hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/OverlayCallerJava
codeql/swift/ql/test/query-tests/Security/CWE-946/predicateInjection.swift
Tony Torralba 11c03fb8c9 Add 'good' test cases
2022-12-15 12:35:47 +01:00

39 lines
1.5 KiB
Swift
Raw Permalink Blame History

// --- stubs ---
struct URL {
init?(string: String) {}
}
extension String {
init(contentsOf: URL) {
let data = ""
self.init(data)
}
}
class NSPredicate {
init(format: String, argumentArray: [Any]?) {}
init(format: String, arguments: CVaListPointer) {}
init(format: String, _: CVarArg...) {}
init?(fromMetadataQueryString: String) {}
}
// --- tests ---
func test() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
let safeString = "safe"
NSPredicate(format: remoteString, argumentArray: []) // $ hasPredicateInjection=23
NSPredicate(format: safeString, argumentArray: []) // Safe
NSPredicate(format: safeString, argumentArray: [remoteString]) // Safe
NSPredicate(format: remoteString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // $ hasPredicateInjection=23
NSPredicate(format: safeString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // Safe
NSPredicate(format: remoteString) // $ hasPredicateInjection=23
NSPredicate(format: safeString) // Safe
NSPredicate(format: remoteString, "" as! CVarArg) // $ hasPredicateInjection=23
NSPredicate(format: safeString, "" as! CVarArg) // Safe
NSPredicate(format: safeString, remoteString as! CVarArg) // Safe
NSPredicate(fromMetadataQueryString: remoteString) // $ hasPredicateInjection=23
NSPredicate(fromMetadataQueryString: safeString) // Safe
}
Reference in New Issue View Git Blame Copy Permalink