Skip to content

Commit 1b74b49

Browse files
geoffw0geoffw0
committed
Swift: Improve NSString models for varargs functions.
1 parent f8c5a9a commit 1b74b49

File tree

2 files changed

+11
-6
lines changed

2 files changed

+11
-6
lines changed

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -50,8 +50,10 @@ private class NsStringSummaries extends SummaryModelCsv {
5050
";NSString;true;init(format:arguments:);;;Argument[0..1];ReturnValue;taint",
5151
";NSString;true;init(format:locale:arguments:);;;Argument[0];ReturnValue;taint",
5252
";NSString;true;init(format:locale:arguments:);;;Argument[2];ReturnValue;taint",
53-
";NSString;true;init(format:_:);;;Argument[0];ReturnValue;taint", //0..
54-
";NSString;true;init(format:locale:_:);;;Argument[0];ReturnValue;taint", //0,2..
53+
";NSString;true;init(format:_:);;;Argument[0];ReturnValue;taint",
54+
";NSString;true;init(format:_:);;;Argument[1].CollectionElement;ReturnValue;taint",
55+
";NSString;true;init(format:locale:_:);;;Argument[0];ReturnValue;taint",
56+
";NSString;true;init(format:locale:_:);;;Argument[2].CollectionElement;ReturnValue;taint",
5557
";NSString;true;init(data:encoding:);;;Argument[0];ReturnValue;taint",
5658
";NSString;true;init(contentsOfFile:);;;Argument[0];ReturnValue;taint",
5759
";NSString;true;init(contentsOfFile:encoding:);;;Argument[0];ReturnValue;taint",
@@ -60,7 +62,8 @@ private class NsStringSummaries extends SummaryModelCsv {
6062
";NSString;true;init(contentsOf:encoding:);;;Argument[0];ReturnValue;taint",
6163
";NSString;true;init(contentsOf:usedEncoding:);;;Argument[0];ReturnValue;taint",
6264
";NSString;true;init(coder:);;;Argument[0];ReturnValue;taint",
63-
";NSString;true;localizedStringWithFormat(_:_:);;;Argument[0];ReturnValue;taint", //0..
65+
";NSString;true;localizedStringWithFormat(_:_:);;;Argument[0];ReturnValue;taint",
66+
";NSString;true;localizedStringWithFormat(_:_:);;;Argument[1].CollectionElement;ReturnValue;taint",
6467
";NSString;true;character(at:);;;Argument[-1];ReturnValue;taint",
6568
";NSString;true;getCharacters(_:);;;Argument[-1];Argument[0];taint",
6669
";NSString;true;getCharacters(_:range:);;;Argument[-1];Argument[0];taint",
@@ -72,7 +75,8 @@ private class NsStringSummaries extends SummaryModelCsv {
7275
";NSString;true;getCString(_:maxLength:);;;Argument[-1];Argument[0];taint",
7376
";NSString;true;getCString(_:maxLength:encoding:);;;Argument[-1];Argument[0];taint",
7477
";NSString;true;getCString(_:maxLength:range:remaining:);;;Argument[-1];Argument[0];taint",
75-
";NSString;true;appendingFormat(_:_:);;;Argument[-1..0];ReturnValue;taint", // -1..
78+
";NSString;true;appendingFormat(_:_:);;;Argument[-1..0];ReturnValue;taint",
79+
";NSString;true;appendingFormat(_:_:);;;Argument[1].CollectionElement;ReturnValue;taint",
7680
";NSString;true;appending(_:);;;Argument[-1..0];ReturnValue;taint",
7781
";NSString;true;padding(toLength:withPad:startingAt:);;;Argument[-1];ReturnValue;taint",
7882
";NSString;true;padding(toLength:withPad:startingAt:);;;Argument[1];ReturnValue;taint",
@@ -119,7 +123,8 @@ private class NsStringSummaries extends SummaryModelCsv {
119123
";NSMutableString;true;replaceCharacters(in:with:);;;Argument[1];Argument[-1];taint",
120124
";NSMutableString;true;replaceOccurrences(of:with:options:range:);;;Argument[1];Argument[-1];taint",
121125
";NSMutableString;true;setString(_:);;;Argument[0];Argument[-1];taint",
122-
";NSMutableString;true;appendFormat(_:_:);;;Argument[0];Argument[-1];taint", //0..
126+
";NSMutableString;true;appendFormat(_:_:);;;Argument[0];Argument[-1];taint",
127+
";NSMutableString;true;appendFormat(_:_:);;;Argument[1].CollectionElement;Argument[-1];taint",
123128
]
124129
}
125130
}

swift/ql/test/library-tests/dataflow/taint/libraries/nsstring.swift

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -244,7 +244,7 @@ func taintThroughInterpolatedStrings() {
244244

245245
let harmless = NSString(string: "harmless")
246246
let myRange = NSRange(location:0, length: 128)
247-
sink(arg: NSString.localizedStringWithFormat(NSString(string: "%i %s %i"), 1, sourceInt(), 3)) // $ MISSING: tainted=247
247+
sink(arg: NSString.localizedStringWithFormat(NSString(string: "%i %i %i"), 1, sourceInt(), 3)) // $ tainted=247
248248
sink(arg: NSString.localizedStringWithFormat(sourceNSString(), 1, 2, 3)) // $ tainted=248
249249
sink(arg: sourceNSString().character(at: 0)) // $ tainted=249
250250
sink(arg: sourceNSString().cString(using: 0)!) // $ tainted=250

0 commit comments

Comments
 (0)