Skip to content

Commit cb4139f

Browse files
geoffw0geoffw0
committed
Swift: Add test cases with sanitized inputs.
1 parent 72f500b commit cb4139f

File tree

2 files changed

+61
-1
lines changed

2 files changed

+61
-1
lines changed

swift/ql/test/query-tests/Security/CWE-730/RegexInjection.expected

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,15 @@ edges
1010
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:131:39:131:39 | taintedString |
1111
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:144:16:144:16 | remoteInput |
1212
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:147:39:147:39 | regexStr |
13+
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:162:17:162:17 | taintedString |
14+
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:164:17:164:17 | taintedString |
15+
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:167:17:167:17 | taintedString |
16+
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:170:17:170:17 | taintedString |
17+
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:173:17:173:17 | taintedString |
18+
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:176:17:176:17 | taintedString |
19+
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:179:17:179:17 | taintedString |
20+
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:182:17:182:17 | taintedString |
21+
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:185:17:185:17 | taintedString |
1322
nodes
1423
| tests.swift:95:22:95:46 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
1524
| tests.swift:101:16:101:16 | taintedString | semmle.label | taintedString |
@@ -23,6 +32,15 @@ nodes
2332
| tests.swift:131:39:131:39 | taintedString | semmle.label | taintedString |
2433
| tests.swift:144:16:144:16 | remoteInput | semmle.label | remoteInput |
2534
| tests.swift:147:39:147:39 | regexStr | semmle.label | regexStr |
35+
| tests.swift:162:17:162:17 | taintedString | semmle.label | taintedString |
36+
| tests.swift:164:17:164:17 | taintedString | semmle.label | taintedString |
37+
| tests.swift:167:17:167:17 | taintedString | semmle.label | taintedString |
38+
| tests.swift:170:17:170:17 | taintedString | semmle.label | taintedString |
39+
| tests.swift:173:17:173:17 | taintedString | semmle.label | taintedString |
40+
| tests.swift:176:17:176:17 | taintedString | semmle.label | taintedString |
41+
| tests.swift:179:17:179:17 | taintedString | semmle.label | taintedString |
42+
| tests.swift:182:17:182:17 | taintedString | semmle.label | taintedString |
43+
| tests.swift:185:17:185:17 | taintedString | semmle.label | taintedString |
2644
subpaths
2745
#select
2846
| tests.swift:101:16:101:16 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:101:16:101:16 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
@@ -36,3 +54,12 @@ subpaths
3654
| tests.swift:131:39:131:39 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:131:39:131:39 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
3755
| tests.swift:144:16:144:16 | remoteInput | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:144:16:144:16 | remoteInput | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
3856
| tests.swift:147:39:147:39 | regexStr | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:147:39:147:39 | regexStr | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
57+
| tests.swift:162:17:162:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:162:17:162:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
58+
| tests.swift:164:17:164:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:164:17:164:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
59+
| tests.swift:167:17:167:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:167:17:167:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
60+
| tests.swift:170:17:170:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:170:17:170:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
61+
| tests.swift:173:17:173:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:173:17:173:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
62+
| tests.swift:176:17:176:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:176:17:176:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
63+
| tests.swift:179:17:179:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:179:17:179:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
64+
| tests.swift:182:17:182:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:182:17:182:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |
65+
| tests.swift:185:17:185:17 | taintedString | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | tests.swift:185:17:185:17 | taintedString | This regular expression is constructed from a $@. | tests.swift:95:22:95:46 | call to String.init(contentsOf:) | user-provided value |

swift/ql/test/query-tests/Security/CWE-730/tests.swift

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ func regexInjectionTests(cond: Bool, varString: String, myUrl: URL) throws {
139139
// --- from the qhelp ---
140140

141141
let remoteInput = taintedString
142-
let myRegex = ".*"
142+
let myRegex = ".*"
143143

144144
_ = try Regex(remoteInput) // BAD
145145

@@ -151,4 +151,37 @@ func regexInjectionTests(cond: Bool, varString: String, myUrl: URL) throws {
151151
let escapedInput = NSRegularExpression.escapedPattern(for: remoteInput)
152152
let regexStr4 = "abc|\(escapedInput)"
153153
_ = try NSRegularExpression(pattern: regexStr4)
154+
155+
// --- barriers ---
156+
157+
let okInput = "abc"
158+
let okInputs = ["abc", "def"]
159+
let okSet: Set = ["abc", "def"]
160+
161+
if (taintedString == okInput) {
162+
_ = try Regex(taintedString).firstMatch(in: varString) // GOOD (effectively sanitized by the check) [FALSE POSITIVE]
163+
} else {
164+
_ = try Regex(taintedString).firstMatch(in: varString) // BAD
165+
}
166+
if (taintedString != okInput) {
167+
_ = try Regex(taintedString).firstMatch(in: varString) // BAD
168+
}
169+
if (varString == okInput) {
170+
_ = try Regex(taintedString).firstMatch(in: varString) // BAD
171+
}
172+
if (okInputs.contains(taintedString)) {
173+
_ = try Regex(taintedString).firstMatch(in: varString) // GOOD (effectively sanitized by the check) [FALSE POSITIVE]
174+
}
175+
if (okInputs.firstIndex(of: taintedString) != nil) {
176+
_ = try Regex(taintedString).firstMatch(in: varString) // GOOD (effectively sanitized by the check) [FALSE POSITIVE]
177+
}
178+
if let index = okInputs.firstIndex(of: taintedString) {
179+
_ = try Regex(taintedString).firstMatch(in: varString) // GOOD (effectively sanitized by the check) [FALSE POSITIVE]
180+
}
181+
if let index = okInputs.index(of: taintedString) {
182+
_ = try Regex(taintedString).firstMatch(in: varString) // GOOD (effectively sanitized by the check) [FALSE POSITIVE]
183+
}
184+
if (okSet.contains(taintedString)) {
185+
_ = try Regex(taintedString).firstMatch(in: varString) // GOOD (effectively sanitized by the check) [FALSE POSITIVE]
186+
}
154187
}

0 commit comments

Comments
 (0)