Swift: Add a test with multiple evaluations.

geoffw0 · geoffw0 · commit 7f9cb16ab146 · 2023-07-04T11:34:10.000+01:00
diff --git a/swift/ql/test/query-tests/Security/CWE-730/RegexInjection.expected b/swift/ql/test/query-tests/Security/CWE-730/RegexInjection.expected
@@ -19,6 +19,7 @@ edges
 | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:179:17:179:17 | taintedString |
 | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:182:17:182:17 | taintedString |
 | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:185:17:185:17 | taintedString |
+| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:190:21:190:21 | taintedString |
 nodes
 | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
 | tests.swift:101:16:101:16 | taintedString | semmle.label | taintedString |
@@ -41,6 +42,7 @@ nodes
 | tests.swift:179:17:179:17 | taintedString | semmle.label | taintedString |
 | tests.swift:182:17:182:17 | taintedString | semmle.label | taintedString |
 | tests.swift:185:17:185:17 | taintedString | semmle.label | taintedString |
+| tests.swift:190:21:190:21 | taintedString | semmle.label | taintedString |
 subpaths
 #select
 | tests.swift:101:16:101:16 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:101:16:101:16 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
@@ -63,3 +65,4 @@ subpaths
 | tests.swift:179:17:179:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:179:17:179:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
 | tests.swift:182:17:182:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:182:17:182:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
 | tests.swift:185:17:185:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:185:17:185:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
+| tests.swift:190:21:190:21 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:190:21:190:21 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
diff --git a/swift/ql/test/query-tests/Security/CWE-730/tests.swift b/swift/ql/test/query-tests/Security/CWE-730/tests.swift
@@ -184,4 +184,10 @@ func regexInjectionTests(cond: Bool, varString: String, myUrl: URL) throws {
 	if (okSet.contains(taintedString)) {
 		_ = try Regex(taintedString).firstMatch(in: varString) // GOOD (effectively sanitized by the check) [FALSE POSITIVE]
 	}
+
+	// --- multiple evaluations ---
+
+	let re = try Regex(taintedString) // BAD
+	_ = try re.firstMatch(in: varString) // (we only want to flag one location total)
+	_ = try re.firstMatch(in: varString)
 }

Original file line number	Diff line number	Diff line change
`@@ -184,4 +184,10 @@ func regexInjectionTests(cond: Bool, varString: String, myUrl: URL) throws {`
`184`	`184`	`if (okSet.contains(taintedString)) {`
`185`	`185`	`_ = try Regex(taintedString).firstMatch(in: varString) // GOOD (effectively sanitized by the check) [FALSE POSITIVE]`
`186`	`186`	`}`
	`187`	`+`
	`188`	`+ // --- multiple evaluations ---`
	`189`	`+`
	`190`	`+ let re = try Regex(taintedString) // BAD`
	`191`	`+ _ = try re.firstMatch(in: varString) // (we only want to flag one location total)`
	`192`	`+ _ = try re.firstMatch(in: varString)`
`187`	`193`	`}`