Skip to content

Commit a19579d

Browse files
geoffw0geoffw0
authored
Merge pull request github#12587 from geoffw0/finishbitwise
Swift: Remove special case for bitwise operations
2 parents 2968c12 + 166902b commit a19579d

File tree

2 files changed

+6
-5
lines changed

2 files changed

+6
-5
lines changed

swift/ql/lib/codeql/swift/security/XXEExtensions.qll

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
import swift
44
private import codeql.swift.dataflow.DataFlow
5+
private import codeql.swift.dataflow.TaintTracking
56
private import codeql.swift.frameworks.AEXML
67
private import codeql.swift.frameworks.Libxml2
78
private import codeql.swift.dataflow.ExternalFlow
@@ -182,9 +183,7 @@ private class Libxml2XxeSink extends XxeSink {
182183
* including bitwise operations, accesses to `.rawValue`, and casts to `Int32`.
183184
*/
184185
private predicate lib2xmlOptionLocalTaintStep(DataFlow::Node source, DataFlow::Node sink) {
185-
DataFlow::localFlowStep(source, sink)
186-
or
187-
source.asExpr() = sink.asExpr().(BitwiseOperation).getAnOperand()
186+
TaintTracking::localTaintStep(source, sink)
188187
or
189188
exists(MemberRefExpr rawValue | rawValue.getMember().(VarDecl).getName() = "rawValue" |
190189
source.asExpr() = rawValue.getBase() and sink.asExpr() = rawValue

swift/ql/test/query-tests/Security/CWE-611/testLibxmlXXE.swift

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,8 @@ struct xmlParserOption : Hashable {
2020
let rawValue: UInt32 = 0
2121
}
2222

23-
var XML_PARSE_NOENT: xmlParserOption { get { return xmlParserOption() } }
24-
var XML_PARSE_DTDLOAD: xmlParserOption { get { return xmlParserOption() } }
23+
var XML_PARSE_NOENT: xmlParserOption { get { return xmlParserOption() } }
24+
var XML_PARSE_DTDLOAD: xmlParserOption { get { return xmlParserOption() } }
2525

2626
typealias xmlChar = UInt8
2727
typealias xmlDocPtr = UnsafeMutablePointer<xmlDoc>
@@ -58,6 +58,8 @@ func test() {
5858
let _ = xmlReadFile(remoteCharPtr, nil, 0) // NO XXE: external entities not enabled
5959
let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=57
6060
let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57
61+
let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue | XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57
62+
let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue | 0)) // $ hasXXE=57
6163
let _ = xmlReadDoc(remotePtr, nil, nil, 0) // NO XXE: external entities not enabled
6264
let _ = xmlReadDoc(remotePtr, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=56
6365
let _ = xmlReadDoc(remotePtr, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=56

0 commit comments

Comments
 (0)