Skip to content

Commit b4db68a

Browse files
geoffw0geoffw0
committed
Swift: Add content to the string models.
1 parent a6f29fa commit b4db68a

File tree

2 files changed

+39
-22
lines changed

2 files changed

+39
-22
lines changed

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll

Lines changed: 39 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -34,22 +34,24 @@ private class StringSummaries extends SummaryModelCsv {
3434
row =
3535
[
3636
";StringProtocol;true;init(cString:);;;Argument[0];ReturnValue;taint",
37+
";StringProtocol;true;init(cString:);;;Argument[0].ArrayElement;ReturnValue;taint",
38+
";StringProtocol;true;init(cString:);;;Argument[0].CollectionElement;ReturnValue;taint",
3739
";StringProtocol;true;init(decoding:as:);;;Argument[0];ReturnValue;taint",
38-
";StringProtocol;true;init(decodingCString:as:);;;Argument[0];ReturnValue;taint",
40+
";StringProtocol;true;init(decodingCString:as:);;;Argument[0].OptionalSome.CollectionElement;ReturnValue.OptionalSome.TupleElement[0];taint",
3941
";StringProtocol;true;addingPercentEncoding(withAllowedCharacter:);;;Argument[-1];ReturnValue;taint",
4042
";StringProtocol;true;addingPercentEscapes(using:);;;Argument[-1];ReturnValue;taint",
4143
";StringProtocol;true;appending(_:);;;Argument[-1..0];ReturnValue;taint",
4244
";StringProtocol;true;appendingFormat(_:_:);;;Argument[-1..0];ReturnValue;taint", //-1..
4345
";StringProtocol;true;applyingTransform(_:reverse:);;;Argument[-1];ReturnValue;taint",
4446
";StringProtocol;true;cString(using:);;;Argument[-1];ReturnValue;taint",
4547
";StringProtocol;true;capitalized(with:);;;Argument[-1];ReturnValue;taint",
46-
";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0];taint",
47-
";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2];taint",
48+
";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0].OptionalSome.CollectionElement;taint",
49+
";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2].OptionalSome.CollectionElement.ArrayElement;taint",
4850
";StringProtocol;true;components(separatedBy:);;;Argument[-1];ReturnValue;taint",
4951
";StringProtocol;true;data(using:allowLossyConversion:);;;Argument[-1];ReturnValue;taint",
5052
";StringProtocol;true;folding(options:locale:);;;Argument[-1];ReturnValue;taint",
51-
";StringProtocol;true;getBytes(_:maxLength:usedLength:encoding:options:range:remaining:);;;Argument[-1];Argument[0];taint",
52-
";StringProtocol;true;getCString(_:maxLength:encoding:);;;Argument[-1];Argument[0];taint",
53+
";StringProtocol;true;getBytes(_:maxLength:usedLength:encoding:options:range:remaining:);;;Argument[-1];Argument[0].ArrayElement;taint",
54+
";StringProtocol;true;getCString(_:maxLength:encoding:);;;Argument[-1];Argument[0].ArrayElement;taint",
5355
";StringProtocol;true;lowercased();;;Argument[-1];ReturnValue;taint",
5456
";StringProtocol;true;lowercased(with:);;;Argument[-1];ReturnValue;taint",
5557
";StringProtocol;true;padding(toLength:withPad:startingAt:);;;Argument[-1];ReturnValue;taint",
@@ -68,18 +70,26 @@ private class StringSummaries extends SummaryModelCsv {
6870
";StringProtocol;true;uppercased(with:);;;Argument[-1];ReturnValue;taint",
6971
";String;true;init(decoding:);;;Argument[0];ReturnValue;taint",
7072
";String;true;init(_:);;;Argument[0];ReturnValue;taint",
73+
";String;true;init(_:);;;Argument[0];ReturnValue.OptionalSome;taint",
7174
";String;true;init(repeating:count:);;;Argument[0];ReturnValue;taint",
72-
";String;true;init(data:encoding:);;;Argument[0];ReturnValue;taint",
73-
";String;true;init(validatingUTF8:);;;Argument[0];ReturnValue;taint",
74-
";String;true;init(utf16CodeUnits:count:);;;Argument[0];ReturnValue;taint",
75-
";String;true;init(utf16CodeUnitsNoCopy:count:freeWhenDone:);;;Argument[0];ReturnValue;taint",
76-
";String;true;init(format:_:);;;Argument[0];ReturnValue;taint", //0..
77-
";String;true;init(format:arguments:);;;Argument[0..1];ReturnValue;taint",
78-
";String;true;init(format:locale:_:);;;Argument[0];ReturnValue;taint", //0,2..
75+
";String;true;init(data:encoding:);;;Argument[0];ReturnValue.OptionalSome;taint",
76+
";String;true;init(validatingUTF8:);;;Argument[0];ReturnValue.OptionalSome;taint",
77+
";String;true;init(validatingUTF8:);;;Argument[0].ArrayElement;ReturnValue.OptionalSome;taint",
78+
";String;true;init(validatingUTF8:);;;Argument[0].CollectionElement;ReturnValue.OptionalSome;taint",
79+
";String;true;init(utf16CodeUnits:count:);;;Argument[0].CollectionElement;ReturnValue;taint",
80+
";String;true;init(utf16CodeUnitsNoCopy:count:freeWhenDone:);;;Argument[0].CollectionElement;ReturnValue;taint",
81+
";String;true;init(format:_:);;;Argument[0];ReturnValue;taint",
82+
";String;true;init(format:_:);;;Argument[1].ArrayElement;ReturnValue;taint",
83+
";String;true;init(format:arguments:);;;Argument[0];ReturnValue;taint",
84+
";String;true;init(format:arguments:);;;Argument[1].ArrayElement;ReturnValue;taint",
85+
";String;true;init(format:locale:_:);;;Argument[0];ReturnValue;taint",
86+
";String;true;init(format:locale:_:);;;Argument[2].ArrayElement;ReturnValue;taint",
7987
";String;true;init(format:locale:arguments:);;;Argument[0];ReturnValue;taint",
88+
";String;true;init(format:locale:arguments:);;;Argument[2].ArrayElement;ReturnValue;taint",
8089
";String;true;init(_:radix:uppercase:);;;Argument[0];ReturnValue;taint",
81-
";String;true;init(bytes:encoding:);;;Argument[0];ReturnValue;taint",
82-
";String;true;init(bytesNoCopy:length:encoding:freeWhenDone:);;;Argument[0];ReturnValue;taint",
90+
";String;true;init(bytes:encoding:);;;Argument[0].ArrayElement;ReturnValue.OptionalSome;taint",
91+
";String;true;init(bytes:encoding:);;;Argument[0].CollectionElement;ReturnValue.OptionalSome;taint",
92+
";String;true;init(bytesNoCopy:length:encoding:freeWhenDone:);;;Argument[0].CollectionElement;ReturnValue.OptionalSome;taint",
8393
";String;true;init(describing:);;;Argument[0];ReturnValue;taint",
8494
";String;true;init(contentsOf:);;;Argument[0];ReturnValue;taint",
8595
";String;true;init(contentsOf:encoding:);;;Argument[0];ReturnValue;taint",
@@ -88,16 +98,26 @@ private class StringSummaries extends SummaryModelCsv {
8898
";String;true;init(contentsOfFile:encoding:);;;Argument[0];ReturnValue;taint",
8999
";String;true;init(contentsOfFile:usedEncoding:);;;Argument[0];ReturnValue;taint",
90100
";String;true;init(from:);;;Argument[0];ReturnValue;taint",
101+
";String;true;init(from:);;;Argument[0];ReturnValue.OptionalSome;taint",
91102
";String;true;init(stringInterpolation:);;;Argument[0];ReturnValue;taint",
92103
";String;true;init(stringLiteral:);;;Argument[0];ReturnValue;taint",
93104
";String;true;init(unicodeScalarLiteral:);;;Argument[0];ReturnValue;taint",
94105
";String;true;init(extendedGraphemeClusterLiteral:);;;Argument[0];ReturnValue;taint",
95-
";String;true;init(cString:encoding:);;;Argument[0];ReturnValue;taint",
106+
";String;true;init(cString:encoding:);;;Argument[0];ReturnValue.OptionalSome;taint",
107+
";String;true;init(cString:encoding:);;;Argument[0].ArrayElement;ReturnValue.OptionalSome;taint",
108+
";String;true;init(cString:encoding:);;;Argument[0].CollectionElement;ReturnValue.OptionalSome;taint",
96109
";String;true;init(platformString:);;;Argument[0];ReturnValue;taint",
97-
";String;true;init(utf8String:);;;Argument[0];ReturnValue;taint",
98-
";String;true;init(validating:);;;Argument[0];ReturnValue;taint",
99-
";String;true;init(validatingPlatformString:);;;Argument[0];ReturnValue;taint",
100-
";String;true;localizedStringWithFormat(_:_:);;;Argument[0..1];ReturnValue;taint",
110+
";String;true;init(platformString:);;;Argument[0].ArrayElement;ReturnValue;taint",
111+
";String;true;init(platformString:);;;Argument[0].CollectionElement;ReturnValue;taint",
112+
";String;true;init(utf8String:);;;Argument[0];ReturnValue.OptionalSome;taint",
113+
";String;true;init(utf8String:);;;Argument[0].ArrayElement;ReturnValue.OptionalSome;taint",
114+
";String;true;init(utf8String:);;;Argument[0].CollectionElement;ReturnValue.OptionalSome;taint",
115+
";String;true;init(validating:);;;Argument[0];ReturnValue.OptionalSome;taint",
116+
";String;true;init(validatingPlatformString:);;;Argument[0];ReturnValue.OptionalSome;taint",
117+
";String;true;init(validatingPlatformString:);;;Argument[0].ArrayElement;ReturnValue.OptionalSome;taint",
118+
";String;true;init(validatingPlatformString:);;;Argument[0].CollectionElement;ReturnValue.OptionalSome;taint",
119+
";String;true;localizedStringWithFormat(_:_:);;;Argument[0];ReturnValue;taint",
120+
";String;true;localizedStringWithFormat(_:_:);;;Argument[1].ArrayContent;ReturnValue;taint",
101121
";String;true;write(_:);;;Argument[0];Argument[-1];taint",
102122
";String;true;write(to:);;;Argument[-1];Argument[0];taint",
103123
";String;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint",

swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,3 @@
11
failures
22
testFailures
3-
| string.swift:470:81:471:1 | // $ tainted=450\n | Missing result:tainted=450 |
4-
| string.swift:473:50:474:1 | // $ tainted=450\n | Missing result:tainted=450 |
53
| string.swift:496:26:497:1 | // $ tainted=450\n | Missing result:tainted=450 |
6-
| string.swift:526:50:527:1 | // $ tainted=506\n | Missing result:tainted=506 |

0 commit comments

Comments
 (0)