hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Test flow through various conversions.

Browse Source
This commit is contained in:
Geoffrey White
2023-08-09 17:06:15 +01:00
parent a1234d4235
commit e86ccf8498
3 changed files with 217 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected
View File

@@ -1,3 +1,82 @@
| conversions.swift:9:7:9:7 | SSA def(self) | conversions.swift:9:7:9:7 | self[return] |
| conversions.swift:9:7:9:7 | SSA def(self) | conversions.swift:9:7:9:7 | self[return] |
| conversions.swift:9:7:9:7 | self | conversions.swift:9:7:9:7 | SSA def(self) |
| conversions.swift:9:7:9:7 | self | conversions.swift:9:7:9:7 | SSA def(self) |
| conversions.swift:12:7:12:7 | SSA def(self) | conversions.swift:12:7:12:7 | self[return] |
| conversions.swift:12:7:12:7 | self | conversions.swift:12:7:12:7 | SSA def(self) |
| conversions.swift:12:36:12:36 | SSA def(self) | conversions.swift:12:36:12:36 | self[return] |
| conversions.swift:12:36:12:36 | self | conversions.swift:12:36:12:36 | SSA def(self) |
| conversions.swift:15:7:15:7 | SSA def(self) | conversions.swift:15:7:15:7 | self[return] |
| conversions.swift:15:7:15:7 | self | conversions.swift:15:7:15:7 | SSA def(self) |
| conversions.swift:16:11:16:11 | SSA def(self) | conversions.swift:16:11:16:42 | self[return] |
| conversions.swift:16:11:16:11 | self | conversions.swift:16:11:16:11 | SSA def(self) |
| conversions.swift:18:28:18:28 | SSA def(self) | conversions.swift:18:28:18:44 | self[return] |
| conversions.swift:18:28:18:28 | self | conversions.swift:18:28:18:28 | SSA def(self) |
| conversions.swift:19:33:19:33 | SSA def(self) | conversions.swift:19:33:19:49 | self[return] |
| conversions.swift:19:33:19:33 | self | conversions.swift:19:33:19:33 | SSA def(self) |
| conversions.swift:20:22:20:22 | SSA def(self) | conversions.swift:20:22:20:38 | self[return] |
| conversions.swift:20:22:20:22 | self | conversions.swift:20:22:20:22 | SSA def(self) |
| conversions.swift:28:19:28:29 | call to sourceInt() | conversions.swift:28:12:28:30 | call to String.init(_:) |
| conversions.swift:29:12:29:30 | call to String.init(_:) | conversions.swift:29:12:29:32 | .utf8 |
| conversions.swift:29:19:29:29 | call to sourceInt() | conversions.swift:29:12:29:30 | call to String.init(_:) |
| conversions.swift:30:20:30:33 | call to sourceString() | conversions.swift:30:20:30:35 | .utf8 |
| conversions.swift:32:9:32:9 | SSA def(v) | conversions.swift:33:13:33:13 | v |
| conversions.swift:32:9:32:9 | v | conversions.swift:32:9:32:9 | SSA def(v) |
| conversions.swift:32:13:32:23 | call to sourceInt() | conversions.swift:32:5:32:9 | let ...? |
| conversions.swift:36:6:36:6 | SSA def(v2) | conversions.swift:37:12:37:12 | v2 |
| conversions.swift:36:6:36:6 | v2 | conversions.swift:36:6:36:6 | SSA def(v2) |
| conversions.swift:36:6:36:10 | ... as ... | conversions.swift:36:6:36:6 | v2 |
| conversions.swift:36:18:36:41 | call to numericCast(_:) | conversions.swift:36:6:36:10 | ... as ... |
| conversions.swift:39:6:39:6 | SSA def(v4) | conversions.swift:40:12:40:12 | v4 |
| conversions.swift:39:6:39:6 | v4 | conversions.swift:39:6:39:6 | SSA def(v4) |
| conversions.swift:39:6:39:10 | ... as ... | conversions.swift:39:6:39:6 | v4 |
| conversions.swift:39:17:39:57 | call to unsafeBitCast(_:to:) | conversions.swift:39:6:39:10 | ... as ... |
| conversions.swift:42:6:42:6 | SSA def(v5) | conversions.swift:43:12:43:12 | v5 |
| conversions.swift:42:6:42:6 | v5 | conversions.swift:42:6:42:6 | SSA def(v5) |
| conversions.swift:42:11:42:47 | call to Self.init(truncatingIfNeeded:) | conversions.swift:42:6:42:6 | v5 |
| conversions.swift:45:6:45:6 | SSA def(v6) | conversions.swift:46:12:46:12 | v6 |
| conversions.swift:45:6:45:6 | v6 | conversions.swift:45:6:45:6 | SSA def(v6) |
| conversions.swift:45:11:45:39 | call to UInt.init(bitPattern:) | conversions.swift:45:6:45:6 | v6 |
| conversions.swift:48:12:48:36 | call to Self.init(exactly:) | conversions.swift:48:12:48:37 | ...! |
| conversions.swift:51:12:51:41 | call to Self.init(_:radix:) | conversions.swift:51:12:51:42 | ...! |
| conversions.swift:63:19:63:31 | call to sourceFloat() | conversions.swift:63:12:63:32 | call to String.init(_:) |
| conversions.swift:64:12:64:32 | call to String.init(_:) | conversions.swift:64:12:64:34 | .utf8 |
| conversions.swift:64:19:64:31 | call to sourceFloat() | conversions.swift:64:12:64:32 | call to String.init(_:) |
| conversions.swift:78:19:78:32 | call to sourceString() | conversions.swift:78:12:78:33 | call to String.init(_:) |
| conversions.swift:80:6:80:6 | SSA def(ms1) | conversions.swift:81:12:81:12 | ms1 |
| conversions.swift:80:6:80:6 | ms1 | conversions.swift:80:6:80:6 | SSA def(ms1) |
| conversions.swift:80:12:80:26 | call to MyString.init(_:) | conversions.swift:80:12:80:27 | ...! |
| conversions.swift:80:12:80:27 | ...! | conversions.swift:80:6:80:6 | ms1 |
| conversions.swift:81:12:81:12 | [post] ms1 | conversions.swift:82:12:82:12 | ms1 |
| conversions.swift:81:12:81:12 | ms1 | conversions.swift:82:12:82:12 | ms1 |
| conversions.swift:82:12:82:12 | [post] ms1 | conversions.swift:83:12:83:12 | ms1 |
| conversions.swift:82:12:82:12 | ms1 | conversions.swift:83:12:83:12 | ms1 |
| conversions.swift:83:12:83:12 | [post] ms1 | conversions.swift:84:12:84:12 | ms1 |
| conversions.swift:83:12:83:12 | ms1 | conversions.swift:84:12:84:12 | ms1 |
| conversions.swift:86:6:86:6 | SSA def(ms2) | conversions.swift:87:12:87:12 | ms2 |
| conversions.swift:86:6:86:6 | ms2 | conversions.swift:86:6:86:6 | SSA def(ms2) |
| conversions.swift:86:12:86:35 | call to MyString.init(_:) | conversions.swift:86:12:86:36 | ...! |
| conversions.swift:86:12:86:36 | ...! | conversions.swift:86:6:86:6 | ms2 |
| conversions.swift:87:12:87:12 | [post] ms2 | conversions.swift:88:12:88:12 | ms2 |
| conversions.swift:87:12:87:12 | ms2 | conversions.swift:88:12:88:12 | ms2 |
| conversions.swift:88:12:88:12 | [post] ms2 | conversions.swift:89:12:89:12 | ms2 |
| conversions.swift:88:12:88:12 | ms2 | conversions.swift:89:12:89:12 | ms2 |
| conversions.swift:89:12:89:12 | [post] ms2 | conversions.swift:90:12:90:12 | ms2 |
| conversions.swift:89:12:89:12 | ms2 | conversions.swift:90:12:90:12 | ms2 |
| conversions.swift:94:6:94:6 | SSA def(parent) | conversions.swift:95:12:95:12 | parent |
| conversions.swift:94:6:94:6 | parent | conversions.swift:94:6:94:6 | SSA def(parent) |
| conversions.swift:94:6:94:15 | ... as ... | conversions.swift:94:6:94:6 | parent |
| conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:94:6:94:15 | ... as ... |
| conversions.swift:95:12:95:12 | [post] parent | conversions.swift:96:12:96:12 | parent |
| conversions.swift:95:12:95:12 | parent | conversions.swift:96:12:96:12 | parent |
| conversions.swift:96:12:96:12 | [post] parent | conversions.swift:98:40:98:40 | parent |
| conversions.swift:96:12:96:12 | parent | conversions.swift:98:40:98:40 | parent |
| conversions.swift:98:6:98:6 | SSA def(v3) | conversions.swift:99:12:99:12 | v3 |
| conversions.swift:98:6:98:6 | v3 | conversions.swift:98:6:98:6 | SSA def(v3) |
| conversions.swift:98:6:98:10 | ... as ... | conversions.swift:98:6:98:6 | v3 |
| conversions.swift:98:25:98:69 | call to unsafeDowncast(_:to:) | conversions.swift:98:6:98:10 | ... as ... |
| conversions.swift:99:12:99:12 | [post] v3 | conversions.swift:100:12:100:12 | v3 |
| conversions.swift:99:12:99:12 | v3 | conversions.swift:100:12:100:12 | v3 |
| simple.swift:12:13:12:13 | 1 | simple.swift:12:13:12:24 | ... .+(_:_:) ... |
| simple.swift:12:17:12:24 | call to source() | simple.swift:12:13:12:24 | ... .+(_:_:) ... |
| simple.swift:13:13:13:20 | call to source() | simple.swift:13:13:13:24 | ... .+(_:_:) ... |

37
swift/ql/test/library-tests/dataflow/taint/core/Taint.expected
View File

@@ -1,4 +1,13 @@
edges
| conversions.swift:28:19:28:29 | call to sourceInt() | conversions.swift:28:12:28:30 | call to String.init(_:) |
| conversions.swift:29:12:29:30 | call to String.init(_:) | conversions.swift:29:12:29:32 | .utf8 |
| conversions.swift:29:19:29:29 | call to sourceInt() | conversions.swift:29:12:29:30 | call to String.init(_:) |
| conversions.swift:63:19:63:31 | call to sourceFloat() | conversions.swift:63:12:63:32 | call to String.init(_:) |
| conversions.swift:64:12:64:32 | call to String.init(_:) | conversions.swift:64:12:64:34 | .utf8 |
| conversions.swift:64:19:64:31 | call to sourceFloat() | conversions.swift:64:12:64:32 | call to String.init(_:) |
| conversions.swift:78:19:78:32 | call to sourceString() | conversions.swift:78:12:78:33 | call to String.init(_:) |
| conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:95:12:95:12 | parent |
| conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:96:12:96:12 | parent |
| file://:0:0:0:0 | self [first] | file://:0:0:0:0 | .first |
| file://:0:0:0:0 | self [second] | file://:0:0:0:0 | .second |
| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [first] |
@@ -77,6 +86,24 @@ edges
| try.swift:18:18:18:25 | call to source() | try.swift:18:18:18:25 | call to source() [some:0] |
| try.swift:18:18:18:25 | call to source() [some:0] | try.swift:18:13:18:25 | try? ... [some:0] |
nodes
| conversions.swift:24:12:24:22 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:28:12:28:30 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| conversions.swift:28:19:28:29 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:29:12:29:30 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| conversions.swift:29:12:29:32 | .utf8 | semmle.label | .utf8 |
| conversions.swift:29:19:29:29 | call to sourceInt() | semmle.label | call to sourceInt() |
| conversions.swift:60:12:60:24 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:63:12:63:32 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| conversions.swift:63:19:63:31 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:64:12:64:32 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| conversions.swift:64:12:64:34 | .utf8 | semmle.label | .utf8 |
| conversions.swift:64:19:64:31 | call to sourceFloat() | semmle.label | call to sourceFloat() |
| conversions.swift:77:12:77:25 | call to sourceString() | semmle.label | call to sourceString() |
| conversions.swift:78:12:78:33 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| conversions.swift:78:19:78:32 | call to sourceString() | semmle.label | call to sourceString() |
| conversions.swift:94:31:94:44 | call to sourceString() | semmle.label | call to sourceString() |
| conversions.swift:95:12:95:12 | parent | semmle.label | parent |
| conversions.swift:96:12:96:12 | parent | semmle.label | parent |
| file://:0:0:0:0 | .first | semmle.label | .first |
| file://:0:0:0:0 | .second | semmle.label | .second |
| file://:0:0:0:0 | [post] self [first] | semmle.label | [post] self [first] |
@@ -200,6 +227,16 @@ subpaths
| stringinterpolation.swift:28:14:28:21 | call to source() | stringinterpolation.swift:7:6:7:6 | value | file://:0:0:0:0 | [post] self [second] | stringinterpolation.swift:28:2:28:2 | [post] p2 [second] |
| stringinterpolation.swift:31:21:31:21 | p2 [second] | stringinterpolation.swift:7:6:7:6 | self [second] | file://:0:0:0:0 | .second | stringinterpolation.swift:31:21:31:24 | .second |
#select
| conversions.swift:24:12:24:22 | call to sourceInt() | conversions.swift:24:12:24:22 | call to sourceInt() | conversions.swift:24:12:24:22 | call to sourceInt() | result |
| conversions.swift:28:12:28:30 | call to String.init(_:) | conversions.swift:28:19:28:29 | call to sourceInt() | conversions.swift:28:12:28:30 | call to String.init(_:) | result |
| conversions.swift:29:12:29:32 | .utf8 | conversions.swift:29:19:29:29 | call to sourceInt() | conversions.swift:29:12:29:32 | .utf8 | result |
| conversions.swift:60:12:60:24 | call to sourceFloat() | conversions.swift:60:12:60:24 | call to sourceFloat() | conversions.swift:60:12:60:24 | call to sourceFloat() | result |
| conversions.swift:63:12:63:32 | call to String.init(_:) | conversions.swift:63:19:63:31 | call to sourceFloat() | conversions.swift:63:12:63:32 | call to String.init(_:) | result |
| conversions.swift:64:12:64:34 | .utf8 | conversions.swift:64:19:64:31 | call to sourceFloat() | conversions.swift:64:12:64:34 | .utf8 | result |
| conversions.swift:77:12:77:25 | call to sourceString() | conversions.swift:77:12:77:25 | call to sourceString() | conversions.swift:77:12:77:25 | call to sourceString() | result |
| conversions.swift:78:12:78:33 | call to String.init(_:) | conversions.swift:78:19:78:32 | call to sourceString() | conversions.swift:78:12:78:33 | call to String.init(_:) | result |
| conversions.swift:95:12:95:12 | parent | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:95:12:95:12 | parent | result |
| conversions.swift:96:12:96:12 | parent | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:96:12:96:12 | parent | result |
| simple.swift:12:13:12:24 | ... .+(_:_:) ... | simple.swift:12:17:12:24 | call to source() | simple.swift:12:13:12:24 | ... .+(_:_:) ... | result |
| simple.swift:13:13:13:24 | ... .+(_:_:) ... | simple.swift:13:13:13:20 | call to source() | simple.swift:13:13:13:24 | ... .+(_:_:) ... | result |
| simple.swift:14:13:14:24 | ... .-(_:_:) ... | simple.swift:14:17:14:24 | call to source() | simple.swift:14:13:14:24 | ... .-(_:_:) ... | result |

101
swift/ql/test/library-tests/dataflow/taint/core/conversions.swift Normal file
View File

@@ -0,0 +1,101 @@
func sourceInt() -> Int { 0 }
func sourceFloat() -> Float { 0.0 }
func sourceString() -> String { "" }
func sink(arg: Any) { }
// ---
class MyParentClass {
}
class MyChildClass : MyParentClass {
}
class MyString : LosslessStringConvertible, CustomStringConvertible, CustomDebugStringConvertible {
required init?(_ description: String) { }
var description: String { get { return "" } }
var debugDescription: String { get { return "" } }
var clean: String { get { return "" } }
}
func testConversions() {
sink(arg: sourceInt()) // $ tainted=24
sink(arg: Int(sourceInt())) // $ MISSING: tainted=
sink(arg: UInt8(sourceInt())) // $ MISSING: tainted=
sink(arg: Float(sourceInt())) // $ MISSING: tainted=
sink(arg: String(sourceInt())) // $ tainted=28
sink(arg: String(sourceInt()).utf8) // $ tainted=29
sink(arg: [UInt8](sourceString().utf8)) // $ MISSING: tainted=
if let v = sourceInt() as? UInt {
sink(arg: v) // $ MISSING: tainted=
}
let v2: UInt8 = numericCast(sourceInt())
sink(arg: v2) // $ MISSING: tainted=
let v4: UInt = unsafeBitCast(sourceInt(), to: UInt.self)
sink(arg: v4) // $ MISSING: tainted=
let v5 = UInt(truncatingIfNeeded: sourceInt())
sink(arg: v5) // $ MISSING: tainted=
let v6 = UInt(bitPattern: sourceInt())
sink(arg: v6) // $ MISSING: tainted=
sink(arg: Int(exactly: sourceInt())!) // $ MISSING: tainted=
sink(arg: Int(clamping: sourceInt())) // $ MISSING: tainted=
sink(arg: Int(truncatingIfNeeded: sourceInt())) // $ MISSING: tainted=
sink(arg: Int(sourceString(), radix: 10)!) // $ MISSING: tainted=
sink(arg: Int(littleEndian: sourceInt())) // $ MISSING: tainted=
sink(arg: Int(bigEndian: sourceInt())) // $ MISSING: tainted=
sink(arg: sourceInt().littleEndian) // $ MISSING: tainted=
sink(arg: sourceInt().bigEndian) // $ MISSING: tainted=
// ---
sink(arg: sourceFloat()) // $ tainted=60
sink(arg: Float(sourceFloat())) // $ MISSING: tainted=
sink(arg: UInt8(sourceFloat())) // $ MISSING: tainted=
sink(arg: String(sourceFloat())) // $ tainted=63
sink(arg: String(sourceFloat()).utf8) // $ tainted=64
sink(arg: Float(sourceFloat())) // MISSING: tainted=
sink(arg: Float(sign: .plus, exponent: sourceInt(), significand: 0.0)) // MISSING: tainted=
sink(arg: Float(sign: .plus, exponent: 0, significand: sourceFloat())) // MISSING: tainted=
sink(arg: Float(signOf: sourceFloat(), magnitudeOf: 0.0)) // (good)
sink(arg: Float(signOf: 0.0, magnitudeOf: sourceFloat())) // MISSING: tainted=
sink(arg: sourceFloat().exponent) // $ MISSING: tainted=
sink(arg: sourceFloat().significand) // $ MISSING: tainted=
// ---
sink(arg: sourceString()) // $ tainted=77
sink(arg: String(sourceString())) // $ tainted=78
let ms1 = MyString("abc")!
sink(arg: ms1)
sink(arg: ms1.description)
sink(arg: ms1.debugDescription)
sink(arg: ms1.clean)
let ms2 = MyString(sourceString())!
sink(arg: ms2) // $ MISSING: tainted=
sink(arg: ms2.description) // $ MISSING: tainted=
sink(arg: ms2.debugDescription) // $ MISSING: tainted=
sink(arg: ms2.clean)
// ---
let parent : MyParentClass = sourceString() as! MyChildClass
sink(arg: parent) // $ tainted=94
sink(arg: parent as! MyChildClass) // $ tainted=94
let v3: MyChildClass = unsafeDowncast(parent, to: MyChildClass.self)
sink(arg: v3) // $ MISSING: tainted=
sink(arg: v3 as! MyParentClass) // $ MISSING: tainted=
}