Skip to content

Commit d3063e8

Browse files
geoffw0geoffw0
committed
Swift: Model string closure methods.
1 parent 4cf40ed commit d3063e8

File tree

2 files changed

+21
-7
lines changed
  • swift/ql

2 files changed

+21
-7
lines changed

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,10 @@ private class StringSummaries extends SummaryModelCsv {
6868
";StringProtocol;true;trimmingCharacters(in:);;;Argument[-1];ReturnValue;taint",
6969
";StringProtocol;true;uppercased();;;Argument[-1];ReturnValue;taint",
7070
";StringProtocol;true;uppercased(with:);;;Argument[-1];ReturnValue;taint",
71+
";StringProtocol;true;withCString(_:);;;Argument[-1];Argument[0].Parameter[0].CollectionElement;taint",
72+
";StringProtocol;true;withCString(_:);;;Argument[0].ReturnValue;ReturnValue;value",
73+
";StringProtocol;true;withCString(encodedAs:_:);;;Argument[-1];Argument[1].Parameter[0].CollectionElement;taint",
74+
";StringProtocol;true;withCString(encodedAs:_:);;;Argument[1].ReturnValue;ReturnValue;value",
7175
";String;true;init(decoding:);;;Argument[0];ReturnValue;taint",
7276
";String;true;init(_:);;;Argument[0];ReturnValue;taint",
7377
";String;true;init(_:);;;Argument[0];ReturnValue.OptionalSome;taint",
@@ -110,6 +114,7 @@ private class StringSummaries extends SummaryModelCsv {
110114
";String;true;init(validating:);;;Argument[0];ReturnValue.OptionalSome;taint",
111115
";String;true;init(validatingPlatformString:);;;Argument[0];ReturnValue.OptionalSome;taint",
112116
";String;true;init(validatingPlatformString:);;;Argument[0].CollectionElement;ReturnValue.OptionalSome;taint",
117+
";String;true;init(unsafeUninitializedCapacity:initializingUTF8With:);;;Argument[1].CollectionElement;ReturnValue;taint",
113118
";String;true;localizedStringWithFormat(_:_:);;;Argument[0];ReturnValue;taint",
114119
";String;true;localizedStringWithFormat(_:_:);;;Argument[1].CollectionElement;ReturnValue;taint",
115120
";String;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint",
@@ -126,6 +131,15 @@ private class StringSummaries extends SummaryModelCsv {
126131
";String;true;encode(to:);;;Argument[-1];Argument[0];taint",
127132
";String;true;decodeCString(_:as:repairingInvalidCodeUnits:);;;Argument[0];ReturnValue.TupleElement[0];taint",
128133
";String;true;decodeCString(_:as:repairingInvalidCodeUnits:);;;Argument[0].CollectionElement;ReturnValue.TupleElement[0];taint",
134+
";String;true;withUTF8(_:);;;Argument[-1];Argument[0].Parameter[0].CollectionElement;taint",
135+
";String;true;withUTF8(_:);;;Argument[0].Parameter[0].CollectionElement;Argument[-1];taint",
136+
";String;true;withUTF8(_:);;;Argument[0].ReturnValue;ReturnValue;value",
137+
";String;true;withPlatformString(_:);;;Argument[-1];Argument[0].Parameter[0].CollectionElement;taint",
138+
";String;true;withPlatformString(_:);;;Argument[0].ReturnValue;ReturnValue;value",
139+
";String;true;withMutableCharacters(_:);;;Argument[-1];Argument[0].Parameter[0];value",
140+
";String;true;withMutableCharacters(_:);;;Argument[0].Parameter[0];Argument[-1];value",
141+
";String;true;withMutableCharacters(_:);;;Argument[0].Parameter[0].CollectionElement;Argument[-1];taint",
142+
";String;true;withMutableCharacters(_:);;;Argument[0].ReturnValue;ReturnValue;value",
129143
";LosslessStringConvertible;true;init(_:);;;Argument[0];ReturnValue;taint",
130144
]
131145
}

swift/ql/test/library-tests/dataflow/taint/libraries/string.swift

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -372,7 +372,7 @@ func taintThroughEncodings() {
372372
})
373373
tainted.withUTF8({
374374
buffer in
375-
sink(arg: buffer[0]) // $ MISSING: tainted=366
375+
sink(arg: buffer[0]) // $ tainted=366
376376
sink(arg: buffer.baseAddress!) // $ MISSING: tainted=366
377377
})
378378

@@ -382,15 +382,15 @@ func taintThroughEncodings() {
382382
})
383383
tainted.withCString({
384384
ptr in
385-
sink(arg: ptr[0]) // $ MISSING: tainted=366
385+
sink(arg: ptr[0]) // $ tainted=366
386386
})
387387
clean.withCString(encodedAs: UTF8.self, {
388388
ptr in
389389
sink(arg: ptr[0])
390390
})
391391
tainted.withCString(encodedAs: UTF8.self, {
392392
ptr in
393-
sink(arg: ptr[0]) // $ MISSING: tainted=366
393+
sink(arg: ptr[0]) // $ tainted=366
394394
})
395395

396396
let arrayString1 = clean.cString(using: String.Encoding.utf8)!
@@ -421,8 +421,8 @@ func taintThroughEncodings() {
421421
})
422422
tainted.withPlatformString({
423423
ptr in
424-
sink(arg: ptr[0]) // $ MISSING: tainted=366
425-
sink(arg: String(platformString: ptr)) // $ MISSING: tainted=366
424+
sink(arg: ptr[0]) // $ tainted=366
425+
sink(arg: String(platformString: ptr)) // $ tainted=366
426426

427427
let buffer = UnsafeBufferPointer(start: ptr, count: 10)
428428
let arrayString = Array(buffer)
@@ -699,6 +699,6 @@ func taintMutableCharacters() {
699699
sink(arg: chars) // $ tainted=698
700700
return source()
701701
})
702-
sink(arg: rtn) // $ MISSING: tainted=700
703-
sink(arg: str) // $ MISSING: tainted=698
702+
sink(arg: rtn) // $ tainted=700
703+
sink(arg: str) // $ tainted=698
704704
}

0 commit comments

Comments
 (0)