hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.21.3
codeql/swift/ql/test/query-tests/Security/CWE-311/testSwiftUI.swift

84 lines
1.7 KiB
Swift
Raw Permalink Blame History

// --- stubs ---
protocol View {
}
struct Binding<Value> {
}
@propertyWrapper
struct State<Value> { // an @State
var wrappedValue: Value
var projectedValue: Binding<Value> { get { return 0 as! Binding<Value> } } // what you get with `$`
}
struct LocalizedStringKey : ExpressibleByStringLiteral {
typealias StringLiteralType = String
init(stringLiteral value: Self.StringLiteralType) {
}
}
struct Label<Title, Icon> : View where Title : View, Icon : View {
}
struct Text : View {
}
struct TextField<Label> : View where Label : View {
init(_ titleKey: LocalizedStringKey, text: Binding<String>) where Label == Text { }
}
struct SecureField<Label> : View where Label : View {
init(_ titleKey: LocalizedStringKey, text: Binding<String>, prompt: Text?) where Label == Text { }
}
struct SubmitTriggers {
init(rawValue: UInt) {
self.rawValue = rawValue
}
var rawValue: UInt
static let text = SubmitTriggers(rawValue: 1)
}
extension View {
func onSubmit(
of triggers: SubmitTriggers = .text,
_ action: @escaping (() -> Void)
) -> some View {
return self
}
}
struct URL
{
init?(string: String) {}
init?(string: String, relativeTo: URL?) {}
}
// --- tests ---
func mkHarmlessBinding(text: Binding<String>) { }
struct MyStruct {
@State var textInput: String = "default value"
@State var secureInput: String = "default value"
var myView1: some View {
TextField("title", text: $textInput)
.onSubmit {
_ = URL(string: "http://example.com/page?text=\(textInput)"); // GOOD (not sensitive)
}
}
var myView2: some View {
SecureField("title", text: $secureInput, prompt: nil)
.onSubmit {
_ = URL(string: "http://example.com/login?key=\(secureInput)"); // BAD [NOT DETECTED]
}
}
}
Reference in New Issue View Git Blame Copy Permalink