hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Fix incorrect taint to String fields.

Browse Source
This commit is contained in:
Geoffrey White
2023-02-02 19:03:55 +00:00
parent d25de8c764
commit d888510688
4 changed files with 16 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll
View File

@@ -26,9 +26,20 @@ private class StringSource extends SourceModelCsv {
private class StringFieldsInheritTaint extends TaintInheritingContent,
DataFlow::Content::FieldContent {
StringFieldsInheritTaint() {
this.getField().getEnclosingDecl().(NominalTypeDecl).getFullName() =
["String", "StringProtocol"] or
this.getField().getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getFullName() =
["String", "StringProtocol"]
exists(FieldDecl f | this.getField() = f |
(
f.getEnclosingDecl().(NominalTypeDecl).getName() = ["String", "StringProtocol"] or
f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getName() =
["String", "StringProtocol"]
) and
f.getName() =
[
"first", "last", "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description",
"debugDescription", "dataValue", "identifierValue", "capitalized", "localizedCapitalized",
"localizedLowercase", "localizedUppercase", "decomposedStringWithCanonicalMapping",
"decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping",
"precomposedStringWithCompatibilityMapping", "removingPercentEncoding"
]
)
}
}

14
swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
View File

@@ -1122,7 +1122,6 @@
| string.swift:204:3:204:3 | [post] &... | string.swift:204:38:204:38 | str5 |
| string.swift:204:3:204:3 | str5 | string.swift:204:3:204:3 | &... |
| string.swift:204:38:204:38 | [post] str5 | string.swift:205:13:205:13 | str5 |
| string.swift:204:38:204:38 | str5 | string.swift:204:38:204:43 | .startIndex |
| string.swift:204:38:204:38 | str5 | string.swift:205:13:205:13 | str5 |
| string.swift:205:13:205:13 | [post] str5 | string.swift:206:3:206:3 | str5 |
| string.swift:205:13:205:13 | str5 | string.swift:206:3:206:3 | str5 |
@@ -1130,7 +1129,6 @@
| string.swift:206:3:206:3 | [post] &... | string.swift:206:42:206:42 | str5 |
| string.swift:206:3:206:3 | str5 | string.swift:206:3:206:3 | &... |
| string.swift:206:42:206:42 | [post] str5 | string.swift:207:13:207:13 | str5 |
| string.swift:206:42:206:42 | str5 | string.swift:206:42:206:47 | .startIndex |
| string.swift:206:42:206:42 | str5 | string.swift:207:13:207:13 | str5 |
| string.swift:211:7:211:7 | SSA def(clean) | string.swift:215:20:215:20 | clean |
| string.swift:211:15:211:15 | | string.swift:211:7:211:7 | SSA def(clean) |
@@ -1166,7 +1164,6 @@
| string.swift:232:13:232:13 | [post] tainted | string.swift:232:37:232:37 | tainted |
| string.swift:232:13:232:13 | tainted | string.swift:232:37:232:37 | tainted |
| string.swift:232:37:232:37 | [post] tainted | string.swift:234:13:234:13 | tainted |
| string.swift:232:37:232:37 | tainted | string.swift:232:37:232:45 | .startIndex |
| string.swift:232:37:232:37 | tainted | string.swift:234:13:234:13 | tainted |
| string.swift:234:13:234:13 | [post] tainted | string.swift:235:13:235:13 | tainted |
| string.swift:234:13:234:13 | tainted | string.swift:235:13:235:13 | tainted |
@@ -1311,7 +1308,6 @@
| string.swift:302:13:302:13 | [post] &... | string.swift:302:29:302:29 | str1 |
| string.swift:302:13:302:13 | str1 | string.swift:302:13:302:13 | &... |
| string.swift:302:29:302:29 | [post] str1 | string.swift:303:13:303:13 | str1 |
| string.swift:302:29:302:29 | str1 | string.swift:302:29:302:34 | .startIndex |
| string.swift:302:29:302:29 | str1 | string.swift:303:13:303:13 | str1 |
| string.swift:305:7:305:7 | SSA def(str2) | string.swift:306:13:306:13 | str2 |
| string.swift:305:14:305:22 | call to source2() | string.swift:305:7:305:7 | SSA def(str2) |
@@ -1357,12 +1353,10 @@
| string.swift:328:3:328:3 | [post] &... | string.swift:328:23:328:23 | str5 |
| string.swift:328:3:328:3 | str5 | string.swift:328:3:328:3 | &... |
| string.swift:328:23:328:23 | [post] str5 | string.swift:328:43:328:43 | str5 |
| string.swift:328:23:328:23 | str5 | string.swift:328:23:328:28 | .startIndex |
| string.swift:328:23:328:23 | str5 | string.swift:328:43:328:43 | str5 |
| string.swift:328:43:328:43 | [post] str5 | string.swift:328:54:328:54 | str5 |
| string.swift:328:43:328:43 | str5 | string.swift:328:54:328:54 | str5 |
| string.swift:328:54:328:54 | [post] str5 | string.swift:329:13:329:13 | str5 |
| string.swift:328:54:328:54 | str5 | string.swift:328:54:328:59 | .startIndex |
| string.swift:328:54:328:54 | str5 | string.swift:329:13:329:13 | str5 |
| string.swift:331:7:331:7 | SSA def(str6) | string.swift:332:13:332:13 | str6 |
| string.swift:331:14:331:22 | call to source2() | string.swift:331:7:331:7 | SSA def(str6) |
@@ -1611,10 +1605,8 @@
| string.swift:544:14:544:14 | tainted | string.swift:544:22:544:22 | tainted |
| string.swift:544:14:544:61 | ...[...] | string.swift:544:7:544:7 | SSA def(sub1) |
| string.swift:544:22:544:22 | [post] tainted | string.swift:544:45:544:45 | tainted |
| string.swift:544:22:544:22 | tainted | string.swift:544:22:544:30 | .startIndex |
| string.swift:544:22:544:22 | tainted | string.swift:544:45:544:45 | tainted |
| string.swift:544:45:544:45 | [post] tainted | string.swift:548:14:548:14 | tainted |
| string.swift:544:45:544:45 | tainted | string.swift:544:45:544:53 | .endIndex |
| string.swift:544:45:544:45 | tainted | string.swift:548:14:548:14 | tainted |
| string.swift:545:13:545:13 | [post] sub1 | string.swift:546:20:546:20 | sub1 |
| string.swift:545:13:545:13 | sub1 | string.swift:546:20:546:20 | sub1 |
@@ -1628,7 +1620,6 @@
| string.swift:552:14:552:14 | tainted | string.swift:552:38:552:38 | tainted |
| string.swift:552:14:552:54 | call to prefix(through:) | string.swift:552:7:552:7 | SSA def(sub3) |
| string.swift:552:38:552:38 | [post] tainted | string.swift:556:14:556:14 | tainted |
| string.swift:552:38:552:38 | tainted | string.swift:552:38:552:46 | .endIndex |
| string.swift:552:38:552:38 | tainted | string.swift:556:14:556:14 | tainted |
| string.swift:553:13:553:13 | sub3 | string.swift:554:20:554:20 | sub3 |
| string.swift:556:7:556:7 | SSA def(sub4) | string.swift:557:13:557:13 | sub4 |
@@ -1636,7 +1627,6 @@
| string.swift:556:14:556:14 | tainted | string.swift:556:35:556:35 | tainted |
| string.swift:556:14:556:51 | call to prefix(upTo:) | string.swift:556:7:556:7 | SSA def(sub4) |
| string.swift:556:35:556:35 | [post] tainted | string.swift:560:14:560:14 | tainted |
| string.swift:556:35:556:35 | tainted | string.swift:556:35:556:43 | .endIndex |
| string.swift:556:35:556:35 | tainted | string.swift:560:14:560:14 | tainted |
| string.swift:557:13:557:13 | sub4 | string.swift:558:20:558:20 | sub4 |
| string.swift:560:7:560:7 | SSA def(sub5) | string.swift:561:13:561:13 | sub5 |
@@ -1648,7 +1638,6 @@
| string.swift:564:14:564:14 | [post] tainted | string.swift:564:35:564:35 | tainted |
| string.swift:564:14:564:14 | tainted | string.swift:564:35:564:35 | tainted |
| string.swift:564:14:564:53 | call to suffix(from:) | string.swift:564:7:564:7 | SSA def(sub6) |
| string.swift:564:35:564:35 | tainted | string.swift:564:35:564:43 | .startIndex |
| string.swift:565:13:565:13 | sub6 | string.swift:566:20:566:20 | sub6 |
| string.swift:570:7:570:7 | SSA def(clean) | string.swift:573:13:573:13 | clean |
| string.swift:570:15:570:26 | call to FilePath.init(_:) | string.swift:570:7:570:7 | SSA def(clean) |
@@ -1717,9 +1706,6 @@
| string.swift:629:13:629:26 | call to Self.init(_:) | string.swift:629:13:629:27 | ...! |
| string.swift:633:7:633:7 | SSA def(tainted) | string.swift:637:13:637:13 | tainted |
| string.swift:633:17:633:25 | call to source2() | string.swift:633:7:633:7 | SSA def(tainted) |
| string.swift:635:13:635:13 | String.Type | string.swift:635:13:635:20 | .availableStringEncodings |
| string.swift:636:13:636:13 | String.Type | string.swift:636:13:636:20 | .defaultCStringEncoding |
| string.swift:637:13:637:13 | tainted | string.swift:637:13:637:21 | .isContiguousUTF8 |
| subscript.swift:1:7:1:7 | SSA def(self) | subscript.swift:1:7:1:7 | self[return] |
| subscript.swift:1:7:1:7 | SSA def(self) | subscript.swift:1:7:1:7 | self[return] |
| subscript.swift:1:7:1:7 | self | subscript.swift:1:7:1:7 | SSA def(self) |

4
swift/ql/test/library-tests/dataflow/taint/Taint.expected
View File

@@ -607,7 +607,6 @@ edges
| string.swift:331:14:331:22 | call to source2() : | string.swift:332:13:332:13 | str6 |
| string.swift:331:14:331:22 | call to source2() : | string.swift:334:13:334:13 | str6 |
| string.swift:540:17:540:25 | call to source2() : | string.swift:545:13:545:13 | sub1 |
| string.swift:633:17:633:25 | call to source2() : | string.swift:637:13:637:21 | .isContiguousUTF8 |
| subscript.swift:13:15:13:22 | call to source() : | subscript.swift:13:15:13:25 | ...[...] |
| subscript.swift:14:15:14:23 | call to source2() : | subscript.swift:14:15:14:26 | ...[...] |
| try.swift:9:17:9:24 | call to source() : | try.swift:9:13:9:24 | try ... |
@@ -1397,8 +1396,6 @@ nodes
| string.swift:540:17:540:25 | call to source2() : | semmle.label | call to source2() : |
| string.swift:542:13:542:21 | call to source7() | semmle.label | call to source7() |
| string.swift:545:13:545:13 | sub1 | semmle.label | sub1 |
| string.swift:633:17:633:25 | call to source2() : | semmle.label | call to source2() : |
| string.swift:637:13:637:21 | .isContiguousUTF8 | semmle.label | .isContiguousUTF8 |
| subscript.swift:13:15:13:22 | call to source() : | semmle.label | call to source() : |
| subscript.swift:13:15:13:25 | ...[...] | semmle.label | ...[...] |
| subscript.swift:14:15:14:23 | call to source2() : | semmle.label | call to source2() : |
@@ -1890,7 +1887,6 @@ subpaths
| string.swift:334:13:334:13 | str6 | string.swift:331:14:331:22 | call to source2() : | string.swift:334:13:334:13 | str6 | result |
| string.swift:542:13:542:21 | call to source7() | string.swift:542:13:542:21 | call to source7() | string.swift:542:13:542:21 | call to source7() | result |
| string.swift:545:13:545:13 | sub1 | string.swift:540:17:540:25 | call to source2() : | string.swift:545:13:545:13 | sub1 | result |
| string.swift:637:13:637:21 | .isContiguousUTF8 | string.swift:633:17:633:25 | call to source2() : | string.swift:637:13:637:21 | .isContiguousUTF8 | result |
| subscript.swift:13:15:13:25 | ...[...] | subscript.swift:13:15:13:22 | call to source() : | subscript.swift:13:15:13:25 | ...[...] | result |
| subscript.swift:14:15:14:26 | ...[...] | subscript.swift:14:15:14:23 | call to source2() : | subscript.swift:14:15:14:26 | ...[...] | result |
| try.swift:9:13:9:24 | try ... | try.swift:9:17:9:24 | call to source() : | try.swift:9:13:9:24 | try ... | result |

2
swift/ql/test/library-tests/dataflow/taint/string.swift
View File

@@ -634,5 +634,5 @@ func untaintedFields() {
sink(arg: String.availableStringEncodings)
sink(arg: String.defaultCStringEncoding)
sink(arg: tainted.isContiguousUTF8) // $ SPURIOUS: tainted=633
sink(arg: tainted.isContiguousUTF8)
}