Swift: Add a test of converting Range to NSRange.

geoffw0 · geoffw0 · commit a306f312cd62 · 2022-07-01T14:59:50.000+01:00
diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected
@@ -1,36 +1,36 @@
 edges
-| StringLengthConflation.swift:113:34:113:36 | .count :  | StringLengthConflation.swift:113:34:113:44 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:114:36:114:38 | .count :  | StringLengthConflation.swift:114:36:114:46 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:119:36:119:38 | .count :  | StringLengthConflation.swift:119:36:119:46 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:120:38:120:40 | .count :  | StringLengthConflation.swift:120:38:120:48 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:125:34:125:36 | .count :  | StringLengthConflation.swift:125:34:125:44 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:126:36:126:38 | .count :  | StringLengthConflation.swift:126:36:126:46 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:132:28:132:30 | .count :  | StringLengthConflation.swift:132:28:132:38 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:122:34:122:36 | .count :  | StringLengthConflation.swift:122:34:122:44 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:123:36:123:38 | .count :  | StringLengthConflation.swift:123:36:123:46 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:128:36:128:38 | .count :  | StringLengthConflation.swift:128:36:128:46 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:129:38:129:40 | .count :  | StringLengthConflation.swift:129:38:129:48 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:134:34:134:36 | .count :  | StringLengthConflation.swift:134:34:134:44 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:135:36:135:38 | .count :  | StringLengthConflation.swift:135:36:135:46 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:141:28:141:30 | .count :  | StringLengthConflation.swift:141:28:141:38 | ... call to -(_:_:) ... |
 nodes
 | StringLengthConflation.swift:72:33:72:35 | .count | semmle.label | .count |
 | StringLengthConflation.swift:78:47:78:49 | .count | semmle.label | .count |
-| StringLengthConflation.swift:113:34:113:36 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:113:34:113:44 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:114:36:114:38 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:114:36:114:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:119:36:119:38 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:119:36:119:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:120:38:120:40 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:120:38:120:48 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:125:34:125:36 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:125:34:125:44 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:126:36:126:38 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:126:36:126:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:132:28:132:30 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:132:28:132:38 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:122:34:122:36 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:122:34:122:44 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:123:36:123:38 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:123:36:123:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:128:36:128:38 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:128:36:128:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:129:38:129:40 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:129:38:129:48 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:134:34:134:36 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:134:34:134:44 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:135:36:135:38 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:135:36:135:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:141:28:141:30 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:141:28:141:38 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
 subpaths
 #select
 | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | This String length is used in an NSString, but it may not be equivalent. |
 | StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:113:34:113:44 | ... call to -(_:_:) ... | StringLengthConflation.swift:113:34:113:36 | .count :  | StringLengthConflation.swift:113:34:113:44 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:114:36:114:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:114:36:114:38 | .count :  | StringLengthConflation.swift:114:36:114:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:119:36:119:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:119:36:119:38 | .count :  | StringLengthConflation.swift:119:36:119:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:120:38:120:48 | ... call to -(_:_:) ... | StringLengthConflation.swift:120:38:120:40 | .count :  | StringLengthConflation.swift:120:38:120:48 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:125:34:125:44 | ... call to -(_:_:) ... | StringLengthConflation.swift:125:34:125:36 | .count :  | StringLengthConflation.swift:125:34:125:44 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:126:36:126:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:126:36:126:38 | .count :  | StringLengthConflation.swift:126:36:126:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:132:28:132:38 | ... call to -(_:_:) ... | StringLengthConflation.swift:132:28:132:30 | .count :  | StringLengthConflation.swift:132:28:132:38 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:122:34:122:44 | ... call to -(_:_:) ... | StringLengthConflation.swift:122:34:122:36 | .count :  | StringLengthConflation.swift:122:34:122:44 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:123:36:123:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:123:36:123:38 | .count :  | StringLengthConflation.swift:123:36:123:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:128:36:128:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:128:36:128:38 | .count :  | StringLengthConflation.swift:128:36:128:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:129:38:129:48 | ... call to -(_:_:) ... | StringLengthConflation.swift:129:38:129:40 | .count :  | StringLengthConflation.swift:129:38:129:48 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:134:34:134:44 | ... call to -(_:_:) ... | StringLengthConflation.swift:134:34:134:36 | .count :  | StringLengthConflation.swift:134:34:134:44 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:135:36:135:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:135:36:135:38 | .count :  | StringLengthConflation.swift:135:36:135:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:141:28:141:38 | ... call to -(_:_:) ... | StringLengthConflation.swift:141:28:141:30 | .count :  | StringLengthConflation.swift:141:28:141:38 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift
@@ -28,6 +28,7 @@ class NSMutableString : NSString
 class NSRange
 {
     init(location: Int, length: Int) { self.description = "" }
+    init<R, S>(_ r: R, in: S) { self.description = "" }
 
     private(set) var description: String
 }
@@ -36,7 +37,6 @@ func NSMakeRange(_ loc: Int, _ len: Int) -> NSRange { return NSRange(location: l
 
 
 
-
 // --- tests ---
 
 func test(s: String) {
@@ -78,6 +78,15 @@ func test(s: String) {
     let range6 = NSRange(location: 0, length: s.count) // BAD: String length used in NSMakeRange
     print("NSRange '\(range5.description)' / '\(range6.description)'")
 
+    // --- converting Range to NSRange ---
+
+    let range7 = s.startIndex ..< s.endIndex
+    let range8 = NSRange(range7, in: s) // GOOD
+    let location = s.distance(from: s.startIndex, to: range7.lowerBound)
+    let length = s.distance(from: range7.lowerBound, to: range7.upperBound)
+    let range9 = NSRange(location: location, length: length) // BAD [NOT DETECTED]
+    print("NSRange '\(range8.description)' / '\(range9.description)'")
+
     // --- String operations using an integer directly ---
 
     let str1 = s.dropFirst(s.count - 1) // GOOD
