Skip to content

Commit 87c0b61

Browse files
geoffw0geoffw0
committed
Swift: Add taint tests for various arithmetic operators.
1 parent 1fb2735 commit 87c0b61

File tree

2 files changed

+129
-0
lines changed

2 files changed

+129
-0
lines changed

swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -557,6 +557,65 @@
557557
| nsmutabledata.swift:48:9:48:9 | SSA def(nsMutableDataTainted6) | nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 |
558558
| nsmutabledata.swift:48:33:48:40 | call to source() | nsmutabledata.swift:48:9:48:9 | SSA def(nsMutableDataTainted6) |
559559
| nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
560+
| simple.swift:36:7:36:7 | SSA def(a) | simple.swift:37:13:37:13 | a |
561+
| simple.swift:36:11:36:11 | 0 | simple.swift:36:7:36:7 | SSA def(a) |
562+
| simple.swift:37:13:37:13 | [post] a | simple.swift:38:3:38:3 | a |
563+
| simple.swift:37:13:37:13 | a | simple.swift:38:3:38:3 | a |
564+
| simple.swift:38:3:38:3 | &... | simple.swift:39:13:39:13 | a |
565+
| simple.swift:38:3:38:3 | [post] &... | simple.swift:39:13:39:13 | a |
566+
| simple.swift:38:3:38:3 | a | simple.swift:38:3:38:3 | &... |
567+
| simple.swift:39:13:39:13 | [post] a | simple.swift:40:3:40:3 | a |
568+
| simple.swift:39:13:39:13 | a | simple.swift:40:3:40:3 | a |
569+
| simple.swift:40:3:40:3 | &... | simple.swift:41:13:41:13 | a |
570+
| simple.swift:40:3:40:3 | [post] &... | simple.swift:41:13:41:13 | a |
571+
| simple.swift:40:3:40:3 | a | simple.swift:40:3:40:3 | &... |
572+
| simple.swift:41:13:41:13 | [post] a | simple.swift:42:3:42:3 | a |
573+
| simple.swift:41:13:41:13 | a | simple.swift:42:3:42:3 | a |
574+
| simple.swift:42:3:42:3 | &... | simple.swift:43:13:43:13 | a |
575+
| simple.swift:42:3:42:3 | [post] &... | simple.swift:43:13:43:13 | a |
576+
| simple.swift:42:3:42:3 | a | simple.swift:42:3:42:3 | &... |
577+
| simple.swift:44:3:44:7 | SSA def(a) | simple.swift:45:13:45:13 | a |
578+
| simple.swift:44:7:44:7 | 0 | simple.swift:44:3:44:7 | SSA def(a) |
579+
| simple.swift:47:7:47:7 | SSA def(b) | simple.swift:48:3:48:3 | b |
580+
| simple.swift:47:11:47:11 | 128 | simple.swift:47:7:47:7 | SSA def(b) |
581+
| simple.swift:48:3:48:3 | &... | simple.swift:49:13:49:13 | b |
582+
| simple.swift:48:3:48:3 | [post] &... | simple.swift:49:13:49:13 | b |
583+
| simple.swift:48:3:48:3 | b | simple.swift:48:3:48:3 | &... |
584+
| simple.swift:49:13:49:13 | [post] b | simple.swift:50:3:50:3 | b |
585+
| simple.swift:49:13:49:13 | b | simple.swift:50:3:50:3 | b |
586+
| simple.swift:50:3:50:3 | &... | simple.swift:51:13:51:13 | b |
587+
| simple.swift:50:3:50:3 | [post] &... | simple.swift:51:13:51:13 | b |
588+
| simple.swift:50:3:50:3 | b | simple.swift:50:3:50:3 | &... |
589+
| simple.swift:53:7:53:7 | SSA def(c) | simple.swift:54:3:54:3 | c |
590+
| simple.swift:53:11:53:11 | 10 | simple.swift:53:7:53:7 | SSA def(c) |
591+
| simple.swift:54:3:54:3 | &... | simple.swift:55:13:55:13 | c |
592+
| simple.swift:54:3:54:3 | [post] &... | simple.swift:55:13:55:13 | c |
593+
| simple.swift:54:3:54:3 | c | simple.swift:54:3:54:3 | &... |
594+
| simple.swift:55:13:55:13 | [post] c | simple.swift:56:3:56:3 | c |
595+
| simple.swift:55:13:55:13 | c | simple.swift:56:3:56:3 | c |
596+
| simple.swift:56:3:56:3 | &... | simple.swift:57:13:57:13 | c |
597+
| simple.swift:56:3:56:3 | [post] &... | simple.swift:57:13:57:13 | c |
598+
| simple.swift:56:3:56:3 | c | simple.swift:56:3:56:3 | &... |
599+
| simple.swift:59:7:59:7 | SSA def(d) | simple.swift:60:3:60:3 | d |
600+
| simple.swift:59:11:59:11 | 100 | simple.swift:59:7:59:7 | SSA def(d) |
601+
| simple.swift:60:3:60:3 | &... | simple.swift:61:13:61:13 | d |
602+
| simple.swift:60:3:60:3 | [post] &... | simple.swift:61:13:61:13 | d |
603+
| simple.swift:60:3:60:3 | d | simple.swift:60:3:60:3 | &... |
604+
| simple.swift:61:13:61:13 | [post] d | simple.swift:62:3:62:3 | d |
605+
| simple.swift:61:13:61:13 | d | simple.swift:62:3:62:3 | d |
606+
| simple.swift:62:3:62:3 | &... | simple.swift:63:13:63:13 | d |
607+
| simple.swift:62:3:62:3 | [post] &... | simple.swift:63:13:63:13 | d |
608+
| simple.swift:62:3:62:3 | d | simple.swift:62:3:62:3 | &... |
609+
| simple.swift:65:7:65:7 | SSA def(e) | simple.swift:66:3:66:3 | e |
610+
| simple.swift:65:11:65:11 | 1000 | simple.swift:65:7:65:7 | SSA def(e) |
611+
| simple.swift:66:3:66:3 | &... | simple.swift:67:13:67:13 | e |
612+
| simple.swift:66:3:66:3 | [post] &... | simple.swift:67:13:67:13 | e |
613+
| simple.swift:66:3:66:3 | e | simple.swift:66:3:66:3 | &... |
614+
| simple.swift:67:13:67:13 | [post] e | simple.swift:68:3:68:3 | e |
615+
| simple.swift:67:13:67:13 | e | simple.swift:68:3:68:3 | e |
616+
| simple.swift:68:3:68:3 | &... | simple.swift:69:13:69:13 | e |
617+
| simple.swift:68:3:68:3 | [post] &... | simple.swift:69:13:69:13 | e |
618+
| simple.swift:68:3:68:3 | e | simple.swift:68:3:68:3 | &... |
560619
| string.swift:6:8:6:8 | SSA def(self) | string.swift:6:8:6:8 | self[return] |
561620
| string.swift:6:8:6:8 | self | string.swift:6:8:6:8 | SSA def(self) |
562621
| string.swift:10:3:10:3 | SSA def(self) | string.swift:10:3:10:27 | self[return] |

swift/ql/test/library-tests/dataflow/taint/simple.swift

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
2+
// --- stubs ---
3+
4+
// --- tests ---
5+
6+
func source() -> Int { return 0; }
7+
func sink(arg: Any) {}
8+
9+
func taintThroughArithmetic() {
10+
// arithmetic
11+
12+
sink(arg: 1 + source()) // $ MISSING: tainted=
13+
sink(arg: source() + 1) // $ MISSING: tainted=
14+
sink(arg: 1 - source()) // $ MISSING: tainted=
15+
sink(arg: source() - 1) // $ MISSING: tainted=
16+
sink(arg: 2 * source()) // $ MISSING: tainted=
17+
sink(arg: source() * 2) // $ MISSING: tainted=
18+
sink(arg: 100 / source()) // $ MISSING: tainted=
19+
sink(arg: source() / 100) // $ MISSING: tainted=
20+
sink(arg: 100 % source()) // $ MISSING: tainted=
21+
sink(arg: source() % 100) // $ MISSING: tainted=
22+
23+
sink(arg: -source()) // $ MISSING: tainted=
24+
25+
// overflow operators
26+
27+
sink(arg: 1 &+ source()) // $ MISSING: tainted=
28+
sink(arg: source() &+ 1) // $ MISSING: tainted=
29+
sink(arg: 1 &- source()) // $ MISSING: tainted=
30+
sink(arg: source() &- 1) // $ MISSING: tainted=
31+
sink(arg: 2 &* source()) // $ MISSING: tainted=
32+
sink(arg: source() &* 2) // $ MISSING: tainted=
33+
}
34+
35+
func taintThroughAssignmentArithmetic() {
36+
var a = 0
37+
sink(arg: a)
38+
a += 1
39+
sink(arg: a)
40+
a += source()
41+
sink(arg: a) // $ MISSING: tainted=
42+
a += 1
43+
sink(arg: a) // $ MISSING: tainted=
44+
a = 0
45+
sink(arg: a)
46+
47+
var b = 128
48+
b -= source()
49+
sink(arg: b) // $ MISSING: tainted=
50+
b -= 1
51+
sink(arg: b) // $ MISSING: tainted=
52+
53+
var c = 10
54+
c *= source()
55+
sink(arg: c) // $ MISSING: tainted=
56+
c *= 2
57+
sink(arg: c) // $ MISSING: tainted=
58+
59+
var d = 100
60+
d /= source()
61+
sink(arg: d) // $ MISSING: tainted=
62+
d /= 2
63+
sink(arg: d) // $ MISSING: tainted=
64+
65+
var e = 1000
66+
e %= source()
67+
sink(arg: e) // $ MISSING: tainted=
68+
e %= 100
69+
sink(arg: e) // $ MISSING: tainted=
70+
}

0 commit comments

Comments
 (0)