Swift: Add a few test cases.

geoffw0 · geoffw0 · commit 19080333b9c5 · 2023-05-19T22:18:34.000+01:00
diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected
@@ -18,6 +18,18 @@ edges
 | StringLengthConflation.swift:137:34:137:36 | .count | StringLengthConflation.swift:137:34:137:44 | ... .-(_:_:) ... |
 | StringLengthConflation.swift:138:36:138:38 | .count | StringLengthConflation.swift:138:36:138:46 | ... .-(_:_:) ... |
 | StringLengthConflation.swift:144:28:144:30 | .count | StringLengthConflation.swift:144:28:144:38 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:168:29:168:36 | .count | StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:169:29:169:37 | .count | StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:170:29:170:46 | .count | StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:171:29:171:32 | .length | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:172:29:172:33 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:174:35:174:42 | .count | StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:175:35:175:43 | .count | StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:176:35:176:52 | .count | StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:177:35:177:38 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:178:35:178:39 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:180:37:180:44 | .count | StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:182:37:182:45 | .count | StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... |
 | file://:0:0:0:0 | .length | StringLengthConflation.swift:53:43:53:46 | .length |
 | file://:0:0:0:0 | .length | StringLengthConflation.swift:60:47:60:50 | .length |
 | file://:0:0:0:0 | .length | StringLengthConflation.swift:66:33:66:36 | .length |
@@ -27,6 +39,10 @@ edges
 | file://:0:0:0:0 | .length | StringLengthConflation.swift:108:25:108:28 | .length |
 | file://:0:0:0:0 | .length | StringLengthConflation.swift:114:23:114:26 | .length |
 | file://:0:0:0:0 | .length | StringLengthConflation.swift:120:22:120:25 | .length |
+| file://:0:0:0:0 | .length | StringLengthConflation.swift:171:29:171:32 | .length |
+| file://:0:0:0:0 | .length | StringLengthConflation.swift:172:29:172:33 | .length |
+| file://:0:0:0:0 | .length | StringLengthConflation.swift:177:35:177:38 | .length |
+| file://:0:0:0:0 | .length | StringLengthConflation.swift:178:35:178:39 | .length |
 nodes
 | StringLengthConflation2.swift:35:36:35:38 | .count | semmle.label | .count |
 | StringLengthConflation2.swift:35:36:35:46 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
@@ -76,6 +92,30 @@ nodes
 | StringLengthConflation.swift:151:45:151:53 | .count | semmle.label | .count |
 | StringLengthConflation.swift:156:45:156:52 | .count | semmle.label | .count |
 | StringLengthConflation.swift:161:45:161:53 | .count | semmle.label | .count |
+| StringLengthConflation.swift:168:29:168:36 | .count | semmle.label | .count |
+| StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:169:29:169:37 | .count | semmle.label | .count |
+| StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:170:29:170:46 | .count | semmle.label | .count |
+| StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:171:29:171:32 | .length | semmle.label | .length |
+| StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:172:29:172:33 | .length | semmle.label | .length |
+| StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:174:35:174:42 | .count | semmle.label | .count |
+| StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:175:35:175:43 | .count | semmle.label | .count |
+| StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:176:35:176:52 | .count | semmle.label | .count |
+| StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:177:35:177:38 | .length | semmle.label | .length |
+| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:178:35:178:39 | .length | semmle.label | .length |
+| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:180:37:180:44 | .count | semmle.label | .count |
+| StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:182:37:182:45 | .count | semmle.label | .count |
+| StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
 | file://:0:0:0:0 | .length | semmle.label | .length |
 subpaths
 #select
@@ -117,3 +157,19 @@ subpaths
 | StringLengthConflation.swift:151:45:151:53 | .count | StringLengthConflation.swift:151:45:151:53 | .count | StringLengthConflation.swift:151:45:151:53 | .count | This String.unicodeScalars length is used in a String, but it may not be equivalent. |
 | StringLengthConflation.swift:156:45:156:52 | .count | StringLengthConflation.swift:156:45:156:52 | .count | StringLengthConflation.swift:156:45:156:52 | .count | This String.utf8 length is used in a String, but it may not be equivalent. |
 | StringLengthConflation.swift:161:45:161:53 | .count | StringLengthConflation.swift:161:45:161:53 | .count | StringLengthConflation.swift:161:45:161:53 | .count | This String.utf16 length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | StringLengthConflation.swift:168:29:168:36 | .count | StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | This String.utf8 length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | StringLengthConflation.swift:169:29:169:37 | .count | StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | This String.utf16 length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | StringLengthConflation.swift:170:29:170:46 | .count | StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | This String.unicodeScalars length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | StringLengthConflation.swift:171:29:171:32 | .length | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | StringLengthConflation.swift:172:29:172:33 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | StringLengthConflation.swift:174:35:174:42 | .count | StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | This String.utf8 length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | StringLengthConflation.swift:175:35:175:43 | .count | StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | This String.utf16 length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | StringLengthConflation.swift:176:35:176:52 | .count | StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | This String.unicodeScalars length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | StringLengthConflation.swift:177:35:177:38 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | StringLengthConflation.swift:178:35:178:39 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | StringLengthConflation.swift:180:37:180:44 | .count | StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | This String.utf8 length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | StringLengthConflation.swift:182:37:182:45 | .count | StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | This String.utf16 length is used in a String, but it may not be equivalent. |
diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift
@@ -161,6 +161,25 @@ func test(s: String) {
     let _ = s.index(s.startIndex, offsetBy: s_utf16.count) // BAD
     let _ = s_utf16.index(s_utf16.startIndex, offsetBy: scalars.count) // GOOD
     let _ = s_utf16.index(s_utf16.startIndex, offsetBy: s.count) // BAD [NOT DETECTED]
+
+    // --- methods provided by Sequence, Collection etc ---
+
+    let _ = String(s.prefix(s.count - 10)) // GOOD
+    let _ = String(s.prefix(s.utf8.count - 10)) // BAD
+    let _ = String(s.prefix(s.utf16.count - 10)) // BAD
+    let _ = String(s.prefix(s.unicodeScalars.count - 10)) // BAD
+    let _ = String(s.prefix(ns.length - 10)) // BAD
+    let _ = String(s.prefix(nms.length - 10)) // BAD
+    let _ = String(scalars.prefix(s.count - 10)) // BAD [NOT DETECTED]
+    let _ = String(scalars.prefix(s.utf8.count - 10)) // BAD
+    let _ = String(scalars.prefix(s.utf16.count - 10)) // BAD
+    let _ = String(scalars.prefix(s.unicodeScalars.count - 10)) // GOOD [FALSE POSITIVE]
+    let _ = String(scalars.prefix(ns.length - 10)) // BAD
+    let _ = String(scalars.prefix(nms.length - 10)) // BAD
+    let _ = String(s.utf8.dropFirst(s.count - 10)) // BAD [NOT DETECTED]
+    let _ = String(s.utf8.dropFirst(s.utf8.count - 10)) // GOOD [FALSE POSITIVE]
+    let _ = String(s.utf16.dropLast(s.count - 10)) // BAD [NOT DETECTED]
+    let _ = String(s.utf16.dropLast(s.utf16.count - 10)) // GOOD [FALSE POSITIVE]
 }
 
 // `begin :thumbsup: end`, with thumbs up emoji and skin tone modifier
