Skip to content

Commit 879dea2

Browse files
geoffw0geoffw0
committed
Swift: Additional test cases.
1 parent 91c324e commit 879dea2

File tree

2 files changed

+30
-0
lines changed

2 files changed

+30
-0
lines changed

swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,12 @@ nodes
7373
| StringLengthConflation.swift:138:36:138:46 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
7474
| StringLengthConflation.swift:144:28:144:30 | .count : | semmle.label | .count : |
7575
| StringLengthConflation.swift:144:28:144:38 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
76+
| StringLengthConflation.swift:151:45:151:53 | .count | semmle.label | .count |
77+
| StringLengthConflation.swift:152:57:152:65 | .count | semmle.label | .count |
78+
| StringLengthConflation.swift:156:45:156:52 | .count | semmle.label | .count |
79+
| StringLengthConflation.swift:157:55:157:62 | .count | semmle.label | .count |
80+
| StringLengthConflation.swift:161:45:161:53 | .count | semmle.label | .count |
81+
| StringLengthConflation.swift:162:57:162:65 | .count | semmle.label | .count |
7682
| file://:0:0:0:0 | .length : | semmle.label | .length : |
7783
subpaths
7884
#select
@@ -111,3 +117,9 @@ subpaths
111117
| StringLengthConflation.swift:137:34:137:44 | ... .-(_:_:) ... | StringLengthConflation.swift:137:34:137:36 | .count : | StringLengthConflation.swift:137:34:137:44 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
112118
| StringLengthConflation.swift:138:36:138:46 | ... .-(_:_:) ... | StringLengthConflation.swift:138:36:138:38 | .count : | StringLengthConflation.swift:138:36:138:46 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
113119
| StringLengthConflation.swift:144:28:144:38 | ... .-(_:_:) ... | StringLengthConflation.swift:144:28:144:30 | .count : | StringLengthConflation.swift:144:28:144:38 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
120+
| StringLengthConflation.swift:151:45:151:53 | .count | StringLengthConflation.swift:151:45:151:53 | .count | StringLengthConflation.swift:151:45:151:53 | .count | This String.unicodeScalars length is used in a String, but it may not be equivalent. |
121+
| StringLengthConflation.swift:152:57:152:65 | .count | StringLengthConflation.swift:152:57:152:65 | .count | StringLengthConflation.swift:152:57:152:65 | .count | This String.unicodeScalars length is used in a String, but it may not be equivalent. |
122+
| StringLengthConflation.swift:156:45:156:52 | .count | StringLengthConflation.swift:156:45:156:52 | .count | StringLengthConflation.swift:156:45:156:52 | .count | This String.utf8 length is used in a String, but it may not be equivalent. |
123+
| StringLengthConflation.swift:157:55:157:62 | .count | StringLengthConflation.swift:157:55:157:62 | .count | StringLengthConflation.swift:157:55:157:62 | .count | This String.utf8 length is used in a String, but it may not be equivalent. |
124+
| StringLengthConflation.swift:161:45:161:53 | .count | StringLengthConflation.swift:161:45:161:53 | .count | StringLengthConflation.swift:161:45:161:53 | .count | This String.utf16 length is used in a String, but it may not be equivalent. |
125+
| StringLengthConflation.swift:162:57:162:65 | .count | StringLengthConflation.swift:162:57:162:65 | .count | StringLengthConflation.swift:162:57:162:65 | .count | This String.unicodeScalars length is used in a String, but it may not be equivalent. |

swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -143,6 +143,24 @@ func test(s: String) {
143143
let nmstr8 = NSMutableString(string: s)
144144
nmstr8.insert("*", at: s.count - 1) // BAD: String length used in NSString
145145
print("insert '\(nmstr7)' / '\(nmstr8)'")
146+
147+
// --- inspired by real world cases ---
148+
149+
let scalars = s.unicodeScalars
150+
let _ = s.index(s.startIndex, offsetBy: s.count) // GOOD
151+
let _ = s.index(s.startIndex, offsetBy: scalars.count) // BAD
152+
let _ = scalars.index(scalars.startIndex, offsetBy: scalars.count) // GOOD [FALSE POSITIVE]
153+
let _ = scalars.index(scalars.startIndex, offsetBy: s.count) // BAD [NOT DETECTED]
154+
155+
let s_utf8 = s.utf8
156+
let _ = s.index(s.startIndex, offsetBy: s_utf8.count) // BAD
157+
let _ = s_utf8.index(s_utf8.startIndex, offsetBy: s_utf8.count) // GOOD [FALSE POSITIVE]
158+
let _ = s_utf8.index(s_utf8.startIndex, offsetBy: s.count) // BAD [NOT DETECTED]
159+
160+
let s_utf16 = s.utf16
161+
let _ = s.index(s.startIndex, offsetBy: s_utf16.count) // BAD
162+
let _ = s_utf16.index(s_utf16.startIndex, offsetBy: scalars.count) // GOOD [FALSE POSITIVE]
163+
let _ = s_utf16.index(s_utf16.startIndex, offsetBy: s.count) // BAD [NOT DETECTED]
146164
}
147165

148166
// `begin :thumbsup: end`, with thumbs up emoji and skin tone modifier

0 commit comments

Comments
 (0)