Swift: More path injection models.

geoffw0 · geoffw0 · commit d0efbbf5b86a · 2023-02-10T18:02:50.000Z
diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
@@ -108,6 +108,11 @@ private class PathInjectionSinks extends SinkModelCsv {
         ";NIOFileHandle;true;init(descriptor:);;;Argument[0];path-injection",
         ";NIOFileHandle;true;init(path:mode:flags:);;;Argument[0];path-injection",
         ";NIOFileHandle;true;init(path:);;;Argument[0];path-injection",
+        ";String;true;init(contentsOfFile:);;;Argument[0];path-injection",
+        ";String;true;init(contentsOfFile:encoding:);;;Argument[0];path-injection",
+        ";String;true;init(contentsOfFile:usedEncoding:);;;Argument[0];path-injection",
+        ";NSString;true;init(contentsOfFile:encoding:);;;Argument[0];path-injection",
+        ";NSString;true;init(contentsOfFile:usedEncoding:);;;Argument[0];path-injection",
         ";NSString;true;write(to:atomically:encoding:);;;Argument[0];path-injection",
         ";NSString;true;write(toFile:atomically:encoding:);;;Argument[0];path-injection",
         ";NSKeyedUnarchiver;true;unarchiveObject(withFile:);;;Argument[0];path-injection",
diff --git a/swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift b/swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift
@@ -246,12 +246,12 @@ func test() {
     let _ = fm.replaceItemAtURL(originalItemURL: safeNsUrl, withItemAtURL: remoteNsUrl, backupItemName: nil, options: []) // $ hasPathInjection=182
 
     var encoding = String.Encoding.utf8
-    let _ = try! String(contentsOfFile: remoteString) // $ MISSING: hasPathInjection=232
-    let _ = try! String(contentsOfFile: remoteString, encoding: String.Encoding.utf8) // $ MISSING: hasPathInjection=234
-    let _ = try! String(contentsOfFile: remoteString, usedEncoding: &encoding) // $ MISSING: hasPathInjection=235
+    let _ = try! String(contentsOfFile: remoteString) // $ hasPathInjection=182
+    let _ = try! String(contentsOfFile: remoteString, encoding: String.Encoding.utf8) // $ hasPathInjection=182
+    let _ = try! String(contentsOfFile: remoteString, usedEncoding: &encoding) // $ hasPathInjection=182
 
-    let _ = try! NSString(contentsOfFile: remoteString, encoding: 0) // $ MISSING: hasPathInjection=237
-    let _ = try! NSString(contentsOfFile: remoteString, usedEncoding: nil) // $ MISSING: hasPathInjection=238
+    let _ = try! NSString(contentsOfFile: remoteString, encoding: 0) // $ hasPathInjection=182
+    let _ = try! NSString(contentsOfFile: remoteString, usedEncoding: nil) // $ hasPathInjection=182
     NSString().write(to: remoteUrl, atomically: true, encoding: 0)  // $ hasPathInjection=182
     NSString().write(toFile: remoteString, atomically: true, encoding: 0) // $ hasPathInjection=182
 
