hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/NewOverlayLocalJavaRebase
codeql/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift
Geoffrey White 93c39c5fdd Swift: Add data flow through OpenExistentialExpr.
2023-08-31 15:50:32 +01:00

91 lines
2.0 KiB
Swift
Raw Permalink Blame History

// --- stubs ---
class NSObject { }
struct _NSRange { }
typealias NSRange = _NSRange
class NSAttributedString: NSObject { }
class UIResponder: NSObject { }
class UIView: UIResponder { }
class UIControl: UIView { }
class UITextRange : NSObject {
}
protocol UITextInput {
func text(in range: UITextRange) -> String?
func shouldChangeText(in range: UITextRange, replacementText text: String) -> Bool
}
class UITextField: UIControl {
var text: String? {
get { nil }
set { }
}
var attributedText: NSAttributedString? {
get { nil }
set { }
}
var placeholder: String? {
get { nil }
set { }
}
}
class UISearchTextField : UITextField {
}
protocol UITextFieldDelegate {
func textField(_ textField: UITextField, shouldChangeCharactersIn range: NSRange, replacementString string: String) -> Bool
}
// --- tests ---
func sink(arg: Any) { }
class MyTextInput : UITextInput {
func text(in range: UITextRange) -> String? { return nil }
func harmless(in range: UITextRange) -> String? { return nil }
func shouldChangeText(in range: UITextRange, replacementText text: String) -> Bool { // $ source=local
sink(arg: text) // $ tainted
return true
}
}
class MyUITextFieldDelegate : UITextFieldDelegate {
func textField(_ textField: UITextField, shouldChangeCharactersIn range: NSRange, replacementString string: String) -> Bool { // $ source=local
sink(arg: string) // $ tainted
return true
}
}
func test(
textField: UITextField,
searchTextField: UISearchTextField,
myTextInput: MyTextInput,
range: UITextRange,
protocolTextInput: UITextInput) {
_ = textField.text // $ source=local
_ = textField.attributedText // $ source=local
_ = textField.placeholder // GOOD (not input)
_ = textField.text?.uppercased() // $ source=local
_ = searchTextField.text // $ source=local
_ = myTextInput.text(in: range)! // $ source=local
_ = myTextInput.harmless(in: range)! // GOOD (not input)
let str = protocolTextInput.text(in: range)! // $ source=local
sink(arg: str) // $ tainted
}
Reference in New Issue View Git Blame Copy Permalink