Skip to content

Commit 8f2e2a6

Browse files
geoffw0geoffw0
committed
Swift: Fix array content sinks for swift/cleartext-logging.
1 parent 269f0c6 commit 8f2e2a6

File tree

3 files changed

+15
-13
lines changed

3 files changed

+15
-13
lines changed

swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -87,14 +87,10 @@ private class LoggingSinks extends SinkModelCsv {
8787
override predicate row(string row) {
8888
row =
8989
[
90-
";;false;print(_:separator:terminator:);;;Argument[0].ArrayElement;log-injection",
91-
";;false;print(_:separator:terminator:);;;Argument[1..2];log-injection",
92-
";;false;print(_:separator:terminator:toStream:);;;Argument[0].ArrayElement;log-injection",
93-
";;false;print(_:separator:terminator:toStream:);;;Argument[1..2];log-injection",
94-
";;false;NSLog(_:_:);;;Argument[0];log-injection",
95-
";;false;NSLog(_:_:);;;Argument[1].ArrayElement;log-injection",
96-
";;false;NSLogv(_:_:);;;Argument[0];log-injection",
97-
";;false;NSLogv(_:_:);;;Argument[1];log-injection",
90+
";;false;print(_:separator:terminator:);;;Argument[0..2];log-injection",
91+
";;false;print(_:separator:terminator:toStream:);;;Argument[0..2];log-injection",
92+
";;false;NSLog(_:_:);;;Argument[0..1];log-injection",
93+
";;false;NSLogv(_:_:);;;Argument[0..1];log-injection",
9894
";;false;vfprintf(_:_:_:);;;Agument[1..2];log-injection",
9995
";Logger;true;log(_:);;;Argument[0];log-injection",
10096
";Logger;true;log(level:_:);;;Argument[1];log-injection",

swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,12 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig {
2525
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
2626
any(CleartextLoggingAdditionalFlowStep s).step(n1, n2)
2727
}
28+
29+
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
30+
// flow out from array content at the sink.
31+
isSink(node) and
32+
c.getAReadContent() instanceof DataFlow::Content::ArrayContent
33+
}
2834
}
2935

3036
/**

swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -84,17 +84,17 @@ struct Logger {
8484
// --- tests ---
8585

8686
func test1(password: String, passwordHash : String, passphrase: String, pass_phrase: String) {
87-
print(password) // $ MISSING: hasCleartextLogging=87
88-
print(password, separator: "") // $ MISSING: $ hasCleartextLogging=88
87+
print(password) // $ hasCleartextLogging=87
88+
print(password, separator: "") // $ $ hasCleartextLogging=88
8989
print("", separator: password) // $ hasCleartextLogging=89
90-
print(password, separator: "", terminator: "") // $ MISSING: hasCleartextLogging=90
90+
print(password, separator: "", terminator: "") // $ hasCleartextLogging=90
9191
print("", separator: password, terminator: "") // $ hasCleartextLogging=91
9292
print("", separator: "", terminator: password) // $ hasCleartextLogging=92
9393
print(passwordHash) // Safe
9494

9595
NSLog(password) // $ hasCleartextLogging=95
96-
NSLog("%@", password as! CVarArg) // $ MISSING: hasCleartextLogging=96
97-
NSLog("%@ %@", "" as! CVarArg, password as! CVarArg) // $ MISSING: hasCleartextLogging=97
96+
NSLog("%@", password as! CVarArg) // $ hasCleartextLogging=96
97+
NSLog("%@ %@", "" as! CVarArg, password as! CVarArg) // $ hasCleartextLogging=97
9898
NSLog("\(password)") // $ hasCleartextLogging=98
9999
NSLogv("%@", getVaList([password as! CVarArg])) // $ hasCleartextLogging=99
100100
NSLogv("%@ %@", getVaList(["" as! CVarArg, password as! CVarArg])) // $ hasCleartextLogging=100

0 commit comments

Comments
 (0)