hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Fix query barriers.

Browse Source
This commit is contained in:
Geoffrey White
2024-11-14 17:37:43 +00:00
parent 6aa43e001d
commit e589b1fcd0
10 changed files with 7 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
swift/ql/lib/codeql/swift/security/CommandInjectionExtensions.qll
View File

@@ -63,6 +63,6 @@ private class CommandInjectionSinks extends SinkModelCsv {
private class CommandInjectionDefaultBarrier extends CommandInjectionBarrier {
CommandInjectionDefaultBarrier() {
// any numeric type
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = ["Numeric", "SignedInteger", "UnsignedInteger"]
}
}

2
swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll
View File

@@ -46,6 +46,6 @@ private class PredicateInjectionSinkCsv extends SinkModelCsv {
private class PredicateInjectionDefaultBarrier extends PredicateInjectionBarrier {
PredicateInjectionDefaultBarrier() {
// any numeric type
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = ["Numeric", "SignedInteger", "UnsignedInteger"]
}
}

2
swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll
View File

@@ -190,6 +190,6 @@ private class DefaultSqlInjectionSink extends SqlInjectionSink {
private class SqlInjectionDefaultBarrier extends SqlInjectionBarrier {
SqlInjectionDefaultBarrier() {
// any numeric type
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = ["Numeric", "SignedInteger", "UnsignedInteger"]
}
}

2
swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll
View File

@@ -94,6 +94,6 @@ class HeuristicUncontrolledFormatStringSink extends UncontrolledFormatStringSink
private class UncontrolledFormatStringDefaultBarrier extends UncontrolledFormatStringBarrier {
UncontrolledFormatStringDefaultBarrier() {
// any numeric type
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = ["Numeric", "SignedInteger", "UnsignedInteger"]
}
}

2
swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll
View File

@@ -127,6 +127,6 @@ private class DefaultUnsafeJsEvalSink extends UnsafeJsEvalSink {
private class UnsafeJsEvalDefaultBarrier extends UnsafeJsEvalBarrier {
UnsafeJsEvalDefaultBarrier() {
// any numeric type
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = ["Numeric", "SignedInteger", "UnsignedInteger"]
}
}

2
swift/ql/lib/codeql/swift/security/UnsafeUnpackExtensions.qll
View File

@@ -73,6 +73,6 @@ private class UnsafeUnpackAdditionalDataFlowStep extends UnsafeUnpackAdditionalF
private class UnsafeUnpackDefaultBarrier extends UnsafeUnpackBarrier {
UnsafeUnpackDefaultBarrier() {
// any numeric type
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = ["Numeric", "SignedInteger", "UnsignedInteger"]
}
}

2
swift/ql/lib/codeql/swift/security/regex/RegexInjectionExtensions.qll
View File

@@ -64,6 +64,6 @@ private class RegexInjectionSinks extends SinkModelCsv {
private class RegexInjectionDefaultBarrier extends RegexInjectionBarrier {
RegexInjectionDefaultBarrier() {
// any numeric type
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = ["Numeric", "SignedInteger", "UnsignedInteger"]
}
}

14
swift/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
View File

@@ -82,7 +82,6 @@ edges
| GRDB.swift:342:26:342:80 | call to String.init(contentsOf:) | GRDB.swift:349:84:349:84 | remoteString | provenance | |
| GRDB.swift:342:26:342:80 | call to String.init(contentsOf:) | GRDB.swift:350:69:350:69 | remoteString | provenance | |
| GRDB.swift:342:26:342:80 | call to String.init(contentsOf:) | GRDB.swift:351:84:351:84 | remoteString | provenance | |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:63:25:63:25 | remoteString | provenance | |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:73:17:73:17 | unsafeQuery1 | provenance | |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:74:17:74:17 | unsafeQuery2 | provenance | |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:75:17:75:17 | unsafeQuery3 | provenance | |
@@ -98,8 +97,6 @@ edges
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:117:16:117:16 | unsafeQuery1 | provenance | |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:119:16:119:16 | unsafeQuery1 | provenance | |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:132:20:132:20 | remoteString | provenance | |
| SQLite.swift:63:21:63:37 | call to Self.init(_:) | SQLite.swift:77:17:77:17 | safeQuery2 | provenance | |
| SQLite.swift:63:25:63:25 | remoteString | SQLite.swift:63:21:63:37 | call to Self.init(_:) | provenance | |
| other.swift:46:25:46:79 | call to String.init(contentsOf:) | other.swift:50:22:50:22 | remoteString | provenance | |
| other.swift:46:25:46:79 | call to String.init(contentsOf:) | other.swift:52:14:52:14 | remoteString | provenance | |
| other.swift:46:25:46:79 | call to String.init(contentsOf:) | other.swift:53:14:53:14 | remoteString | provenance | |
@@ -107,7 +104,6 @@ edges
| other.swift:46:25:46:79 | call to String.init(contentsOf:) | other.swift:55:14:55:14 | remoteString | provenance | |
| other.swift:46:25:46:79 | call to String.init(contentsOf:) | other.swift:57:16:57:16 | remoteString | provenance | |
| other.swift:54:31:54:31 | remoteString | other.swift:54:14:54:43 | call to NSString.init(string:) | provenance | |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:123:25:123:25 | remoteString | provenance | |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:133:33:133:33 | unsafeQuery1 | provenance | |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:134:33:134:33 | unsafeQuery2 | provenance | |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:135:33:135:33 | unsafeQuery3 | provenance | |
@@ -115,8 +111,6 @@ edges
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:175:29:175:29 | unsafeQuery3 | provenance | |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:183:29:183:29 | unsafeQuery3 | provenance | |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:189:13:189:13 | unsafeQuery3 | provenance | |
| sqlite3_c_api.swift:123:21:123:37 | call to Self.init(_:) | sqlite3_c_api.swift:137:33:137:33 | safeQuery2 | provenance | |
| sqlite3_c_api.swift:123:25:123:25 | remoteString | sqlite3_c_api.swift:123:21:123:37 | call to Self.init(_:) | provenance | |
| sqlite3_c_api.swift:189:13:189:13 | unsafeQuery3 | sqlite3_c_api.swift:189:13:189:58 | call to data(using:allowLossyConversion:) | provenance | |
| sqlite3_c_api.swift:189:13:189:58 | call to data(using:allowLossyConversion:) | sqlite3_c_api.swift:190:2:190:2 | data | provenance | |
| sqlite3_c_api.swift:190:2:190:2 | data | sqlite3_c_api.swift:190:21:190:21 | [post] buffer | provenance | |
@@ -220,12 +214,9 @@ nodes
| GRDB.swift:350:69:350:69 | remoteString | semmle.label | remoteString |
| GRDB.swift:351:84:351:84 | remoteString | semmle.label | remoteString |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| SQLite.swift:63:21:63:37 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| SQLite.swift:63:25:63:25 | remoteString | semmle.label | remoteString |
| SQLite.swift:73:17:73:17 | unsafeQuery1 | semmle.label | unsafeQuery1 |
| SQLite.swift:74:17:74:17 | unsafeQuery2 | semmle.label | unsafeQuery2 |
| SQLite.swift:75:17:75:17 | unsafeQuery3 | semmle.label | unsafeQuery3 |
| SQLite.swift:77:17:77:17 | safeQuery2 | semmle.label | safeQuery2 |
| SQLite.swift:83:29:83:29 | unsafeQuery3 | semmle.label | unsafeQuery3 |
| SQLite.swift:95:32:95:32 | remoteString | semmle.label | remoteString |
| SQLite.swift:100:29:100:29 | unsafeQuery1 | semmle.label | unsafeQuery1 |
@@ -247,12 +238,9 @@ nodes
| other.swift:55:14:55:14 | remoteString | semmle.label | remoteString |
| other.swift:57:16:57:16 | remoteString | semmle.label | remoteString |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| sqlite3_c_api.swift:123:21:123:37 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| sqlite3_c_api.swift:123:25:123:25 | remoteString | semmle.label | remoteString |
| sqlite3_c_api.swift:133:33:133:33 | unsafeQuery1 | semmle.label | unsafeQuery1 |
| sqlite3_c_api.swift:134:33:134:33 | unsafeQuery2 | semmle.label | unsafeQuery2 |
| sqlite3_c_api.swift:135:33:135:33 | unsafeQuery3 | semmle.label | unsafeQuery3 |
| sqlite3_c_api.swift:137:33:137:33 | safeQuery2 | semmle.label | safeQuery2 |
| sqlite3_c_api.swift:145:26:145:26 | unsafeQuery3 | semmle.label | unsafeQuery3 |
| sqlite3_c_api.swift:175:29:175:29 | unsafeQuery3 | semmle.label | unsafeQuery3 |
| sqlite3_c_api.swift:183:29:183:29 | unsafeQuery3 | semmle.label | unsafeQuery3 |
@@ -351,7 +339,6 @@ subpaths
| SQLite.swift:73:17:73:17 | unsafeQuery1 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:73:17:73:17 | unsafeQuery1 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:74:17:74:17 | unsafeQuery2 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:74:17:74:17 | unsafeQuery2 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:75:17:75:17 | unsafeQuery3 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:75:17:75:17 | unsafeQuery3 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:77:17:77:17 | safeQuery2 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:77:17:77:17 | safeQuery2 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:83:29:83:29 | unsafeQuery3 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:83:29:83:29 | unsafeQuery3 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:95:32:95:32 | remoteString | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:95:32:95:32 | remoteString | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:100:29:100:29 | unsafeQuery1 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:100:29:100:29 | unsafeQuery1 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
@@ -373,7 +360,6 @@ subpaths
| sqlite3_c_api.swift:133:33:133:33 | unsafeQuery1 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:133:33:133:33 | unsafeQuery1 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:134:33:134:33 | unsafeQuery2 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:134:33:134:33 | unsafeQuery2 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:135:33:135:33 | unsafeQuery3 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:135:33:135:33 | unsafeQuery3 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:137:33:137:33 | safeQuery2 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:137:33:137:33 | safeQuery2 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:145:26:145:26 | unsafeQuery3 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:145:26:145:26 | unsafeQuery3 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:175:29:175:29 | unsafeQuery3 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:175:29:175:29 | unsafeQuery3 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:183:29:183:29 | unsafeQuery3 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:183:29:183:29 | unsafeQuery3 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |

23
swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected
View File

@@ -30,17 +30,6 @@ edges
| UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | UnsafeJsEval.swift:285:13:285:13 | string | provenance | |
| UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | UnsafeJsEval.swift:299:13:299:13 | string | provenance | |
| UnsafeJsEval.swift:214:24:214:24 | remoteData | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | provenance | |
| UnsafeJsEval.swift:217:7:217:74 | ... .+(_:_:) ... | UnsafeJsEval.swift:265:13:265:13 | string | provenance | |
| UnsafeJsEval.swift:217:7:217:74 | ... .+(_:_:) ... | UnsafeJsEval.swift:268:13:268:13 | string | provenance | |
| UnsafeJsEval.swift:217:7:217:74 | ... .+(_:_:) ... | UnsafeJsEval.swift:276:13:276:13 | string | provenance | |
| UnsafeJsEval.swift:217:7:217:74 | ... .+(_:_:) ... | UnsafeJsEval.swift:279:13:279:13 | string | provenance | |
| UnsafeJsEval.swift:217:7:217:74 | ... .+(_:_:) ... | UnsafeJsEval.swift:285:13:285:13 | string | provenance | |
| UnsafeJsEval.swift:217:7:217:74 | ... .+(_:_:) ... | UnsafeJsEval.swift:299:13:299:13 | string | provenance | |
| UnsafeJsEval.swift:217:24:217:70 | call to String.init(_:) | UnsafeJsEval.swift:217:7:217:74 | ... .+(_:_:) ... | provenance | |
| UnsafeJsEval.swift:217:31:217:64 | call to Self.init(_:) | UnsafeJsEval.swift:217:31:217:69 | ... ??(_:_:) ... | provenance | |
| UnsafeJsEval.swift:217:31:217:69 | ... ??(_:_:) ... | UnsafeJsEval.swift:217:24:217:70 | call to String.init(_:) | provenance | |
| UnsafeJsEval.swift:217:35:217:63 | try! ... | UnsafeJsEval.swift:217:31:217:64 | call to Self.init(_:) | provenance | |
| UnsafeJsEval.swift:217:40:217:63 | call to String.init(contentsOf:) | UnsafeJsEval.swift:217:35:217:63 | try! ... | provenance | |
| UnsafeJsEval.swift:265:13:265:13 | string | UnsafeJsEval.swift:266:43:266:43 | string | provenance | |
| UnsafeJsEval.swift:266:43:266:43 | string | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | provenance | |
| UnsafeJsEval.swift:268:13:268:13 | string | UnsafeJsEval.swift:269:43:269:43 | string | provenance | |
@@ -74,12 +63,6 @@ nodes
| UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | semmle.label | call to String.init(decoding:as:) |
| UnsafeJsEval.swift:214:24:214:24 | remoteData | semmle.label | remoteData |
| UnsafeJsEval.swift:217:7:217:74 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
| UnsafeJsEval.swift:217:24:217:70 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| UnsafeJsEval.swift:217:31:217:64 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| UnsafeJsEval.swift:217:31:217:69 | ... ??(_:_:) ... | semmle.label | ... ??(_:_:) ... |
| UnsafeJsEval.swift:217:35:217:63 | try! ... | semmle.label | try! ... |
| UnsafeJsEval.swift:217:40:217:63 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| UnsafeJsEval.swift:265:13:265:13 | string | semmle.label | string |
| UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | semmle.label | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
| UnsafeJsEval.swift:266:43:266:43 | string | semmle.label | string |
@@ -114,30 +97,24 @@ subpaths
| UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:217:40:217:63 | call to String.init(contentsOf:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:217:40:217:63 | call to String.init(contentsOf:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:217:40:217:63 | call to String.init(contentsOf:) | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:217:40:217:63 | call to String.init(contentsOf:) | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:217:40:217:63 | call to String.init(contentsOf:) | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:217:40:217:63 | call to String.init(contentsOf:) | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. |
| UnsafeJsEval.swift:320:44:320:74 | ... .+(_:_:) ... | UnsafeJsEval.swift:318:24:318:87 | call to String.init(contentsOf:) | UnsafeJsEval.swift:320:44:320:74 | ... .+(_:_:) ... | Evaluation of uncontrolled JavaScript from a remote source. |

21
swift/ql/test/query-tests/Security/CWE-134/UncontrolledFormatString.expected
View File

@@ -18,8 +18,6 @@ edges
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:116:11:116:11 | tainted | provenance | |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:116:11:116:11 | tainted | provenance | |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:118:61:118:61 | tainted | provenance | |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:120:26:120:26 | tainted | provenance | |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:124:27:124:27 | tainted | provenance | |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:130:39:130:39 | tainted | provenance | |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:135:37:135:37 | tainted | provenance | |
| UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:139:5:139:5 | tainted | provenance | |
@@ -30,14 +28,6 @@ edges
| UncontrolledFormatString.swift:111:50:111:50 | tainted | UncontrolledFormatString.swift:111:33:111:57 | call to NSString.init(string:) | provenance | |
| UncontrolledFormatString.swift:112:64:112:64 | tainted | UncontrolledFormatString.swift:112:47:112:71 | call to NSString.init(string:) | provenance | |
| UncontrolledFormatString.swift:116:11:116:11 | tainted | UncontrolledFormatString.swift:77:12:77:22 | format | provenance | |
| UncontrolledFormatString.swift:120:22:120:33 | call to Self.init(_:) | UncontrolledFormatString.swift:122:24:122:24 | taintedSan | provenance | |
| UncontrolledFormatString.swift:120:26:120:26 | tainted | UncontrolledFormatString.swift:120:22:120:33 | call to Self.init(_:) | provenance | |
| UncontrolledFormatString.swift:124:23:124:34 | call to Self.init(_:) | UncontrolledFormatString.swift:125:30:125:30 | taintedVal2 | provenance | |
| UncontrolledFormatString.swift:124:27:124:27 | tainted | UncontrolledFormatString.swift:124:23:124:34 | call to Self.init(_:) | provenance | |
| UncontrolledFormatString.swift:125:23:125:41 | call to String.init(_:) | UncontrolledFormatString.swift:126:24:126:24 | taintedSan2 | provenance | |
| UncontrolledFormatString.swift:125:23:125:41 | call to String.init(_:) [Collection element] | UncontrolledFormatString.swift:126:24:126:24 | taintedSan2 | provenance | |
| UncontrolledFormatString.swift:125:30:125:30 | taintedVal2 | UncontrolledFormatString.swift:125:23:125:41 | call to String.init(_:) | provenance | |
| UncontrolledFormatString.swift:125:30:125:30 | taintedVal2 | UncontrolledFormatString.swift:125:23:125:41 | call to String.init(_:) [Collection element] | provenance | |
| UncontrolledFormatString.swift:135:37:135:37 | tainted | UncontrolledFormatString.swift:135:20:135:44 | call to NSString.init(string:) | provenance | |
| UncontrolledFormatString.swift:139:5:139:5 | tainted | UncontrolledFormatString.swift:140:9:140:9 | cstr [Collection element] | provenance | |
| UncontrolledFormatString.swift:140:9:140:9 | cstr [Collection element] | UncontrolledFormatString.swift:141:24:141:24 | cstr | provenance | |
@@ -70,15 +60,6 @@ nodes
| UncontrolledFormatString.swift:116:11:116:11 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:116:11:116:11 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:118:61:118:61 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:120:22:120:33 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| UncontrolledFormatString.swift:120:26:120:26 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:122:24:122:24 | taintedSan | semmle.label | taintedSan |
| UncontrolledFormatString.swift:124:23:124:34 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| UncontrolledFormatString.swift:124:27:124:27 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:125:23:125:41 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| UncontrolledFormatString.swift:125:23:125:41 | call to String.init(_:) [Collection element] | semmle.label | call to String.init(_:) [Collection element] |
| UncontrolledFormatString.swift:125:30:125:30 | taintedVal2 | semmle.label | taintedVal2 |
| UncontrolledFormatString.swift:126:24:126:24 | taintedSan2 | semmle.label | taintedSan2 |
| UncontrolledFormatString.swift:130:39:130:39 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:135:20:135:44 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) |
| UncontrolledFormatString.swift:135:37:135:37 | tainted | semmle.label | tainted |
@@ -107,8 +88,6 @@ subpaths
| UncontrolledFormatString.swift:115:11:115:11 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:115:11:115:11 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:116:11:116:11 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:116:11:116:11 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:118:61:118:61 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:118:61:118:61 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:122:24:122:24 | taintedSan | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:122:24:122:24 | taintedSan | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:126:24:126:24 | taintedSan2 | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:126:24:126:24 | taintedSan2 | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:130:39:130:39 | tainted | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:130:39:130:39 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:135:20:135:44 | call to NSString.init(string:) | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:135:20:135:44 | call to NSString.init(string:) | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:141:24:141:24 | cstr | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:141:24:141:24 | cstr | This format string depends on $@. | UncontrolledFormatString.swift:91:24:91:77 | call to String.init(contentsOf:) | this user-provided value |