Skip to content

Commit 452ca4e

Browse files
geoffw0geoffw0
committed
Swift: Test taint through NSMutableString.
1 parent 16ec29e commit 452ca4e

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed

swift/ql/test/library-tests/dataflow/taint/nsstring.swift

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,14 @@ class NSString : NSObject, NSCopying, NSMutableCopying {
9797
func getFileSystemRepresentation(_ cname: UnsafeMutablePointer<CChar>, maxLength max: Int) -> Bool { return true }
9898
}
9999

100+
class NSMutableString: NSString {
101+
func append(_ aString: String) {}
102+
func insert(_ aString: String, at loc: Int) {}
103+
func replaceCharacters(in range: NSRange, with aString: String) {}
104+
func replaceOccurrences(of target: String, with replacement: String, options: NSString.CompareOptions = [], range searchRange: NSRange) -> Int { return 0 }
105+
func setString(_ aString: String) {}
106+
}
107+
100108
class NSArray : NSObject {
101109
}
102110

@@ -137,6 +145,7 @@ struct UTType {
137145

138146
func sourceString() -> String { return "" }
139147
func sourceNSString() -> NSString { return NSString(string: "") }
148+
func sourceNSMutableString() -> NSMutableString { return NSMutableString(string: "") }
140149
func sourceUnicharString() -> UnsafePointer<unichar> { return (nil as UnsafePointer<unichar>?)! }
141150
func sourceMutableUnicharString() -> UnsafeMutablePointer<unichar> { return (nil as UnsafeMutablePointer<unichar>?)! }
142151
func sourceURL() -> URL { return URL(string: "")! }
@@ -347,4 +356,37 @@ func taintThroughInterpolatedStrings() {
347356
sink(arg: str20.mutableCopy()) // $ MISSING: tainted=
348357
sink(arg: str20.copy(with: nil)) // $ MISSING: tainted=
349358
sink(arg: str20.mutableCopy(with: nil)) // $ MISSING: tainted=
359+
360+
// `NSMutableString` methods
361+
362+
sink(arg: sourceNSMutableString().capitalized(with: nil)) // $ MISSING: tainted=
363+
364+
var str30 = NSMutableString(string: "")
365+
sink(arg: str30)
366+
str30.append(sourceString())
367+
sink(arg: str30) // $ MISSING: tainted=
368+
369+
var str31 = NSMutableString(string: "")
370+
sink(arg: str31)
371+
str31.insert(sourceString(), at: 0)
372+
sink(arg: str31) // $ MISSING: tainted=
373+
374+
var str32 = NSMutableString(string: "")
375+
sink(arg: str32)
376+
str32.replaceCharacters(in: myRange, with: sourceString())
377+
sink(arg: str32) // $ MISSING: tainted=
378+
379+
var str33 = NSMutableString(string: "")
380+
sink(arg: str33)
381+
str33.replaceOccurrences(of: "a", with: sourceString(), range: myRange)
382+
sink(arg: str33) // $ MISSING: tainted=
383+
384+
var str34 = NSMutableString(string: "")
385+
sink(arg: str34)
386+
str34.setString(sourceString())
387+
sink(arg: str34) // $ MISSING: tainted=
388+
str34.append("-append")
389+
sink(arg: str34) // $ MISSING: tainted=
390+
str34.setString("")
391+
sink(arg: str34)
350392
}

0 commit comments

Comments
 (0)