Skip to content

Commit 38eeb9c

Browse files
geoffw0geoffw0
committed
Swift: Model String methods.
1 parent 1077dcd commit 38eeb9c

File tree

4 files changed

+128
-9
lines changed

4 files changed

+128
-9
lines changed

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,37 @@ private class StringSummaries extends SummaryModelCsv {
6363
";String;true;init(utf8String:);;;Argument[0];ReturnValue;taint",
6464
";String;true;init(validating:);;;Argument[0];ReturnValue;taint",
6565
";String;true;init(validatingPlatformString:);;;Argument[0];ReturnValue;taint",
66+
";String;true;localizedStringWithFormat(_:_:);;;Argument[0..1];ReturnValue;taint",
67+
";String;true;write(_:);;;Argument[0];Argument[-1];taint",
68+
";String;true;write(to:);;;Argument[-1];Argument[0];taint",
69+
";String;true;append(_:);;;Argument[0];Argument[-1];taint",
70+
";String;true;append(contentsOf:);;;Argument[0];Argument[-1];taint",
71+
";String;true;insert(_:at:);;;Argument[0];Argument[-1];taint",
72+
";String;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint",
73+
";String;true;replaceSubrange(_:with::);;;Argument[1];Argument[-1];taint",
74+
";String;true;popLast();;;Argument[-1];ReturnValue;taint",
75+
";String;true;lowercased();;;Argument[-1];ReturnValue;taint",
76+
";String;true;uppercased();;;Argument[-1];ReturnValue;taint",
77+
";String;true;first(where:);;;Argument[-1];ReturnValue;taint",
78+
";String;true;last(where:);;;Argument[-1];ReturnValue;taint",
79+
";String;true;max();;;Argument[-1];ReturnValue;taint",
80+
";String;true;max(by:);;;Argument[-1];ReturnValue;taint",
81+
";String;true;min();;;Argument[-1];ReturnValue;taint",
82+
";String;true;min(by:);;;Argument[-1];ReturnValue;taint",
83+
";String;true;subscript(_:);;;Argument[-1];ReturnValue;taint",
84+
";String;true;prefix(_:);;;Argument[-1];ReturnValue;taint",
85+
";String;true;prefix(through:);;;Argument[-1];ReturnValue;taint",
86+
";String;true;prefix(upTo:);;;Argument[-1];ReturnValue;taint",
87+
";String;true;prefix(while:);;;Argument[-1];ReturnValue;taint",
88+
";String;true;suffix(_:);;;Argument[-1];ReturnValue;taint",
89+
";String;true;suffix(from:);;;Argument[-1];ReturnValue;taint",
90+
";String;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint",
91+
";String;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
92+
";String;true;randomElement();;;Argument[-1];ReturnValue;taint",
93+
";String;true;randomElement(using:);;;Argument[-1];ReturnValue;taint",
94+
";String;true;enumerated();;;Argument[-1];ReturnValue;taint",
95+
";String;true;reversed();;;Argument[-1];ReturnValue;taint",
96+
";String;true;encode(to:);;;Argument[-1];Argument[0];taint"
6697
]
6798
}
6899
}

swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1085,49 +1085,57 @@
10851085
| string.swift:183:3:183:3 | &... | string.swift:184:13:184:13 | str2 |
10861086
| string.swift:183:3:183:3 | [post] &... | string.swift:184:13:184:13 | str2 |
10871087
| string.swift:183:3:183:3 | str2 | string.swift:183:3:183:3 | &... |
1088+
| string.swift:183:15:183:15 | def | string.swift:183:3:183:3 | [post] &... |
10881089
| string.swift:184:13:184:13 | [post] str2 | string.swift:185:3:185:3 | str2 |
10891090
| string.swift:184:13:184:13 | str2 | string.swift:185:3:185:3 | str2 |
10901091
| string.swift:185:3:185:3 | &... | string.swift:186:13:186:13 | str2 |
10911092
| string.swift:185:3:185:3 | [post] &... | string.swift:186:13:186:13 | str2 |
10921093
| string.swift:185:3:185:3 | str2 | string.swift:185:3:185:3 | &... |
1093-
| string.swift:186:13:186:13 | [post] str2 | string.swift:193:13:193:13 | str2 |
1094-
| string.swift:186:13:186:13 | str2 | string.swift:193:13:193:13 | str2 |
1094+
| string.swift:185:15:185:23 | call to source2() | string.swift:185:3:185:3 | [post] &... |
10951095
| string.swift:188:7:188:7 | SSA def(str3) | string.swift:189:13:189:13 | str3 |
10961096
| string.swift:188:14:188:14 | abc | string.swift:188:7:188:7 | SSA def(str3) |
10971097
| string.swift:189:13:189:13 | [post] str3 | string.swift:190:3:190:3 | str3 |
10981098
| string.swift:189:13:189:13 | str3 | string.swift:190:3:190:3 | str3 |
10991099
| string.swift:190:3:190:3 | &... | string.swift:191:13:191:13 | str3 |
11001100
| string.swift:190:3:190:3 | [post] &... | string.swift:191:13:191:13 | str3 |
11011101
| string.swift:190:3:190:3 | str3 | string.swift:190:3:190:3 | &... |
1102+
| string.swift:190:27:190:27 | def | string.swift:190:3:190:3 | [post] &... |
11021103
| string.swift:191:13:191:13 | [post] str3 | string.swift:192:3:192:3 | str3 |
11031104
| string.swift:191:13:191:13 | str3 | string.swift:192:3:192:3 | str3 |
1105+
| string.swift:192:3:192:3 | &... | string.swift:193:13:193:13 | str3 |
1106+
| string.swift:192:3:192:3 | [post] &... | string.swift:193:13:193:13 | str3 |
11041107
| string.swift:192:3:192:3 | str3 | string.swift:192:3:192:3 | &... |
1108+
| string.swift:192:27:192:35 | call to source2() | string.swift:192:3:192:3 | [post] &... |
11051109
| string.swift:195:7:195:7 | SSA def(str4) | string.swift:196:13:196:13 | str4 |
11061110
| string.swift:195:14:195:14 | abc | string.swift:195:7:195:7 | SSA def(str4) |
11071111
| string.swift:196:13:196:13 | [post] str4 | string.swift:197:3:197:3 | str4 |
11081112
| string.swift:196:13:196:13 | str4 | string.swift:197:3:197:3 | str4 |
11091113
| string.swift:197:3:197:3 | &... | string.swift:198:13:198:13 | str4 |
11101114
| string.swift:197:3:197:3 | [post] &... | string.swift:198:13:198:13 | str4 |
11111115
| string.swift:197:3:197:3 | str4 | string.swift:197:3:197:3 | &... |
1116+
| string.swift:197:14:197:14 | def | string.swift:197:3:197:3 | [post] &... |
11121117
| string.swift:198:13:198:13 | [post] str4 | string.swift:199:3:199:3 | str4 |
11131118
| string.swift:198:13:198:13 | str4 | string.swift:199:3:199:3 | str4 |
11141119
| string.swift:199:3:199:3 | &... | string.swift:200:13:200:13 | str4 |
11151120
| string.swift:199:3:199:3 | [post] &... | string.swift:200:13:200:13 | str4 |
11161121
| string.swift:199:3:199:3 | str4 | string.swift:199:3:199:3 | &... |
1122+
| string.swift:199:14:199:22 | call to source2() | string.swift:199:3:199:3 | [post] &... |
11171123
| string.swift:202:7:202:7 | SSA def(str5) | string.swift:203:13:203:13 | str5 |
11181124
| string.swift:202:14:202:14 | abc | string.swift:202:7:202:7 | SSA def(str5) |
11191125
| string.swift:203:13:203:13 | [post] str5 | string.swift:204:3:204:3 | str5 |
11201126
| string.swift:203:13:203:13 | str5 | string.swift:204:3:204:3 | str5 |
11211127
| string.swift:204:3:204:3 | &... | string.swift:204:38:204:38 | str5 |
11221128
| string.swift:204:3:204:3 | [post] &... | string.swift:204:38:204:38 | str5 |
11231129
| string.swift:204:3:204:3 | str5 | string.swift:204:3:204:3 | &... |
1130+
| string.swift:204:27:204:27 | abc | string.swift:204:3:204:3 | [post] &... |
11241131
| string.swift:204:38:204:38 | [post] str5 | string.swift:205:13:205:13 | str5 |
11251132
| string.swift:204:38:204:38 | str5 | string.swift:205:13:205:13 | str5 |
11261133
| string.swift:205:13:205:13 | [post] str5 | string.swift:206:3:206:3 | str5 |
11271134
| string.swift:205:13:205:13 | str5 | string.swift:206:3:206:3 | str5 |
11281135
| string.swift:206:3:206:3 | &... | string.swift:206:42:206:42 | str5 |
11291136
| string.swift:206:3:206:3 | [post] &... | string.swift:206:42:206:42 | str5 |
11301137
| string.swift:206:3:206:3 | str5 | string.swift:206:3:206:3 | &... |
1138+
| string.swift:206:27:206:35 | call to source2() | string.swift:206:3:206:3 | [post] &... |
11311139
| string.swift:206:42:206:42 | [post] str5 | string.swift:207:13:207:13 | str5 |
11321140
| string.swift:206:42:206:42 | str5 | string.swift:207:13:207:13 | str5 |
11331141
| string.swift:211:7:211:7 | SSA def(clean) | string.swift:215:20:215:20 | clean |
@@ -1159,7 +1167,9 @@
11591167
| string.swift:222:28:222:28 | tainted | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) |
11601168
| string.swift:222:28:222:28 | tainted | string.swift:223:46:223:46 | tainted |
11611169
| string.swift:223:46:223:46 | [post] tainted | string.swift:224:34:224:34 | tainted |
1170+
| string.swift:223:46:223:46 | tainted | string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) |
11621171
| string.swift:223:46:223:46 | tainted | string.swift:224:34:224:34 | tainted |
1172+
| string.swift:223:55:223:61 | [...] | string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) |
11631173
| string.swift:224:28:224:28 | %s | string.swift:224:13:224:41 | call to String.init(format:_:) |
11641174
| string.swift:224:34:224:34 | tainted | string.swift:228:31:228:31 | tainted |
11651175
| string.swift:225:28:225:28 | %i %i %i | string.swift:225:13:225:56 | call to String.init(format:_:) |
@@ -1178,8 +1188,10 @@
11781188
| string.swift:232:37:232:37 | [post] tainted | string.swift:234:13:234:13 | tainted |
11791189
| string.swift:232:37:232:37 | tainted | string.swift:234:13:234:13 | tainted |
11801190
| string.swift:234:13:234:13 | [post] tainted | string.swift:235:13:235:13 | tainted |
1191+
| string.swift:234:13:234:13 | tainted | string.swift:234:13:234:32 | call to lowercased() |
11811192
| string.swift:234:13:234:13 | tainted | string.swift:235:13:235:13 | tainted |
11821193
| string.swift:235:13:235:13 | [post] tainted | string.swift:236:13:236:13 | tainted |
1194+
| string.swift:235:13:235:13 | tainted | string.swift:235:13:235:32 | call to uppercased() |
11831195
| string.swift:235:13:235:13 | tainted | string.swift:236:13:236:13 | tainted |
11841196
| string.swift:236:13:236:13 | [post] tainted | string.swift:237:13:237:13 | tainted |
11851197
| string.swift:236:13:236:13 | tainted | string.swift:237:13:237:13 | tainted |

0 commit comments

Comments
 (0)