hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 05:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

update the expected output for CWE-079

Browse Source 
Now that we have support for taint through fields of String, we can now detect certain flows that we previously marked as [NOT DETECTED]. This commit updates the expected output of CWE-079 (and the in-code annotation of the accompanying test case) to reflect that update.
This commit is contained in:
Karim Ali
2022-11-30 16:34:24 +02:00
parent 9048d5d79b
commit f6bc88471a
2 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.expected
View File

@@ -1,6 +1,7 @@
edges
| UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : |
| UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : |
| UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) : |
| UnsafeWebViewFetch.swift:94:10:94:37 | try ... : | UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : |
| UnsafeWebViewFetch.swift:94:10:94:37 | try ... : | UnsafeWebViewFetch.swift:120:25:120:39 | call to getRemoteData() |
| UnsafeWebViewFetch.swift:94:10:94:37 | try ... : | UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : |
@@ -18,6 +19,7 @@ edges
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:137:25:137:25 | remoteString |
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:139:25:139:25 | remoteString |
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:141:25:141:25 | remoteString |
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 : |
| UnsafeWebViewFetch.swift:131:18:131:42 | call to init(string:) : | UnsafeWebViewFetch.swift:132:52:132:52 | remoteURL : |
| UnsafeWebViewFetch.swift:131:18:131:42 | call to init(string:) : | UnsafeWebViewFetch.swift:138:47:138:56 | ...! |
| UnsafeWebViewFetch.swift:131:18:131:42 | call to init(string:) : | UnsafeWebViewFetch.swift:139:48:139:57 | ...! |
@@ -29,6 +31,10 @@ edges
| UnsafeWebViewFetch.swift:132:19:132:61 | call to init(string:relativeTo:) : | UnsafeWebViewFetch.swift:141:48:141:58 | ...! |
| UnsafeWebViewFetch.swift:132:52:132:52 | remoteURL : | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) : |
| UnsafeWebViewFetch.swift:132:52:132:52 | remoteURL : | UnsafeWebViewFetch.swift:132:19:132:61 | call to init(string:relativeTo:) : |
| UnsafeWebViewFetch.swift:150:19:150:41 | call to init(_:) : | UnsafeWebViewFetch.swift:152:15:152:15 | remoteData |
| UnsafeWebViewFetch.swift:150:19:150:41 | call to init(_:) : | UnsafeWebViewFetch.swift:154:15:154:15 | remoteData |
| UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 : | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) : |
| UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 : | UnsafeWebViewFetch.swift:150:19:150:41 | call to init(_:) : |
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:168:25:168:25 | remoteString |
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:171:25:171:51 | ... .+(_:_:) ... |
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:174:25:174:25 | "..." |
@@ -37,6 +43,7 @@ edges
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:184:25:184:25 | remoteString |
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:186:25:186:25 | remoteString |
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:188:25:188:25 | remoteString |
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 : |
| UnsafeWebViewFetch.swift:178:18:178:42 | call to init(string:) : | UnsafeWebViewFetch.swift:179:52:179:52 | remoteURL : |
| UnsafeWebViewFetch.swift:178:18:178:42 | call to init(string:) : | UnsafeWebViewFetch.swift:185:47:185:56 | ...! |
| UnsafeWebViewFetch.swift:178:18:178:42 | call to init(string:) : | UnsafeWebViewFetch.swift:186:48:186:57 | ...! |
@@ -48,11 +55,16 @@ edges
| UnsafeWebViewFetch.swift:179:19:179:61 | call to init(string:relativeTo:) : | UnsafeWebViewFetch.swift:188:48:188:58 | ...! |
| UnsafeWebViewFetch.swift:179:52:179:52 | remoteURL : | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) : |
| UnsafeWebViewFetch.swift:179:52:179:52 | remoteURL : | UnsafeWebViewFetch.swift:179:19:179:61 | call to init(string:relativeTo:) : |
| UnsafeWebViewFetch.swift:197:19:197:41 | call to init(_:) : | UnsafeWebViewFetch.swift:199:15:199:15 | remoteData |
| UnsafeWebViewFetch.swift:197:19:197:41 | call to init(_:) : | UnsafeWebViewFetch.swift:201:15:201:15 | remoteData |
| UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 : | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) : |
| UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 : | UnsafeWebViewFetch.swift:197:19:197:41 | call to init(_:) : |
| UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() : | UnsafeWebViewFetch.swift:210:25:210:25 | htmlData |
| UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() : | UnsafeWebViewFetch.swift:211:25:211:25 | htmlData |
nodes
| UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in init(string:) : | semmle.label | [summary param] 0 in init(string:) : |
| UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) : | semmle.label | [summary param] 1 in init(string:relativeTo:) : |
| UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) : | semmle.label | [summary param] 0 in init(_:) : |
| UnsafeWebViewFetch.swift:94:10:94:37 | try ... : | semmle.label | try ... : |
| UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | semmle.label | call to init(contentsOf:) : |
| UnsafeWebViewFetch.swift:103:25:103:84 | try! ... | semmle.label | try! ... |
@@ -78,7 +90,11 @@ nodes
| UnsafeWebViewFetch.swift:140:47:140:57 | ...! | semmle.label | ...! |
| UnsafeWebViewFetch.swift:141:25:141:25 | remoteString | semmle.label | remoteString |
| UnsafeWebViewFetch.swift:141:48:141:58 | ...! | semmle.label | ...! |
| UnsafeWebViewFetch.swift:150:19:150:41 | call to init(_:) : | semmle.label | call to init(_:) : |
| UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 : | semmle.label | .utf8 : |
| UnsafeWebViewFetch.swift:152:15:152:15 | remoteData | semmle.label | remoteData |
| UnsafeWebViewFetch.swift:153:85:153:94 | ...! | semmle.label | ...! |
| UnsafeWebViewFetch.swift:154:15:154:15 | remoteData | semmle.label | remoteData |
| UnsafeWebViewFetch.swift:154:86:154:95 | ...! | semmle.label | ...! |
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | semmle.label | call to getRemoteData() : |
| UnsafeWebViewFetch.swift:167:25:167:39 | call to getRemoteData() | semmle.label | call to getRemoteData() |
@@ -97,18 +113,25 @@ nodes
| UnsafeWebViewFetch.swift:187:47:187:57 | ...! | semmle.label | ...! |
| UnsafeWebViewFetch.swift:188:25:188:25 | remoteString | semmle.label | remoteString |
| UnsafeWebViewFetch.swift:188:48:188:58 | ...! | semmle.label | ...! |
| UnsafeWebViewFetch.swift:197:19:197:41 | call to init(_:) : | semmle.label | call to init(_:) : |
| UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 : | semmle.label | .utf8 : |
| UnsafeWebViewFetch.swift:199:15:199:15 | remoteData | semmle.label | remoteData |
| UnsafeWebViewFetch.swift:200:90:200:99 | ...! | semmle.label | ...! |
| UnsafeWebViewFetch.swift:201:15:201:15 | remoteData | semmle.label | remoteData |
| UnsafeWebViewFetch.swift:201:91:201:100 | ...! | semmle.label | ...! |
| UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() : | semmle.label | call to getRemoteData() : |
| UnsafeWebViewFetch.swift:210:25:210:25 | htmlData | semmle.label | htmlData |
| UnsafeWebViewFetch.swift:211:25:211:25 | htmlData | semmle.label | htmlData |
| file://:0:0:0:0 | [summary] to write: return (return) in init(_:) : | semmle.label | [summary] to write: return (return) in init(_:) : |
| file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | semmle.label | [summary] to write: return (return) in init(string:) : |
| file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | semmle.label | [summary] to write: return (return) in init(string:relativeTo:) : |
subpaths
| UnsafeWebViewFetch.swift:131:30:131:30 | remoteString : | UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | UnsafeWebViewFetch.swift:131:18:131:42 | call to init(string:) : |
| UnsafeWebViewFetch.swift:132:52:132:52 | remoteURL : | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | UnsafeWebViewFetch.swift:132:19:132:61 | call to init(string:relativeTo:) : |
| UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 : | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) : | UnsafeWebViewFetch.swift:150:19:150:41 | call to init(_:) : |
| UnsafeWebViewFetch.swift:178:30:178:30 | remoteString : | UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in init(string:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) : | UnsafeWebViewFetch.swift:178:18:178:42 | call to init(string:) : |
| UnsafeWebViewFetch.swift:179:52:179:52 | remoteURL : | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in init(string:relativeTo:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) : | UnsafeWebViewFetch.swift:179:19:179:61 | call to init(string:relativeTo:) : |
| UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 : | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in init(_:) : | file://:0:0:0:0 | [summary] to write: return (return) in init(_:) : | UnsafeWebViewFetch.swift:197:19:197:41 | call to init(_:) : |
#select
| UnsafeWebViewFetch.swift:103:25:103:84 | try! ... | UnsafeWebViewFetch.swift:103:30:103:84 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:103:25:103:84 | try! ... | Tainted data is used in a WebView fetch without restricting the base URL. |
| UnsafeWebViewFetch.swift:106:25:106:25 | data | UnsafeWebViewFetch.swift:105:18:105:72 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:106:25:106:25 | data | Tainted data is used in a WebView fetch without restricting the base URL. |
@@ -119,10 +142,12 @@ subpaths
| UnsafeWebViewFetch.swift:127:25:127:25 | "..." | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:127:25:127:25 | "..." | Tainted data is used in a WebView fetch without restricting the base URL. |
| UnsafeWebViewFetch.swift:139:25:139:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:139:25:139:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
| UnsafeWebViewFetch.swift:141:25:141:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:141:25:141:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
| UnsafeWebViewFetch.swift:154:15:154:15 | remoteData | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:154:15:154:15 | remoteData | Tainted data is used in a WebView fetch with a tainted base URL. |
| UnsafeWebViewFetch.swift:167:25:167:39 | call to getRemoteData() | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:167:25:167:39 | call to getRemoteData() | Tainted data is used in a WebView fetch without restricting the base URL. |
| UnsafeWebViewFetch.swift:168:25:168:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:168:25:168:25 | remoteString | Tainted data is used in a WebView fetch without restricting the base URL. |
| UnsafeWebViewFetch.swift:171:25:171:51 | ... .+(_:_:) ... | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:171:25:171:51 | ... .+(_:_:) ... | Tainted data is used in a WebView fetch without restricting the base URL. |
| UnsafeWebViewFetch.swift:174:25:174:25 | "..." | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:174:25:174:25 | "..." | Tainted data is used in a WebView fetch without restricting the base URL. |
| UnsafeWebViewFetch.swift:186:25:186:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:186:25:186:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
| UnsafeWebViewFetch.swift:188:25:188:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:188:25:188:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
| UnsafeWebViewFetch.swift:201:15:201:15 | remoteData | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:201:15:201:15 | remoteData | Tainted data is used in a WebView fetch with a tainted base URL. |
| UnsafeWebViewFetch.swift:210:25:210:25 | htmlData | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:210:25:210:25 | htmlData | Tainted data is used in a WebView fetch without restricting the base URL. |

4
swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.swift
View File

@@ -151,7 +151,7 @@ func testUIWebView() {
webview.load(localData, mimeType: "text/html", textEncodingName: "utf-8", baseURL: localSafeURL!) // GOOD: the data is local
webview.load(remoteData, mimeType: "text/html", textEncodingName: "utf-8", baseURL: localSafeURL!) // GOOD: a safe baseURL is specified
webview.load(localData, mimeType: "text/html", textEncodingName: "utf-8", baseURL: remoteURL!) // GOOD: the HTML data is local
webview.load(remoteData, mimeType: "text/html", textEncodingName: "utf-8", baseURL: remoteURL!) // BAD [NOT DETECTED]
webview.load(remoteData, mimeType: "text/html", textEncodingName: "utf-8", baseURL: remoteURL!) // BAD
}
func testWKWebView() {
@@ -198,7 +198,7 @@ func testWKWebView() {
webview.load(localData, mimeType: "text/html", characterEncodingName: "utf-8", baseURL: localSafeURL!) // GOOD: the data is local
webview.load(remoteData, mimeType: "text/html", characterEncodingName: "utf-8", baseURL: localSafeURL!) // GOOD: a safe baseURL is specified
webview.load(localData, mimeType: "text/html", characterEncodingName: "utf-8", baseURL: remoteURL!) // GOOD: the HTML data is local
webview.load(remoteData, mimeType: "text/html", characterEncodingName: "utf-8", baseURL: remoteURL!) // BAD [NOT DETECTED]
webview.load(remoteData, mimeType: "text/html", characterEncodingName: "utf-8", baseURL: remoteURL!) // BAD
}
func testQHelpExamples() {