Swift: Test localizedStringWithFormat a bit better.

geoffw0 · geoffw0 · commit f8c5a9a26494 · 2023-09-19T18:43:54.000+01:00
diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected b/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected
@@ -1,2 +1,2 @@
-failures
 testFailures
+failures
diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/nsstring.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/nsstring.swift
@@ -52,7 +52,7 @@ class NSString : NSObject, NSCopying, NSMutableCopying {
   func copy(with zone: NSZone? = nil) -> Any { return 0 }
   func mutableCopy(with zone: NSZone? = nil) -> Any { return 0 }
 
-  class func localizedStringWithFormat(_ format: NSString, _ args: CVarArg) -> Self { return (nil as Self?)! }
+  class func localizedStringWithFormat(_ format: NSString, _ args: CVarArg...) -> Self { return (nil as Self?)! }
   class func path(withComponents components: [String]) -> String { return "" }
   class func string(withCString bytes: UnsafePointer<CChar>) -> Any? { return nil }
   class func string(withCString bytes: UnsafePointer<CChar>, length: Int) -> Any? { return nil }
@@ -185,7 +185,7 @@ func sourceUnsafeMutableRawPointer() -> UnsafeMutableRawPointer { return (nil as
 func sourceCString() -> UnsafePointer<CChar> { return (nil as UnsafePointer<CChar>?)! }
 func sourceData() -> Data { return Data(0) }
 func sourceStringArray() -> [String] { return [] }
-
+func sourceInt() -> Int { return 0 }
 func sink(arg: Any) {}
 
 func taintThroughInterpolatedStrings() {
@@ -244,8 +244,8 @@ func taintThroughInterpolatedStrings() {
 
   let harmless = NSString(string: "harmless")
   let myRange = NSRange(location:0, length: 128)
-
-  sink(arg: NSString.localizedStringWithFormat(sourceNSString(), (nil as CVarArg?)!)) // $ tainted=248
+  sink(arg: NSString.localizedStringWithFormat(NSString(string: "%i %s %i"), 1, sourceInt(), 3)) // $ MISSING: tainted=247
+  sink(arg: NSString.localizedStringWithFormat(sourceNSString(), 1, 2, 3)) // $ tainted=248
   sink(arg: sourceNSString().character(at: 0)) // $ tainted=249
   sink(arg: sourceNSString().cString(using: 0)!) // $ tainted=250
   sink(arg: sourceNSString().cString()) // $ tainted=251
diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/string.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/string.swift
@@ -226,6 +226,7 @@ func taintThroughSimpleStringOperations() {
   sink(arg: String(format: tainted, locale: nil, 1, 2, 3)) // $ tainted=217
   sink(arg: String(format: tainted, locale: nil, arguments: [])) // $ tainted=217
   sink(arg: String.localizedStringWithFormat(tainted, 1, 2, 3)) // $ tainted=217
+  sink(arg: String.localizedStringWithFormat("%i %s %i", 1, tainted, 3)) // $ tainted=217
   sink(arg: String(format: "%s", tainted)) // $ tainted=217
   sink(arg: String(format: "%i %i %i", 1, 2, taintedInt)) // $ tainted=218
 
@@ -235,7 +236,6 @@ func taintThroughSimpleStringOperations() {
   sink(arg: tainted.dropFirst(10)) // $ tainted=217
   sink(arg: tainted.dropLast(10)) // $ tainted=217
   sink(arg: tainted.substring(from: tainted.startIndex)) // $ tainted=217
-
   sink(arg: tainted.lowercased()) // $ tainted=217
   sink(arg: tainted.uppercased()) // $ tainted=217
   sink(arg: tainted.lowercased(with: nil)) // $ tainted=217

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`		`-failures`
`2`	`1`	`testFailures`
	`2`	`+failures`