tainted=275
sink(arg: harmless.replacingOccurrences(of: "a", with: sourceString(), range: NSRange(location: 0, length: 10))) // $ tainted=276
sink(arg: NSString.path(withComponents: ["a", "b", "c"]))
sink(arg: NSString.path(withComponents: sourceStringArray())) // $ tainted=278
sink(arg: NSString.path(withComponents: ["a", sourceString(), "c"])) // $ MISSING: tainted=
sink(arg: NSString.path(withComponents: sourceStringArray())) // $ MISSING: tainted=278
sink(arg: NSString.path(withComponents: ["a", sourceString(), "c"])) // $ tainted=279
sink(arg: NSString.string(withCString: sourceCString())) // $ tainted=280
sink(arg: NSString.string(withCString: sourceCString(), length: 128)) // $ tainted=281
sink(arg: NSString.string(withContentsOfFile: sourceString())) // $ tainted=282
@@ -306,8 +306,8 @@ func taintThroughInterpolatedStrings() {
sink(arg: harmless.strings(byAppendingPaths: [""]))
sink(arg: harmless.strings(byAppendingPaths: [""])[0])
sink(arg: harmless.strings(byAppendingPaths: [sourceString()])) // $ MISSING: tainted=
sink(arg: harmless.strings(byAppendingPaths: [sourceString()])[0]) // $ MISSING: tainted=
sink(arg: harmless.strings(byAppendingPaths: [sourceString()])) // $ tainted=309
sink(arg: harmless.strings(byAppendingPaths: [sourceString()])[0]) // $ tainted=310
sink(arg: sourceNSString().strings(byAppendingPaths: [""])) // $ tainted=311
sink(arg: sourceNSString().strings(byAppendingPaths: [""])[0]) // $ tainted=312