Skip to content

Commit d25de8c

Browse files
geoffw0geoffw0
committed
Swift: Taint fields of StringProtocol.
1 parent 21abe54 commit d25de8c

File tree

4 files changed

+131
-10
lines changed

4 files changed

+131
-10
lines changed

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,13 +20,15 @@ private class StringSource extends SourceModelCsv {
2020
}
2121

2222
/**
23-
* A content implying that, if a `String` is tainted, then all its fields are tainted.
23+
* A content implying that, if a `String` is tainted, then all its fields are
24+
* tainted. This also includes fields declared in `StringProtocol`.
2425
*/
2526
private class StringFieldsInheritTaint extends TaintInheritingContent,
2627
DataFlow::Content::FieldContent {
2728
StringFieldsInheritTaint() {
28-
this.getField().getEnclosingDecl().(ClassOrStructDecl).getFullName() = "String" or
29+
this.getField().getEnclosingDecl().(NominalTypeDecl).getFullName() =
30+
["String", "StringProtocol"] or
2931
this.getField().getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getFullName() =
30-
"String"
32+
["String", "StringProtocol"]
3133
}
3234
}

swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1264,30 +1264,44 @@
12641264
| string.swift:282:13:282:13 | [post] tainted | string.swift:284:13:284:13 | tainted |
12651265
| string.swift:282:13:282:13 | tainted | string.swift:284:13:284:13 | tainted |
12661266
| string.swift:283:13:283:13 | [post] clean | string.swift:285:13:285:13 | clean |
1267+
| string.swift:283:13:283:13 | clean | string.swift:283:13:283:19 | .capitalized |
12671268
| string.swift:283:13:283:13 | clean | string.swift:285:13:285:13 | clean |
12681269
| string.swift:284:13:284:13 | [post] tainted | string.swift:286:13:286:13 | tainted |
1270+
| string.swift:284:13:284:13 | tainted | string.swift:284:13:284:21 | .capitalized |
12691271
| string.swift:284:13:284:13 | tainted | string.swift:286:13:286:13 | tainted |
12701272
| string.swift:285:13:285:13 | [post] clean | string.swift:287:13:287:13 | clean |
1273+
| string.swift:285:13:285:13 | clean | string.swift:285:13:285:19 | .localizedCapitalized |
12711274
| string.swift:285:13:285:13 | clean | string.swift:287:13:287:13 | clean |
12721275
| string.swift:286:13:286:13 | [post] tainted | string.swift:288:13:288:13 | tainted |
1276+
| string.swift:286:13:286:13 | tainted | string.swift:286:13:286:21 | .localizedCapitalized |
12731277
| string.swift:286:13:286:13 | tainted | string.swift:288:13:288:13 | tainted |
12741278
| string.swift:287:13:287:13 | [post] clean | string.swift:289:13:289:13 | clean |
1279+
| string.swift:287:13:287:13 | clean | string.swift:287:13:287:19 | .localizedLowercase |
12751280
| string.swift:287:13:287:13 | clean | string.swift:289:13:289:13 | clean |
12761281
| string.swift:288:13:288:13 | [post] tainted | string.swift:290:13:290:13 | tainted |
1282+
| string.swift:288:13:288:13 | tainted | string.swift:288:13:288:21 | .localizedLowercase |
12771283
| string.swift:288:13:288:13 | tainted | string.swift:290:13:290:13 | tainted |
12781284
| string.swift:289:13:289:13 | [post] clean | string.swift:291:13:291:13 | clean |
1285+
| string.swift:289:13:289:13 | clean | string.swift:289:13:289:19 | .localizedUppercase |
12791286
| string.swift:289:13:289:13 | clean | string.swift:291:13:291:13 | clean |
12801287
| string.swift:290:13:290:13 | [post] tainted | string.swift:292:13:292:13 | tainted |
1288+
| string.swift:290:13:290:13 | tainted | string.swift:290:13:290:21 | .localizedUppercase |
12811289
| string.swift:290:13:290:13 | tainted | string.swift:292:13:292:13 | tainted |
12821290
| string.swift:291:13:291:13 | [post] clean | string.swift:293:13:293:13 | clean |
1291+
| string.swift:291:13:291:13 | clean | string.swift:291:13:291:19 | .decomposedStringWithCanonicalMapping |
12831292
| string.swift:291:13:291:13 | clean | string.swift:293:13:293:13 | clean |
12841293
| string.swift:292:13:292:13 | [post] tainted | string.swift:294:13:294:13 | tainted |
1294+
| string.swift:292:13:292:13 | tainted | string.swift:292:13:292:21 | .decomposedStringWithCanonicalMapping |
12851295
| string.swift:292:13:292:13 | tainted | string.swift:294:13:294:13 | tainted |
12861296
| string.swift:293:13:293:13 | [post] clean | string.swift:295:13:295:13 | clean |
1297+
| string.swift:293:13:293:13 | clean | string.swift:293:13:293:19 | .precomposedStringWithCompatibilityMapping |
12871298
| string.swift:293:13:293:13 | clean | string.swift:295:13:295:13 | clean |
12881299
| string.swift:294:13:294:13 | [post] tainted | string.swift:296:13:296:13 | tainted |
1300+
| string.swift:294:13:294:13 | tainted | string.swift:294:13:294:21 | .precomposedStringWithCompatibilityMapping |
12891301
| string.swift:294:13:294:13 | tainted | string.swift:296:13:296:13 | tainted |
1302+
| string.swift:295:13:295:13 | clean | string.swift:295:13:295:19 | .removingPercentEncoding |
12901303
| string.swift:295:13:295:19 | .removingPercentEncoding | string.swift:295:13:295:42 | ...! |
1304+
| string.swift:296:13:296:13 | tainted | string.swift:296:13:296:21 | .removingPercentEncoding |
12911305
| string.swift:296:13:296:21 | .removingPercentEncoding | string.swift:296:13:296:44 | ...! |
12921306
| string.swift:300:7:300:7 | SSA def(str1) | string.swift:301:13:301:13 | str1 |
12931307
| string.swift:300:14:300:22 | call to source2() | string.swift:300:7:300:7 | SSA def(str1) |

0 commit comments

Comments
 (0)