Skip to content

Commit 9f73407

Browse files
geoffw0geoffw0
committed
Swift: Test taint through NSString member variables.
1 parent 452ca4e commit 9f73407

File tree

1 file changed

+64
-0
lines changed

1 file changed

+64
-0
lines changed

swift/ql/test/library-tests/dataflow/taint/nsstring.swift

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,36 @@ class NSString : NSObject, NSCopying, NSMutableCopying {
9595
func strings(byAppendingPaths paths: [String]) -> [String] { return [] }
9696
func completePath(into outputName: AutoreleasingUnsafeMutablePointer<NSString?>?, caseSensitive flag: Bool, matchesInto outputArray: AutoreleasingUnsafeMutablePointer<NSArray?>?, filterTypes: [String]?) -> Int { return 1 }
9797
func getFileSystemRepresentation(_ cname: UnsafeMutablePointer<CChar>, maxLength max: Int) -> Bool { return true }
98+
99+
var utf8String: UnsafePointer<CChar>? { get { return nil } }
100+
var lowercased: String { get { return "" } }
101+
var localizedLowercase: String { get { return "" } }
102+
var uppercased: String { get { return "" } }
103+
var localizedUppercase: String { get { return "" } }
104+
var capitalized: String { get { return "" } }
105+
var localizedCapitalized: String { get { return "" } }
106+
var decomposedStringWithCanonicalMapping: String { get { return "" } }
107+
var decomposedStringWithCompatibilityMapping: String { get { return "" } }
108+
var precomposedStringWithCanonicalMapping: String { get { return "" } }
109+
var precomposedStringWithCompatibilityMapping: String { get { return "" } }
110+
var doubleValue: Double { get { return 0.0 } }
111+
var floatValue: Float { get { return 0.0 } }
112+
var intValue: Int32 { get { return 0 } }
113+
var integerValue: Int { get { return 0 } }
114+
var longLongValue: Int64 { get { return 0 } }
115+
var boolValue: Bool { get { return false } }
116+
var description: String { get { return "" } }
117+
var pathComponents: [String] { get { return [] } }
118+
var fileSystemRepresentation: UnsafePointer<CChar> { get { return (nil as UnsafePointer<CChar>?)! } }
119+
var lastPathComponent: String { get { return "" } }
120+
var pathExtension: String { get { return "" } }
121+
var abbreviatingWithTildeInPath: String { get { return "" } }
122+
var deletingLastPathComponent: String { get { return "" } }
123+
var deletingPathExtension: String { get { return "" } }
124+
var expandingTildeInPath: String { get { return "" } }
125+
var resolvingSymlinksInPath: String { get { return "" } }
126+
var standardizingPath: String { get { return "" } }
127+
var removingPercentEncoding: String? { get { return "" } }
98128
}
99129

100130
class NSMutableString: NSString {
@@ -389,4 +419,38 @@ func taintThroughInterpolatedStrings() {
389419
sink(arg: str34) // $ MISSING: tainted=
390420
str34.setString("")
391421
sink(arg: str34)
422+
423+
// member variables
424+
425+
sink(arg: sourceNSString().utf8String) // $ MISSING: tainted=
426+
sink(arg: NSString(utf8String: sourceNSString().utf8String!)!) // $ MISSING: tainted=
427+
sink(arg: sourceNSString().lowercased) // $ MISSING: tainted=
428+
sink(arg: sourceNSString().localizedLowercase) // $ MISSING: tainted=
429+
sink(arg: sourceNSString().uppercased) // $ MISSING: tainted=
430+
sink(arg: sourceNSString().localizedUppercase) // $ MISSING: tainted=
431+
sink(arg: sourceNSString().capitalized) // $ MISSING: tainted=
432+
sink(arg: sourceNSString().localizedCapitalized) // $ MISSING: tainted=
433+
sink(arg: sourceNSString().decomposedStringWithCanonicalMapping) // $ MISSING: tainted=
434+
sink(arg: sourceNSString().decomposedStringWithCompatibilityMapping) // $ MISSING: tainted=
435+
sink(arg: sourceNSString().precomposedStringWithCanonicalMapping) // $ MISSING: tainted=
436+
sink(arg: sourceNSString().precomposedStringWithCompatibilityMapping) // $ MISSING: tainted=
437+
sink(arg: sourceNSString().doubleValue) // $ MISSING: tainted=
438+
sink(arg: sourceNSString().floatValue) // $ MISSING: tainted=
439+
sink(arg: sourceNSString().intValue) // $ MISSING: tainted=
440+
sink(arg: sourceNSString().integerValue) // $ MISSING: tainted=
441+
sink(arg: sourceNSString().longLongValue) // $ MISSING: tainted=
442+
sink(arg: sourceNSString().boolValue) // $ MISSING: tainted=
443+
sink(arg: sourceNSString().description) // $ MISSING: tainted=
444+
sink(arg: sourceNSString().pathComponents) // $ MISSING: tainted=
445+
sink(arg: sourceNSString().pathComponents[0]) // $ MISSING: tainted=
446+
sink(arg: sourceNSString().fileSystemRepresentation) // $ MISSING: tainted=
447+
sink(arg: sourceNSString().lastPathComponent) // $ MISSING: tainted=
448+
sink(arg: sourceNSString().pathExtension) // $ MISSING: tainted=
449+
sink(arg: sourceNSString().abbreviatingWithTildeInPath) // $ MISSING: tainted=
450+
sink(arg: sourceNSString().deletingLastPathComponent) // $ MISSING: tainted=
451+
sink(arg: sourceNSString().deletingPathExtension) // $ MISSING: tainted=
452+
sink(arg: sourceNSString().expandingTildeInPath) // $ MISSING: tainted=
453+
sink(arg: sourceNSString().resolvingSymlinksInPath) // $ MISSING: tainted=
454+
sink(arg: sourceNSString().standardizingPath) // $ MISSING: tainted=
455+
sink(arg: sourceNSString().removingPercentEncoding) // $ MISSING: tainted=
392456
}

0 commit comments

Comments
 (0)