Swift: Additional test cases.

geoffw0 · geoffw0 · commit cf7f355fc4d9 · 2023-10-12T17:11:56.000+01:00
diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected
@@ -2,6 +2,8 @@ edges
 | StringLengthConflation2.swift:35:36:35:38 | .count | StringLengthConflation2.swift:35:36:35:46 | ... .-(_:_:) ... |
 | StringLengthConflation2.swift:37:34:37:36 | .count | StringLengthConflation2.swift:37:34:37:44 | ... .-(_:_:) ... |
 | StringLengthConflation.swift:36:30:36:37 | len | StringLengthConflation.swift:36:93:36:93 | len |
+| StringLengthConflation.swift:36:30:36:37 | len | StringLengthConflation.swift:36:93:36:93 | len |
+| StringLengthConflation.swift:36:30:36:37 | len | StringLengthConflation.swift:36:93:36:93 | len |
 | StringLengthConflation.swift:60:47:60:50 | .length | StringLengthConflation.swift:60:47:60:59 | ... ./(_:_:) ... |
 | StringLengthConflation.swift:66:33:66:36 | .length | StringLengthConflation.swift:66:33:66:45 | ... ./(_:_:) ... |
 | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:36:30:36:37 | len |
@@ -30,6 +32,9 @@ edges
 | StringLengthConflation.swift:178:35:178:39 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... |
 | StringLengthConflation.swift:179:37:179:39 | .count | StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... |
 | StringLengthConflation.swift:181:37:181:39 | .count | StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... |
+| StringLengthConflation.swift:190:28:190:28 | .count | StringLengthConflation.swift:36:30:36:37 | len |
+| StringLengthConflation.swift:191:28:191:33 | .count | StringLengthConflation.swift:36:30:36:37 | len |
+| StringLengthConflation.swift:193:28:193:43 | .count | StringLengthConflation.swift:36:30:36:37 | len |
 | file://:0:0:0:0 | .length | StringLengthConflation.swift:53:43:53:46 | .length |
 | file://:0:0:0:0 | .length | StringLengthConflation.swift:60:47:60:50 | .length |
 | file://:0:0:0:0 | .length | StringLengthConflation.swift:66:33:66:36 | .length |
@@ -49,6 +54,10 @@ nodes
 | StringLengthConflation2.swift:37:34:37:36 | .count | semmle.label | .count |
 | StringLengthConflation2.swift:37:34:37:44 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
 | StringLengthConflation.swift:36:30:36:37 | len | semmle.label | len |
+| StringLengthConflation.swift:36:30:36:37 | len | semmle.label | len |
+| StringLengthConflation.swift:36:30:36:37 | len | semmle.label | len |
+| StringLengthConflation.swift:36:93:36:93 | len | semmle.label | len |
+| StringLengthConflation.swift:36:93:36:93 | len | semmle.label | len |
 | StringLengthConflation.swift:36:93:36:93 | len | semmle.label | len |
 | StringLengthConflation.swift:53:43:53:46 | .length | semmle.label | .length |
 | StringLengthConflation.swift:54:43:54:50 | .count | semmle.label | .count |
@@ -116,12 +125,21 @@ nodes
 | StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
 | StringLengthConflation.swift:181:37:181:39 | .count | semmle.label | .count |
 | StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
+| StringLengthConflation.swift:190:28:190:28 | .count | semmle.label | .count |
+| StringLengthConflation.swift:190:28:190:28 | .count | semmle.label | .count |
+| StringLengthConflation.swift:191:28:191:33 | .count | semmle.label | .count |
+| StringLengthConflation.swift:191:28:191:33 | .count | semmle.label | .count |
+| StringLengthConflation.swift:193:28:193:43 | .count | semmle.label | .count |
+| StringLengthConflation.swift:193:28:193:43 | .count | semmle.label | .count |
 | file://:0:0:0:0 | .length | semmle.label | .length |
 subpaths
 #select
 | StringLengthConflation2.swift:35:36:35:46 | ... .-(_:_:) ... | StringLengthConflation2.swift:35:36:35:38 | .count | StringLengthConflation2.swift:35:36:35:46 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
 | StringLengthConflation2.swift:37:34:37:44 | ... .-(_:_:) ... | StringLengthConflation2.swift:37:34:37:36 | .count | StringLengthConflation2.swift:37:34:37:44 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
 | StringLengthConflation.swift:36:93:36:93 | len | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:36:93:36:93 | len | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:36:93:36:93 | len | StringLengthConflation.swift:190:28:190:28 | .count | StringLengthConflation.swift:36:93:36:93 | len | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:36:93:36:93 | len | StringLengthConflation.swift:191:28:191:33 | .count | StringLengthConflation.swift:36:93:36:93 | len | This String.UTF8View length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:36:93:36:93 | len | StringLengthConflation.swift:193:28:193:43 | .count | StringLengthConflation.swift:36:93:36:93 | len | This String.UnicodeScalarView length is used in an NSString, but it may not be equivalent. |
 | StringLengthConflation.swift:53:43:53:46 | .length | StringLengthConflation.swift:53:43:53:46 | .length | StringLengthConflation.swift:53:43:53:46 | .length | This NSString length is used in a String, but it may not be equivalent. |
 | StringLengthConflation.swift:53:43:53:46 | .length | file://:0:0:0:0 | .length | StringLengthConflation.swift:53:43:53:46 | .length | This NSString length is used in a String, but it may not be equivalent. |
 | StringLengthConflation.swift:54:43:54:50 | .count | StringLengthConflation.swift:54:43:54:50 | .count | StringLengthConflation.swift:54:43:54:50 | .count | This String.UTF8View length is used in a String, but it may not be equivalent. |
@@ -173,3 +191,6 @@ subpaths
 | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String.UnicodeScalarView, but it may not be equivalent. |
 | StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | StringLengthConflation.swift:179:37:179:39 | .count | StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | This String length is used in a String.UTF8View, but it may not be equivalent. |
 | StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | StringLengthConflation.swift:181:37:181:39 | .count | StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | This String length is used in a String.UTF16View, but it may not be equivalent. |
+| StringLengthConflation.swift:190:28:190:28 | .count | StringLengthConflation.swift:190:28:190:28 | .count | StringLengthConflation.swift:190:28:190:28 | .count | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:191:28:191:33 | .count | StringLengthConflation.swift:191:28:191:33 | .count | StringLengthConflation.swift:191:28:191:33 | .count | This String.UTF8View length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:193:28:193:43 | .count | StringLengthConflation.swift:193:28:193:43 | .count | StringLengthConflation.swift:193:28:193:43 | .count | This String.UnicodeScalarView length is used in an NSString, but it may not be equivalent. |
diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift
@@ -184,3 +184,12 @@ func test(s: String) {
 
 // `begin :thumbsup: end`, with thumbs up emoji and skin tone modifier
 test(s: "begin \u{0001F44D}\u{0001F3FF} end")
+
+extension String {
+    func newStringMethod() {
+        _ = NSMakeRange(0, count) // BAD
+        _ = NSMakeRange(0, utf8.count) // BAD
+        _ = NSMakeRange(0, utf16.count) // GOOD (`String.UTF16View` and `NSString` lengths are equivalent)
+        _ = NSMakeRange(0, unicodeScalars.count) // BAD
+    }
+}
