Skip to content

Commit 8525db5

Browse files
atorralbaatorralba
committed
Add summaries for tainted URL fields
1 parent af79139 commit 8525db5

File tree

3 files changed

+420
-65
lines changed

3 files changed

+420
-65
lines changed

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,41 @@ private class UrlSummaries extends SummaryModelCsv {
2222
row =
2323
[
2424
";URL;true;init(string:);(String);;Argument[0];ReturnValue;taint",
25-
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue;taint"
25+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[absoluteURL];taint",
26+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[baseURL];taint",
27+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[fragment];taint",
28+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[host];taint",
29+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[lastPathComponent];taint",
30+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[path];taint",
31+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[pathComponents];taint",
32+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[pathExtension];taint",
33+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[port];taint",
34+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[query];taint",
35+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[relativePath];taint",
36+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[relativeString];taint",
37+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[scheme];taint",
38+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[standardized];taint",
39+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[standardizedFileURL];taint",
40+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[user];taint",
41+
";URL;true;init(string:);(String);;Argument[0];ReturnValue.Field[password];taint",
42+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue;taint",
43+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[absoluteURL];taint",
44+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[baseURL];taint",
45+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[fragment];taint",
46+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[host];taint",
47+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[lastPathComponent];taint",
48+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[path];taint",
49+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[pathComponents];taint",
50+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[pathExtension];taint",
51+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[port];taint",
52+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[query];taint",
53+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[relativePath];taint",
54+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[relativeString];taint",
55+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[scheme];taint",
56+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[standardized];taint",
57+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[standardizedFileURL];taint",
58+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[user];taint",
59+
";URL;true;init(string:relativeTo:);(String,URL?);;Argument[0,1];ReturnValue.Field[password];taint",
2660
]
2761
}
2862
}

0 commit comments

Comments
 (0)