Skip to content

Commit d87117f

Browse files
geoffw0geoffw0
committed
Swift: Have swift/string-length-conflation use indices instead of parameter names.
1 parent 840b74d commit d87117f

File tree

1 file changed

+13
-13
lines changed

1 file changed

+13
-13
lines changed

swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -94,35 +94,35 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration {
9494
* that sink. We actually want to report incorrect flow states.
9595
*/
9696
predicate isSinkImpl(DataFlow::Node node, string flowstate) {
97-
exists(AbstractFunctionDecl funcDecl, CallExpr call, string funcName, string paramName |
97+
exists(AbstractFunctionDecl funcDecl, CallExpr call, string funcName, int arg |
9898
(
9999
// arguments to method calls...
100100
exists(string className, ClassOrStructDecl c |
101101
(
102102
// `NSRange.init`
103103
className = "NSRange" and
104104
funcName = "init(location:length:)" and
105-
paramName = ["location", "length"]
105+
arg = [0, 1]
106106
or
107107
// `NSString.character`
108108
className = ["NSString", "NSMutableString"] and
109109
funcName = "character(at:)" and
110-
paramName = "at"
110+
arg = 0
111111
or
112112
// `NSString.character`
113113
className = ["NSString", "NSMutableString"] and
114114
funcName = "substring(from:)" and
115-
paramName = "from"
115+
arg = 0
116116
or
117117
// `NSString.character`
118118
className = ["NSString", "NSMutableString"] and
119119
funcName = "substring(to:)" and
120-
paramName = "to"
120+
arg = 0
121121
or
122122
// `NSMutableString.insert`
123123
className = "NSMutableString" and
124124
funcName = "insert(_:at:)" and
125-
paramName = "at"
125+
arg = 1
126126
) and
127127
c.getName() = className and
128128
c.getABaseTypeDecl*().(ClassOrStructDecl).getAMember() = funcDecl and
@@ -133,38 +133,38 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration {
133133
// arguments to function calls...
134134
// `NSMakeRange`
135135
funcName = "NSMakeRange(_:_:)" and
136-
paramName = ["loc", "len"] and
136+
arg = [0, 1] and
137137
call.getStaticTarget() = funcDecl and
138138
flowstate = "NSString"
139139
or
140140
// arguments to method calls...
141141
(
142142
// `String.dropFirst`, `String.dropLast`, `String.removeFirst`, `String.removeLast`
143143
funcName = ["dropFirst(_:)", "dropLast(_:)", "removeFirst(_:)", "removeLast(_:)"] and
144-
paramName = "k"
144+
arg = 0
145145
or
146146
// `String.prefix`, `String.suffix`
147147
funcName = ["prefix(_:)", "suffix(_:)"] and
148-
paramName = "maxLength"
148+
arg = 0
149149
or
150150
// `String.Index.init`
151151
funcName = "init(encodedOffset:)" and
152-
paramName = "offset"
152+
arg = 0
153153
or
154154
// `String.index`
155155
funcName = ["index(_:offsetBy:)", "index(_:offsetBy:limitBy:)"] and
156-
paramName = ["n", "distance"]
156+
arg = [0, 1]
157157
or
158158
// `String.formIndex`
159159
funcName = ["formIndex(_:offsetBy:)", "formIndex(_:offsetBy:limitBy:)"] and
160-
paramName = "distance"
160+
arg = [0, 1]
161161
) and
162162
call.getStaticTarget() = funcDecl and
163163
flowstate = "String"
164164
) and
165165
// match up `funcName`, `paramName`, `arg`, `node`.
166166
funcDecl.getName() = funcName and
167-
call.getArgumentByParamName(paramName).getExpr() = node.asExpr()
167+
call.getArgument(arg).getExpr() = node.asExpr()
168168
)
169169
}
170170

0 commit comments

Comments
 (0)