Merge pull request github#10775 from atorralba/atorralba/swift/custom-url-scheme-sources

MathiasVP · web-flow · commit fc810ddbf496 · 2022-10-11T16:47:52.000+01:00
Swift: Add taint sources for custom URL scheme URLs
diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
@@ -78,6 +78,7 @@ private import internal.FlowSummaryImplSpecific
  * ensuring that they are visible to the taint tracking / data flow library.
  */
 private module Frameworks {
+  private import codeql.swift.frameworks.StandardLibrary.CustomUrlSchemes
   private import codeql.swift.frameworks.StandardLibrary.String
   private import codeql.swift.frameworks.StandardLibrary.Url
   private import codeql.swift.frameworks.StandardLibrary.UrlSession
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll
@@ -0,0 +1,13 @@
+import swift
+private import codeql.swift.dataflow.ExternalFlow
+
+private class UrlRemoteFlowSource extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";UIApplicationDelegate;true;application(_:open:options:);;;Parameter[1];remote",
+        ";UIApplicationDelegate;true;application(_:handleOpen:);;;Parameter[1];remote",
+        ";UIApplicationDelegate;true;application(_:open:sourceApplication:annotation:);;;Parameter[1];remote"
+      ]
+  }
+}
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected
@@ -1,3 +1,6 @@
+| customurlschemes.swift:17:44:17:54 | url | external |
+| customurlschemes.swift:20:52:20:68 | url | external |
+| customurlschemes.swift:23:52:23:62 | url | external |
 | string.swift:27:21:27:21 | call to init(contentsOf:) | external |
 | string.swift:27:21:27:44 | call to init(contentsOf:) | external |
 | url.swift:53:15:53:19 | .resourceBytes | external |
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/customurlschemes.swift b/swift/ql/test/library-tests/dataflow/flowsources/customurlschemes.swift
@@ -0,0 +1,26 @@
+// --- stubs ---
+class UIApplication {
+    struct OpenURLOptionsKey {}
+}
+
+struct URL {}
+
+protocol UIApplicationDelegate {
+    optional func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any]) -> Bool
+    optional func application(_ application: UIApplication, handleOpen url: URL) -> Bool
+    optional func application(_ application: UIApplication, open url: URL, sourceApplication: String?, annotation: Any) -> Bool
+}
+
+// --- tests ---
+
+class AppDelegate: UIApplicationDelegate {
+    func application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any]) -> Bool { // SOURCE
+    }
+
+    func application(_ application: UIApplication, handleOpen url: URL) -> Bool { // SOURCE
+    }
+
+    func application(_ application: UIApplication, open url: URL, sourceApplication: String?, annotation: Any) -> Bool { // SOURCE
+    }
+
+}
