Skip to content

Commit a6f29fa

Browse files
geoffw0geoffw0
committed
Swift: Address pointer/pointee conflation in the string tests themselves.
1 parent 86a73fa commit a6f29fa

File tree

2 files changed

+40
-43
lines changed

2 files changed

+40
-43
lines changed

swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,6 @@
11
failures
22
testFailures
3-
| string.swift:407:23:408:1 | // $ tainted=366\n | Missing result:tainted=366 |
4-
| string.swift:441:20:442:1 | // $ tainted=366\n | Missing result:tainted=366 |
5-
| string.swift:483:23:484:1 | // $ tainted=450\n | Missing result:tainted=450 |
6-
| string.swift:496:23:497:1 | // $ tainted=450\n | Missing result:tainted=450 |
7-
| string.swift:518:20:519:1 | // $ tainted=506\n | Missing result:tainted=506 |
8-
| string.swift:544:20:545:1 | // $ tainted=533\n | Missing result:tainted=533 |
9-
| string.swift:610:18:611:1 | // $ tainted=617\n | Missing result:tainted=617 |
3+
| string.swift:470:81:471:1 | // $ tainted=450\n | Missing result:tainted=450 |
4+
| string.swift:473:50:474:1 | // $ tainted=450\n | Missing result:tainted=450 |
5+
| string.swift:496:26:497:1 | // $ tainted=450\n | Missing result:tainted=450 |
6+
| string.swift:526:50:527:1 | // $ tainted=506\n | Missing result:tainted=506 |

swift/ql/test/library-tests/dataflow/taint/libraries/string.swift

Lines changed: 36 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -367,101 +367,101 @@ func taintThroughEncodings() {
367367

368368
clean.withUTF8({
369369
buffer in
370-
sink(arg: buffer)
370+
sink(arg: buffer[0])
371371
sink(arg: buffer.baseAddress!)
372372
})
373373
tainted.withUTF8({
374374
buffer in
375-
sink(arg: buffer) // $ MISSING: tainted=366
375+
sink(arg: buffer[0]) // $ MISSING: tainted=366
376376
sink(arg: buffer.baseAddress!) // $ MISSING: tainted=366
377377
})
378378

379379
clean.withCString({
380380
ptr in
381-
sink(arg: ptr)
381+
sink(arg: ptr[0])
382382
})
383383
tainted.withCString({
384384
ptr in
385-
sink(arg: ptr) // $ MISSING: tainted=366
385+
sink(arg: ptr[0]) // $ MISSING: tainted=366
386386
})
387387
clean.withCString(encodedAs: UTF8.self, {
388388
ptr in
389-
sink(arg: ptr)
389+
sink(arg: ptr[0])
390390
})
391391
tainted.withCString(encodedAs: UTF8.self, {
392392
ptr in
393-
sink(arg: ptr) // $ MISSING: tainted=366
393+
sink(arg: ptr[0]) // $ MISSING: tainted=366
394394
})
395395

396396
let arrayString1 = clean.cString(using: String.Encoding.utf8)!
397397
sink(arg: arrayString1)
398398
arrayString1.withUnsafeBufferPointer({
399399
buffer in
400-
sink(arg: buffer)
400+
sink(arg: buffer[0])
401401
sink(arg: String(cString: buffer.baseAddress!))
402402
})
403403
let arrayString2 = tainted.cString(using: String.Encoding.utf8)!
404404
sink(arg: arrayString2) // $ tainted=366
405405
arrayString2.withUnsafeBufferPointer({
406406
buffer in
407-
sink(arg: buffer) // $ tainted=366
407+
sink(arg: buffer[0]) // $ tainted=366
408408
sink(arg: String(cString: buffer.baseAddress!)) // $ MISSING: tainted=366
409409
})
410410

411411
clean.withPlatformString({
412412
ptr in
413-
sink(arg: ptr)
413+
sink(arg: ptr[0])
414414
sink(arg: String(platformString: ptr))
415415

416416
let buffer = UnsafeBufferPointer(start: ptr, count: 10)
417417
let arrayString = Array(buffer)
418-
sink(arg: buffer)
419-
sink(arg: arrayString)
418+
sink(arg: buffer[0])
419+
sink(arg: arrayString[0])
420420
sink(arg: String(platformString: arrayString))
421421
})
422422
tainted.withPlatformString({
423423
ptr in
424-
sink(arg: ptr) // $ MISSING: tainted=366
424+
sink(arg: ptr[0]) // $ MISSING: tainted=366
425425
sink(arg: String(platformString: ptr)) // $ MISSING: tainted=366
426426

427427
let buffer = UnsafeBufferPointer(start: ptr, count: 10)
428428
let arrayString = Array(buffer)
429-
sink(arg: buffer) // $ MISSING: tainted=366
430-
sink(arg: arrayString) // $ MISSING: tainted=366
429+
sink(arg: buffer[0]) // $ MISSING: tainted=366
430+
sink(arg: arrayString[0]) // $ MISSING: tainted=366
431431
sink(arg: String(platformString: arrayString)) // $ MISSING: tainted=366
432432
})
433433

434434
clean.withContiguousStorageIfAvailable({
435435
ptr in
436-
sink(arg: ptr)
436+
sink(arg: ptr[0])
437437
sink(arg: ptr.baseAddress!)
438438
})
439439
tainted.withContiguousStorageIfAvailable({
440440
ptr in
441-
sink(arg: ptr) // $ tainted=366
441+
sink(arg: ptr[0]) // $ tainted=366
442442
sink(arg: ptr.baseAddress!) // $ MISSING: tainted=366
443443
})
444444
}
445445

446-
func source4() -> [UInt8] { return [] }
446+
func source4() -> UInt8 { return 0 }
447447

448448
func taintFromUInt8Array() {
449449
var cleanUInt8Values: [UInt8] = [0x41, 0x42, 0x43, 0] // "ABC"
450-
var taintedUInt8Values = source4()
450+
var taintedUInt8Values: [UInt8] = [source4()]
451451

452452
sink(arg: String(unsafeUninitializedCapacity: 256, initializingUTF8With: {
453453
(buffer: UnsafeMutableBufferPointer<UInt8>) -> Int in
454-
sink(arg: buffer)
454+
sink(arg: buffer[0])
455455
let _ = buffer.initialize(from: cleanUInt8Values)
456-
sink(arg: buffer)
456+
sink(arg: buffer[0])
457457
return 3
458458
}
459459
))
460460
sink(arg: String(unsafeUninitializedCapacity: 256, initializingUTF8With: { // $ MISSING: tainted=450
461461
(buffer: UnsafeMutableBufferPointer<UInt8>) -> Int in
462-
sink(arg: buffer)
462+
sink(arg: buffer[0])
463463
let _ = buffer.initialize(from: taintedUInt8Values)
464-
sink(arg: buffer) // $ MISSING: tainted=450
464+
sink(arg: buffer[0]) // $ MISSING: tainted=450
465465
return 256
466466
}
467467
))
@@ -474,48 +474,48 @@ func taintFromUInt8Array() {
474474

475475
try! cleanUInt8Values.withUnsafeBufferPointer({
476476
(buffer: UnsafeBufferPointer<UInt8>) throws in
477-
sink(arg: buffer)
477+
sink(arg: buffer[0])
478478
sink(arg: buffer.baseAddress!)
479479
sink(arg: String(cString: buffer.baseAddress!))
480480
})
481481
try! taintedUInt8Values.withUnsafeBufferPointer({
482482
(buffer: UnsafeBufferPointer<UInt8>) throws in
483-
sink(arg: buffer) // $ tainted=450
483+
sink(arg: buffer[0]) // $ tainted=450
484484
sink(arg: buffer.baseAddress!) // $ MISSING: tainted=450
485485
sink(arg: String(cString: buffer.baseAddress!)) // $ MISSING: tainted=450
486486
})
487487

488488
try! cleanUInt8Values.withUnsafeMutableBytes({
489489
(buffer: UnsafeMutableRawBufferPointer) throws in
490-
sink(arg: buffer)
490+
sink(arg: buffer[0])
491491
sink(arg: buffer.baseAddress!)
492492
sink(arg: String(bytesNoCopy: buffer.baseAddress!, length: buffer.count, encoding: String.Encoding.utf8, freeWhenDone: false)!)
493493
})
494494
try! taintedUInt8Values.withUnsafeMutableBytes({
495495
(buffer: UnsafeMutableRawBufferPointer) throws in
496-
sink(arg: buffer) // $ tainted=450
496+
sink(arg: buffer[0]) // $ tainted=450
497497
sink(arg: buffer.baseAddress!) // $ MISSING: tainted=450
498498
sink(arg: String(bytesNoCopy: buffer.baseAddress!, length: buffer.count, encoding: String.Encoding.utf8, freeWhenDone: false)!) // $ MISSING: tainted=450
499499
})
500500
}
501501

502-
func source5() -> [CChar] { return [] }
502+
func source5() -> CChar { return 0 }
503503

504504
func taintThroughCCharArray() {
505505
let cleanCCharValues: [CChar] = [0x41, 0x42, 0x43, 0]
506-
let taintedCCharValues: [CChar] = source5()
506+
let taintedCCharValues: [CChar] = [source5()]
507507

508508
cleanCCharValues.withUnsafeBufferPointer({
509509
ptr in
510-
sink(arg: ptr)
510+
sink(arg: ptr[0])
511511
sink(arg: ptr.baseAddress!)
512512
sink(arg: String(utf8String: ptr.baseAddress!)!)
513513
sink(arg: String(validatingUTF8: ptr.baseAddress!)!)
514514
sink(arg: String(cString: ptr.baseAddress!))
515515
})
516516
taintedCCharValues.withUnsafeBufferPointer({
517517
ptr in
518-
sink(arg: ptr) // $ tainted=506
518+
sink(arg: ptr[0]) // $ tainted=506
519519
sink(arg: ptr.baseAddress!) // $ MISSING: tainted=506
520520
sink(arg: String(utf8String: ptr.baseAddress!)!) // $ MISSING: tainted=506
521521
sink(arg: String(validatingUTF8: ptr.baseAddress!)!) // $ MISSING: tainted=506
@@ -526,22 +526,22 @@ func taintThroughCCharArray() {
526526
sink(arg: String(cString: taintedCCharValues)) // $ tainted=506
527527
}
528528

529-
func source6() -> [unichar] { return [] }
529+
func source6() -> unichar { return 0 }
530530

531531
func taintThroughUnicharArray() {
532532
let cleanUnicharValues: [unichar] = [0x41, 0x42, 0x43, 0]
533-
let taintedUnicharValues: [unichar] = source6()
533+
let taintedUnicharValues: [unichar] = [source6()]
534534

535535
cleanUnicharValues.withUnsafeBufferPointer({
536536
ptr in
537-
sink(arg: ptr)
537+
sink(arg: ptr[0])
538538
sink(arg: ptr.baseAddress!)
539539
sink(arg: String(utf16CodeUnits: ptr.baseAddress!, count: ptr.count))
540540
sink(arg: String(utf16CodeUnitsNoCopy: ptr.baseAddress!, count: ptr.count, freeWhenDone: false))
541541
})
542542
taintedUnicharValues.withUnsafeBufferPointer({
543543
ptr in
544-
sink(arg: ptr) // $ tainted=533
544+
sink(arg: ptr[0]) // $ tainted=533
545545
sink(arg: ptr.baseAddress!) // $ MISSING: tainted=533
546546
sink(arg: String(utf16CodeUnits: ptr.baseAddress!, count: ptr.count)) // $ MISSING: tainted=533
547547
sink(arg: String(utf16CodeUnitsNoCopy: ptr.baseAddress!, count: ptr.count, freeWhenDone: false)) // $ MISSING: tainted=533
@@ -601,13 +601,13 @@ func untaintedFields() {
601601
}
602602

603603
func callbackWithCleanPointer(ptr: UnsafeBufferPointer<String.Element>) throws -> Int {
604-
sink(arg: ptr)
604+
sink(arg: ptr[0])
605605

606606
return 0
607607
}
608608

609609
func callbackWithTaintedPointer(ptr: UnsafeBufferPointer<String.Element>) throws -> Int {
610-
sink(arg: ptr) // $ tainted=617
610+
sink(arg: ptr[0]) // $ tainted=617
611611

612612
return source()
613613
}

0 commit comments

Comments
 (0)