Skip to content

Commit bfdaf69

Browse files
geoffw0geoffw0
committed
Swift: Add some test cases.
1 parent 2141408 commit bfdaf69

File tree

3 files changed

+83
-35
lines changed

3 files changed

+83
-35
lines changed

swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift

Lines changed: 33 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
struct URL {
44
init?(string: String) {}
5-
5+
init(fileURLWithPath path: String, isDirectory: Bool) {}
66
}
77

88
class NSURL {
@@ -177,30 +177,30 @@ class SerializedDatabase {
177177
init(path: String, configuration: Configuration = Configuration(), defaultLabel: String, purpose: String? = nil) {}
178178
}
179179

180+
// Realm
180181

182+
class Realm {
183+
}
181184

182-
183-
184-
185-
186-
187-
188-
189-
190-
191-
192-
193-
194-
195-
196-
197-
198-
199-
200-
201-
202-
203-
185+
extension Realm {
186+
struct Configuration {
187+
init(
188+
fileURL: URL? = URL(fileURLWithPath: "defaultFile", isDirectory: false),
189+
inMemoryIdentifier: String? = nil,
190+
syncConfiguration: Int = 0,
191+
encryptionKey: Data? = nil,
192+
readOnly: Bool = false,
193+
schemaVersion: UInt64 = 0,
194+
migrationBlock: Int = 0,
195+
deleteRealmIfMigrationNeeded: Bool = false,
196+
shouldCompactOnLaunch: Bool = false,
197+
objectTypes: Int = 0,
198+
seedFilePath: URL? = nil) { }
199+
200+
var fileURL: URL?
201+
var seedFilePath: URL?
202+
}
203+
}
204204

205205
// --- tests ---
206206

@@ -308,18 +308,18 @@ func test() {
308308
let _ = SerializedDatabase(path: remoteString, configuration: Configuration(), defaultLabel: "", purpose: nil) // $ hasPathInjection=208
309309
let _ = SerializedDatabase(path: "", configuration: Configuration(), defaultLabel: "", purpose: nil) // Safe
310310

311+
// Realm
311312

313+
_ = Realm.Configuration(fileURL: safeUrl) // GOOD
314+
_ = Realm.Configuration(fileURL: remoteUrl) // BAD [NOT DETECTED]
315+
_ = Realm.Configuration(seedFilePath: safeUrl) // GOOD
316+
_ = Realm.Configuration(seedFilePath: remoteUrl) // BAD [NOT DETECTED]
312317

313-
314-
315-
316-
317-
318-
319-
320-
321-
322-
318+
var config = Realm.Configuration() // GOOD
319+
config.fileURL = safeUrl // GOOD
320+
config.fileURL = remoteUrl // BAD [NOT DETECTED]
321+
config.seedFilePath = safeUrl // GOOD
322+
config.seedFilePath = remoteUrl // BAD [NOT DETECTED]
323323
}
324324

325325
func testSanitizers() {

swift/ql/test/query-tests/Security/CWE-321/misc.swift

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
2+
// --- stubs ---
3+
4+
class Data {
5+
init<S>(_ elements: S) {}
6+
}
7+
8+
struct URL {
9+
init(fileURLWithPath path: String, isDirectory: Bool) {}
10+
}
11+
12+
class Realm {
13+
}
14+
15+
extension Realm {
16+
struct Configuration {
17+
init(
18+
fileURL: URL? = URL(fileURLWithPath: "defaultFile", isDirectory: false),
19+
inMemoryIdentifier: String? = nil,
20+
syncConfiguration: Int = 0,
21+
encryptionKey: Data? = nil,
22+
readOnly: Bool = false,
23+
schemaVersion: UInt64 = 0,
24+
migrationBlock: Int = 0,
25+
deleteRealmIfMigrationNeeded: Bool = false,
26+
shouldCompactOnLaunch: Bool = false,
27+
objectTypes: Int = 0,
28+
seedFilePath: URL? = nil) { }
29+
30+
var encryptionKey: Data?
31+
}
32+
}
33+
34+
// --- tests ---
35+
36+
func test(myVarStr: String) {
37+
let myVarKey = Data(myVarStr)
38+
let myConstKey = Data("abcdef123456")
39+
40+
_ = Realm.Configuration(encryptionKey: myVarKey) // GOOD
41+
_ = Realm.Configuration(encryptionKey: myConstKey) // BAD [NOT DETECTED]
42+
43+
var config = Realm.Configuration() // GOOD
44+
config.encryptionKey = myVarKey // GOOD
45+
config.encryptionKey = myConstKey // BAD [NOT DETECTED]
46+
}

swift/ql/test/query-tests/Security/CWE-321/rncryptor.swift

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,16 +52,16 @@ class RNDecryptor : RNCryptor
5252

5353
// --- tests ---
5454

55-
func test() {
55+
func test(var myVarKey: Data, var myHMACKey: Data) {
5656
// RNCryptor
5757
let myEncryptor = RNEncryptor()
5858
let myDecryptor = RNDecryptor()
5959
let myData = Data(0)
6060
let myConstKey = Data("abcdef123456")
61-
let myHMACKey = Data(0)
6261
let myHandler = {}
6362
let myIV = Data(0)
6463

64+
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, encryptionKey: myVarKey, hmacKey: myHMACKey, handler: myHandler) // GOOD
6565
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, encryptionKey: myConstKey, hmacKey: myHMACKey, handler: myHandler) // BAD
6666
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, encryptionKey: myConstKey, HMACKey: myHMACKey, handler: myHandler) // BAD
6767
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, encryptionKey: myConstKey, hmacKey: myHMACKey, iv: myIV, handler: myHandler) // BAD
@@ -79,4 +79,6 @@ func test() {
7979
let _ = try? myDecryptor.decryptData(myData, withEncryptionKey: myConstKey, HMACKey: myHMACKey) // BAD
8080
let _ = try? myDecryptor.decryptData(myData, with: kRNCryptorAES256Settings, encryptionKey: myConstKey, hmacKey: myHMACKey) // BAD
8181
let _ = try? myDecryptor.decryptData(myData, withSettings: kRNCryptorAES256Settings, encryptionKey: myConstKey, HMACKey: myHMACKey) // BAD
82+
83+
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, encryptionKey: myVarKey, hmacKey: myConstKey, handler: myHandler) // BAD [NOT DETECTED]
8284
}

0 commit comments

Comments
 (0)