Skip to content

Commit 04016eb

Browse files
geoffw0geoffw0
committed
Swift: Add test cases (more library functions).
1 parent f99df55 commit 04016eb

File tree

1 file changed

+41
-0
lines changed

1 file changed

+41
-0
lines changed

swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -440,3 +440,44 @@ func testBarriers() {
440440
}
441441
let _ = fm.contents(atPath: remoteString) // $ hasPathInjection=433
442442
}
443+
444+
func testPathInjection2(s1: UnsafeMutablePointer<String>, s2: UnsafeMutablePointer<String>, s3: UnsafeMutablePointer<String>, fm: FileManager) throws {
445+
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
446+
447+
var u1 = URL(filePath: "")
448+
_ = NSData(contentsOf: u1)
449+
_ = NSData(contentsOf: u1.appendingPathComponent(""))
450+
_ = NSData(contentsOf: u1.appendingPathComponent(remoteString)) // $ MISSING: hasPathInjection=445
451+
_ = NSData(contentsOf: u1.appendingPathComponent(remoteString).appendingPathComponent("")) // $ MISSING: hasPathInjection=445
452+
u1.appendPathComponent(remoteString)
453+
_ = NSData(contentsOf: u1) // $ MISSING: hasPathInjection=445
454+
455+
let u2 = URL(filePath: remoteString)
456+
_ = NSData(contentsOf: u2) // $ MISSING: hasPathInjection=445
457+
458+
let u3 = NSURL(string: "")!
459+
Data("").write(to: u3.filePathURL!, options: [])
460+
Data("").write(to: u3.appendingPathComponent("")!, options: [])
461+
Data("").write(to: u3.appendingPathComponent(remoteString)!, options: []) // $ MISSING: hasPathInjection=445
462+
463+
let u4 = NSURL(string: remoteString)!
464+
Data("").write(to: u4.filePathURL!, options: []) // $ MISSING: hasPathInjection=445
465+
Data("").write(to: u4.appendingPathComponent("")!, options: []) // $ MISSING: hasPathInjection=445
466+
467+
_ = NSData(contentsOfFile: remoteString)! // $ MISSING: hasPathInjection=445
468+
_ = NSData(contentsOfMappedFile: remoteString)! // $ MISSING: hasPathInjection=445
469+
_ = NSData.dataWithContentsOfMappedFile(remoteString)! // $ MISSING: hasPathInjection=445
470+
471+
_ = NSData().write(toFile: s1.pointee, atomically: true)
472+
s1.pointee = remoteString
473+
_ = NSData().write(toFile: s1.pointee, atomically: true) // $ hasPathInjection=445
474+
475+
_ = "".completePath(into: s2, caseSensitive: false, matchesInto: nil, filterTypes: nil)
476+
_ = NSData().write(toFile: s2.pointee, atomically: true)
477+
478+
_ = remoteString.completePath(into: s3, caseSensitive: false, matchesInto: nil, filterTypes: nil)
479+
_ = NSData().write(toFile: s3.pointee, atomically: true) // $ MISSING: hasPathInjection=445
480+
481+
_ = fm.fileAttributes(atPath: remoteString, traverseLink: true) // $ MISSING: hasPathInjection=445
482+
_ = try fm.attributesOfItem(atPath: remoteString) // $ MISSING: hasPathInjection=445
483+
}

0 commit comments

Comments
 (0)