Skip to content

Commit ad05cc3

Browse files
geoffw0geoffw0
committed
Swift: Separate out a FormatString library as well.
1 parent 4359686 commit ad05cc3

File tree

2 files changed

+75
-69
lines changed

2 files changed

+75
-69
lines changed

swift/ql/lib/codeql/swift/FormatString.qll

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
/**
2+
* Provides classes and predicates for reasoning about string formatting.
3+
*/
4+
5+
import swift
6+
7+
/**
8+
* A function that takes a `printf` style format argument.
9+
*/
10+
abstract class FormattingFunction extends AbstractFunctionDecl {
11+
/**
12+
* Gets the position of the format argument.
13+
*/
14+
abstract int getFormatParameterIndex();
15+
}
16+
17+
/**
18+
* A call to a function that takes a `printf` style format argument.
19+
*/
20+
class FormattingFunctionCall extends CallExpr {
21+
FormattingFunction target;
22+
23+
FormattingFunctionCall() { target = this.getStaticTarget() }
24+
25+
/**
26+
* Gets the format expression used in this call.
27+
*/
28+
Expr getFormat() { result = this.getArgument(target.getFormatParameterIndex()).getExpr() }
29+
}
30+
31+
/**
32+
* An initializer for `String`, `NSString` or `NSMutableString` that takes a
33+
* `printf` style format argument.
34+
*/
35+
class StringInitWithFormat extends FormattingFunction, MethodDecl {
36+
StringInitWithFormat() {
37+
exists(string fName |
38+
this.hasQualifiedName(["String", "NSString", "NSMutableString"], fName) and
39+
fName.matches("init(format:%")
40+
)
41+
}
42+
43+
override int getFormatParameterIndex() { result = 0 }
44+
}
45+
46+
/**
47+
* The `localizedStringWithFormat` method of `String`, `NSString` and `NSMutableString`.
48+
*/
49+
class LocalizedStringWithFormat extends FormattingFunction, MethodDecl {
50+
LocalizedStringWithFormat() {
51+
this.hasQualifiedName(["String", "NSString", "NSMutableString"],
52+
"localizedStringWithFormat(_:_:)")
53+
}
54+
55+
override int getFormatParameterIndex() { result = 0 }
56+
}
57+
58+
/**
59+
* The functions `NSLog` and `NSLogv`.
60+
*/
61+
class NsLog extends FormattingFunction, FreeFunctionDecl {
62+
NsLog() { this.getName() = ["NSLog(_:_:)", "NSLogv(_:_:)"] }
63+
64+
override int getFormatParameterIndex() { result = 0 }
65+
}
66+
67+
/**
68+
* The `NSException.raise` method.
69+
*/
70+
class NsExceptionRaise extends FormattingFunction, MethodDecl {
71+
NsExceptionRaise() { this.hasQualifiedName("NSException", "raise(_:format:arguments:)") }
72+
73+
override int getFormatParameterIndex() { result = 1 }
74+
}

swift/ql/lib/codeql/swift/security/UncontrolledFormatStringQuery.qll

Lines changed: 1 addition & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -4,79 +4,11 @@
44
*/
55

66
import swift
7+
import codeql.swift.StringFormat
78
import codeql.swift.dataflow.DataFlow
89
import codeql.swift.dataflow.TaintTracking
910
import codeql.swift.dataflow.FlowSources
1011

11-
/**
12-
* A function that takes a `printf` style format argument.
13-
*/
14-
abstract class FormattingFunction extends AbstractFunctionDecl {
15-
/**
16-
* Gets the position of the format argument.
17-
*/
18-
abstract int getFormatParameterIndex();
19-
}
20-
21-
/**
22-
* An initializer for `String`, `NSString` or `NSMutableString` that takes a
23-
* `printf` style format argument.
24-
*/
25-
class StringInitWithFormat extends FormattingFunction, MethodDecl {
26-
StringInitWithFormat() {
27-
exists(string fName |
28-
this.hasQualifiedName(["String", "NSString", "NSMutableString"], fName) and
29-
fName.matches("init(format:%")
30-
)
31-
}
32-
33-
override int getFormatParameterIndex() { result = 0 }
34-
}
35-
36-
/**
37-
* The `localizedStringWithFormat` method of `String`, `NSString` and `NSMutableString`.
38-
*/
39-
class LocalizedStringWithFormat extends FormattingFunction, MethodDecl {
40-
LocalizedStringWithFormat() {
41-
this.hasQualifiedName(["String", "NSString", "NSMutableString"],
42-
"localizedStringWithFormat(_:_:)")
43-
}
44-
45-
override int getFormatParameterIndex() { result = 0 }
46-
}
47-
48-
/**
49-
* The functions `NSLog` and `NSLogv`.
50-
*/
51-
class NsLog extends FormattingFunction, FreeFunctionDecl {
52-
NsLog() { this.getName() = ["NSLog(_:_:)", "NSLogv(_:_:)"] }
53-
54-
override int getFormatParameterIndex() { result = 0 }
55-
}
56-
57-
/**
58-
* The `NSException.raise` method.
59-
*/
60-
class NsExceptionRaise extends FormattingFunction, MethodDecl {
61-
NsExceptionRaise() { this.hasQualifiedName("NSException", "raise(_:format:arguments:)") }
62-
63-
override int getFormatParameterIndex() { result = 1 }
64-
}
65-
66-
/**
67-
* A call to a function that takes a `printf` style format argument.
68-
*/
69-
class FormattingFunctionCall extends CallExpr {
70-
FormattingFunction target;
71-
72-
FormattingFunctionCall() { target = this.getStaticTarget() }
73-
74-
/**
75-
* Gets the format expression used in this call.
76-
*/
77-
Expr getFormat() { result = this.getArgument(target.getFormatParameterIndex()).getExpr() }
78-
}
79-
8012
/**
8113
* A taint configuration for tainted data that reaches a format string.
8214
*/

0 commit comments

Comments
 (0)