diff --git a/go/ql/test/query-tests/Security/CWE-681/FilterTestResults.ql b/go/ql/test/query-tests/Security/CWE-681/FilterTestResults.ql new file mode 100644 index 000000000000..9b3e77c416f9 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-681/FilterTestResults.ql @@ -0,0 +1,15 @@ +/** + * @kind test-postprocess + * @description Remove the query predicates that differ based on 32/64-bit architecture. This should leave behind `invalidModelRowAdd` and `testFailures` in case of test failures. + */ + +/** + * The input test results: query predicate `relation` contains `data` at (`row`, `column`). + */ +external private predicate queryResults(string relation, int row, int column, string data); + +/** Holds if the test output's query predicate `relation` contains `data` at (`row`, `column`). */ +query predicate results(string relation, int row, int column, string data) { + queryResults(relation, row, column, data) and + not relation in ["#select", "nodes", "edges"] +} diff --git a/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected b/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected index 42831abaf155..e69de29bb2d1 100644 --- a/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected +++ b/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected @@ -1,2 +0,0 @@ -invalidModelRow -testFailures diff --git a/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go b/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go index 7927a5fe252c..1b7b4e962756 100644 --- a/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go +++ b/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go @@ -24,7 +24,7 @@ func lookupNumberByName(reg *registry, name string) (int32, error) { return 567, nil } func lab(s string) (*something, error) { - num, err := strconv.Atoi(s) + num, err := strconv.Atoi(s) // $Source if err != nil { number, err := lookupNumberByName(®istry{}, s) @@ -33,7 +33,7 @@ func lab(s string) (*something, error) { } num = int(number) } - target, err := lookupTarget(&config{}, int32(num)) // $ hasValueFlow="num" + target, err := lookupTarget(&config{}, int32(num)) // $Alert if err != nil { return nil, err } @@ -63,12 +63,12 @@ func testParseInt() { _ = uint(parsed) } { - parsed, err := strconv.ParseInt("3456", 10, 16) + parsed, err := strconv.ParseInt("3456", 10, 16) // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert _ = int16(parsed) _ = uint16(parsed) _ = int32(parsed) @@ -79,14 +79,14 @@ func testParseInt() { _ = uint(parsed) } { - parsed, err := strconv.ParseInt("3456", 10, 32) + parsed, err := strconv.ParseInt("3456", 10, 32) // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert _ = int32(parsed) _ = uint32(parsed) _ = int64(parsed) @@ -95,32 +95,32 @@ func testParseInt() { _ = uint(parsed) } { - parsed, err := strconv.ParseInt("3456", 10, 64) + parsed, err := strconv.ParseInt("3456", 10, 64) // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" - _ = int32(parsed) // $ hasValueFlow="parsed" - _ = uint32(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert + _ = int32(parsed) // $Alert + _ = uint32(parsed) // $Alert _ = int64(parsed) _ = uint64(parsed) - _ = int(parsed) // $ hasValueFlow="parsed" - _ = uint(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert + _ = uint(parsed) // $Alert } { - parsed, err := strconv.ParseInt("3456", 10, 0) + parsed, err := strconv.ParseInt("3456", 10, 0) // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" - _ = int32(parsed) // $ hasValueFlow="parsed" - _ = uint32(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert + _ = int32(parsed) // $Alert + _ = uint32(parsed) // $Alert _ = int64(parsed) _ = uint64(parsed) _ = int(parsed) @@ -130,11 +130,11 @@ func testParseInt() { func testParseUint() { { - parsed, err := strconv.ParseUint("3456", 10, 8) + parsed, err := strconv.ParseUint("3456", 10, 8) // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert _ = uint8(parsed) _ = int16(parsed) _ = uint16(parsed) @@ -146,13 +146,13 @@ func testParseUint() { _ = uint(parsed) } { - parsed, err := strconv.ParseUint("3456", 10, 16) + parsed, err := strconv.ParseUint("3456", 10, 16) // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert _ = uint16(parsed) _ = int32(parsed) _ = uint32(parsed) @@ -162,66 +162,66 @@ func testParseUint() { _ = uint(parsed) } { - parsed, err := strconv.ParseUint("3456", 10, 32) + parsed, err := strconv.ParseUint("3456", 10, 32) // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" - _ = int32(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert + _ = int32(parsed) // $Alert _ = uint32(parsed) _ = int64(parsed) _ = uint64(parsed) - _ = int(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert _ = uint(parsed) } { - parsed, err := strconv.ParseUint("3456", 10, 64) + parsed, err := strconv.ParseUint("3456", 10, 64) // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" - _ = int32(parsed) // $ hasValueFlow="parsed" - _ = uint32(parsed) // $ hasValueFlow="parsed" - _ = int64(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert + _ = int32(parsed) // $Alert + _ = uint32(parsed) // $Alert + _ = int64(parsed) // $Alert _ = uint64(parsed) - _ = int(parsed) // $ hasValueFlow="parsed" - _ = uint(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert + _ = uint(parsed) // $Alert } { - parsed, err := strconv.ParseUint("3456", 10, 0) + parsed, err := strconv.ParseUint("3456", 10, 0) // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" - _ = int32(parsed) // $ hasValueFlow="parsed" - _ = uint32(parsed) // $ hasValueFlow="parsed" - _ = int64(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert + _ = int32(parsed) // $Alert + _ = uint32(parsed) // $Alert + _ = int64(parsed) // $Alert _ = uint64(parsed) - _ = int(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert _ = uint(parsed) } } func testAtoi() { - parsed, err := strconv.Atoi("3456") + parsed, err := strconv.Atoi("3456") // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" - _ = int32(parsed) // $ hasValueFlow="parsed" - _ = uint32(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert + _ = int32(parsed) // $Alert + _ = uint32(parsed) // $Alert _ = int64(parsed) _ = uint64(parsed) _ = int(parsed) @@ -233,19 +233,19 @@ type customInt int16 // these should be caught: func typeAliases(input string) { { - parsed, err := strconv.ParseInt(input, 10, 32) + parsed, err := strconv.ParseInt(input, 10, 32) // $Source if err != nil { panic(err) } // NOTE: byte is uint8 - _ = byte(parsed) // $ hasValueFlow="parsed" - _ = customInt(parsed) // $ hasValueFlow="parsed" + _ = byte(parsed) // $Alert + _ = customInt(parsed) // $Alert } } func testBoundsChecking(input string) { { - parsed, err := strconv.Atoi(input) + parsed, err := strconv.Atoi(input) // $Source if err != nil { panic(err) } @@ -253,13 +253,13 @@ func testBoundsChecking(input string) { _ = int8(parsed) } if parsed < math.MaxInt8 { - _ = int8(parsed) // $ MISSING: hasValueFlow="parsed" // Not found because we only check for upper bounds + _ = int8(parsed) // $ MISSING: Alert // Not found because we only check for upper bounds if parsed >= 0 { _ = int16(parsed) } } if parsed >= math.MinInt8 { - _ = int8(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert if parsed <= 0 { _ = int16(parsed) } @@ -271,51 +271,51 @@ func testBoundsChecking(input string) { } } { - parsed, err := strconv.ParseUint(input, 10, 0) + parsed, err := strconv.ParseUint(input, 10, 0) // $Source if err != nil { panic(err) } if parsed <= math.MaxUint64 { - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" - _ = int32(parsed) // $ hasValueFlow="parsed" - _ = uint32(parsed) // $ hasValueFlow="parsed" - _ = int64(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert + _ = int32(parsed) // $Alert + _ = uint32(parsed) // $Alert + _ = int64(parsed) // $Alert _ = uint64(parsed) - _ = int(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert _ = uint(parsed) } if parsed <= math.MaxInt64 { - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" - _ = int32(parsed) // $ hasValueFlow="parsed" - _ = uint32(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert + _ = int32(parsed) // $Alert + _ = uint32(parsed) // $Alert _ = int64(parsed) _ = uint64(parsed) - _ = int(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert _ = uint(parsed) } if parsed <= math.MaxUint32 { - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" - _ = int32(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert + _ = int32(parsed) // $Alert _ = uint32(parsed) _ = int64(parsed) _ = uint64(parsed) - _ = int(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert _ = uint(parsed) } if parsed <= math.MaxInt32 { - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert _ = int32(parsed) _ = uint32(parsed) _ = int64(parsed) @@ -325,25 +325,25 @@ func testBoundsChecking(input string) { } } { - parsed, err := strconv.ParseUint(input, 10, 32) + parsed, err := strconv.ParseUint(input, 10, 32) // $Source if err != nil { panic(err) } if parsed <= math.MaxUint16 { _ = uint16(parsed) - _ = int16(parsed) // $ hasValueFlow="parsed" + _ = int16(parsed) // $Alert } if parsed <= 255 { _ = uint8(parsed) } if parsed <= 256 { - _ = uint8(parsed) // $ hasValueFlow="parsed" + _ = uint8(parsed) // $Alert } if err == nil && 1 == 1 && parsed < math.MaxInt8 { _ = int8(parsed) } if parsed > 42 { - _ = uint16(parsed) // $ hasValueFlow="parsed" + _ = uint16(parsed) // $Alert } if parsed >= math.MaxUint8+1 { return @@ -389,64 +389,64 @@ func testRightShifted(input string) { _ = byte(parsed >> 8 & 0xff) } { - parsed, err := strconv.ParseInt(input, 10, 16) + parsed, err := strconv.ParseInt(input, 10, 16) // $Source if err != nil { panic(err) } - _ = byte(parsed) // $ hasValueFlow="parsed" + _ = byte(parsed) // $Alert _ = byte(parsed << 8) } } func testPathWithMoreThanOneSink(input string) { { - parsed, err := strconv.ParseInt(input, 10, 32) + parsed, err := strconv.ParseInt(input, 10, 32) // $Source if err != nil { panic(err) } - v1 := int16(parsed) // $ hasValueFlow="parsed" + v1 := int16(parsed) // $Alert _ = int16(v1) } { - parsed, err := strconv.ParseInt(input, 10, 32) + parsed, err := strconv.ParseInt(input, 10, 32) // $Source if err != nil { panic(err) } - v := int16(parsed) // $ hasValueFlow="parsed" + v := int16(parsed) // $Alert _ = int8(v) } { - parsed, err := strconv.ParseInt(input, 10, 32) + parsed, err := strconv.ParseInt(input, 10, 32) // $Source if err != nil { panic(err) } v1 := int32(parsed) - v2 := int16(v1) // $ hasValueFlow="v1" + v2 := int16(v1) // $Alert _ = int8(v2) } { - parsed, err := strconv.ParseInt(input, 10, 16) + parsed, err := strconv.ParseInt(input, 10, 16) // $Source if err != nil { panic(err) } v1 := int64(parsed) v2 := int32(v1) v3 := int16(v2) - _ = int8(v3) // $ hasValueFlow="v3" + _ = int8(v3) // $Alert } } func testUsingStrConvIntSize(input string) { - parsed, err := strconv.ParseInt(input, 10, strconv.IntSize) + parsed, err := strconv.ParseInt(input, 10, strconv.IntSize) // $Source if err != nil { panic(err) } - _ = int8(parsed) // $ hasValueFlow="parsed" - _ = uint8(parsed) // $ hasValueFlow="parsed" - _ = int16(parsed) // $ hasValueFlow="parsed" - _ = uint16(parsed) // $ hasValueFlow="parsed" - _ = int32(parsed) // $ hasValueFlow="parsed" - _ = uint32(parsed) // $ hasValueFlow="parsed" + _ = int8(parsed) // $Alert + _ = uint8(parsed) // $Alert + _ = int16(parsed) // $Alert + _ = uint16(parsed) // $Alert + _ = int32(parsed) // $Alert + _ = uint32(parsed) // $Alert _ = int64(parsed) _ = uint64(parsed) _ = int(parsed) @@ -490,7 +490,7 @@ func dealWithArchSizeCorrectly(s string) uint { } func typeSwitch1(s string) { - i64, _ := strconv.ParseInt(s, 10, 64) + i64, _ := strconv.ParseInt(s, 10, 64) // $Source var input any = i64 switch v := input.(type) { case int16, string: @@ -498,19 +498,19 @@ func typeSwitch1(s string) { return } _ = int16(v.(int16)) - _ = int8(v.(int16)) // $ hasValueFlow="type assertion" + _ = int8(v.(int16)) // $Alert case int32: _ = int32(v) - _ = int8(v) // $ hasValueFlow="v" + _ = int8(v) // $Alert case int64: - _ = int8(v) // $ hasValueFlow="v" + _ = int8(v) // $Alert default: - _ = int8(v.(int64)) // $ hasValueFlow="type assertion" + _ = int8(v.(int64)) // $Alert } } func typeSwitch2(s string) { - i64, _ := strconv.ParseInt(s, 10, 64) + i64, _ := strconv.ParseInt(s, 10, 64) // $Source var input any = i64 switch input.(type) { case int16, string: @@ -518,25 +518,25 @@ func typeSwitch2(s string) { return } _ = int16(input.(int16)) - _ = int8(input.(int16)) // $ hasValueFlow="type assertion" + _ = int8(input.(int16)) // $Alert case int32: _ = int32(input.(int32)) - _ = int8(input.(int32)) // $ hasValueFlow="type assertion" + _ = int8(input.(int32)) // $Alert case int64: - _ = int8(input.(int64)) // $ hasValueFlow="type assertion" + _ = int8(input.(int64)) // $Alert default: - _ = int8(input.(int64)) // $ hasValueFlow="type assertion" + _ = int8(input.(int64)) // $Alert } } func checkedTypeAssertion(s string) { - i64, _ := strconv.ParseInt(s, 10, 64) + i64, _ := strconv.ParseInt(s, 10, 64) // $Source var input any = i64 if v, ok := input.(int16); ok { // Need to account for the fact that within this case clause, v is an int16 _ = int16(v) - _ = int8(v) // $ hasValueFlow="v" + _ = int8(v) // $Alert } else if v, ok := input.(int32); ok { - _ = int16(v) // $ hasValueFlow="v" + _ = int16(v) // $Alert } } diff --git a/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.ql b/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.ql deleted file mode 100644 index e5d1b2aebabe..000000000000 --- a/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.ql +++ /dev/null @@ -1,20 +0,0 @@ -import go -import semmle.go.dataflow.ExternalFlow -import ModelValidation -import utils.test.InlineExpectationsTest -import semmle.go.security.IncorrectIntegerConversionLib - -module TestIncorrectIntegerConversion implements TestSig { - string getARelevantTag() { result = "hasValueFlow" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - tag = "hasValueFlow" and - exists(DataFlow::Node sink | Flow::flowTo(sink) | - sink.getLocation() = location and - element = sink.toString() and - value = "\"" + sink.toString() + "\"" - ) - } -} - -import MakeTest diff --git a/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.qlref b/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.qlref new file mode 100644 index 000000000000..d424ad73de84 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.qlref @@ -0,0 +1,5 @@ +query: Security/CWE-681/IncorrectIntegerConversionQuery.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql + - ./FilterTestResults.ql diff --git a/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraintInFileName_386.go b/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraintInFileName_386.go index 0ff7b0e87acc..3f968ebc9d70 100644 --- a/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraintInFileName_386.go +++ b/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraintInFileName_386.go @@ -16,11 +16,11 @@ func testIntSource386() { _ = uint32(parsed) } { - parsed, err := strconv.ParseUint("3456", 10, 0) + parsed, err := strconv.ParseUint("3456", 10, 0) // $Source if err != nil { panic(err) } - _ = int32(parsed) // $ hasValueFlow="parsed" + _ = int32(parsed) // $Alert _ = uint32(parsed) } { diff --git a/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraints.go b/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraints.go index 79b776bdcac2..340b7677c6bd 100644 --- a/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraints.go +++ b/go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraints.go @@ -19,11 +19,11 @@ func testIntSource32() { _ = uint32(parsed) } { - parsed, err := strconv.ParseUint("3456", 10, 0) + parsed, err := strconv.ParseUint("3456", 10, 0) // $Source if err != nil { panic(err) } - _ = int32(parsed) // $ hasValueFlow="parsed" + _ = int32(parsed) // $Alert _ = uint32(parsed) } { diff --git a/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraintInFileName_amd64.go b/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraintInFileName_amd64.go index b5becec4af90..676444c0b75f 100644 --- a/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraintInFileName_amd64.go +++ b/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraintInFileName_amd64.go @@ -16,11 +16,11 @@ func testIntSinkAmd64() { _ = uint(parsed) } { - parsed, err := strconv.ParseUint("3456", 10, 64) + parsed, err := strconv.ParseUint("3456", 10, 64) // $Source if err != nil { panic(err) } - _ = int(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert _ = uint(parsed) } } diff --git a/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraints.go b/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraints.go index cf7aaf439a82..13fae0bf7f8d 100644 --- a/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraints.go +++ b/go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraints.go @@ -19,11 +19,11 @@ func testIntSink64() { _ = uint(parsed) } { - parsed, err := strconv.ParseUint("3456", 10, 64) + parsed, err := strconv.ParseUint("3456", 10, 64) // $Source if err != nil { panic(err) } - _ = int(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert _ = uint(parsed) } } diff --git a/go/ql/test/query-tests/Security/CWE-681/TestNoArchitectureBuildConstraints.go b/go/ql/test/query-tests/Security/CWE-681/TestNoArchitectureBuildConstraints.go index 70f1938b5b35..b9cd5499097b 100644 --- a/go/ql/test/query-tests/Security/CWE-681/TestNoArchitectureBuildConstraints.go +++ b/go/ql/test/query-tests/Security/CWE-681/TestNoArchitectureBuildConstraints.go @@ -9,19 +9,19 @@ import ( func testIntSizeIsArchicturallyDependent1() { { - parsed, err := strconv.ParseInt("3456", 10, 0) + parsed, err := strconv.ParseInt("3456", 10, 0) // $Source if err != nil { panic(err) } - _ = int32(parsed) // $ hasValueFlow="parsed" - _ = uint32(parsed) // $ hasValueFlow="parsed" + _ = int32(parsed) // $Alert + _ = uint32(parsed) // $Alert } { - parsed, err := strconv.ParseInt("3456", 10, 64) + parsed, err := strconv.ParseInt("3456", 10, 64) // $Source if err != nil { panic(err) } - _ = int(parsed) // $ hasValueFlow="parsed" - _ = uint(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert + _ = uint(parsed) // $Alert } } diff --git a/go/ql/test/query-tests/Security/CWE-681/TestOldBuildConstraints.go b/go/ql/test/query-tests/Security/CWE-681/TestOldBuildConstraints.go index 34f686c6e8ad..001099ae0b4f 100644 --- a/go/ql/test/query-tests/Security/CWE-681/TestOldBuildConstraints.go +++ b/go/ql/test/query-tests/Security/CWE-681/TestOldBuildConstraints.go @@ -20,11 +20,11 @@ func oldTestIntSink64() { _ = uint(parsed) } { - parsed, err := strconv.ParseUint("3456", 10, 64) + parsed, err := strconv.ParseUint("3456", 10, 64) // $Source if err != nil { panic(err) } - _ = int(parsed) // $ hasValueFlow="parsed" + _ = int(parsed) // $Alert _ = uint(parsed) } } diff --git a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.expected b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.expected index 42831abaf155..bdcf83b8935f 100644 --- a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.expected +++ b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.expected @@ -1,2 +1,22 @@ -invalidModelRow -testFailures +#select +| UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | This memory allocation depends on a $@. | UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | user-provided value | +edges +| UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | provenance | Src:MaD:1 MaD:2 | +| UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | UncontrolledAllocationSizeBad.go:13:15:13:20 | source | provenance | | +| UncontrolledAllocationSizeBad.go:13:15:13:20 | source | UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | provenance | MaD:3 | +| UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | provenance | | +| UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | provenance | | +| UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | provenance | Config | +models +| 1 | Source: net/http; Request; true; URL; ; ; ; remote; manual | +| 2 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 3 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | +nodes +| UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | semmle.label | selection of URL | +| UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | semmle.label | call to Query | +| UncontrolledAllocationSizeBad.go:13:15:13:20 | source | semmle.label | source | +| UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | semmle.label | call to Get | +| UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | semmle.label | ... := ...[0] | +| UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | semmle.label | sourceStr | +| UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | semmle.label | sink | +subpaths diff --git a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.ql b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.ql deleted file mode 100644 index de10220d7e35..000000000000 --- a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.ql +++ /dev/null @@ -1,6 +0,0 @@ -import go -import semmle.go.dataflow.ExternalFlow -import ModelValidation -import semmle.go.security.UncontrolledAllocationSize -import utils.test.InlineFlowTest -import FlowTest diff --git a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.qlref b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.qlref new file mode 100644 index 000000000000..82741d2fbaaa --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.qlref @@ -0,0 +1,4 @@ +query: Security/CWE-770/UncontrolledAllocationSize.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSizeBad.go b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSizeBad.go index 0ae70436bdec..fdc291b4ae42 100644 --- a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSizeBad.go +++ b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSizeBad.go @@ -8,7 +8,7 @@ import ( ) func OutOfMemoryBad(w http.ResponseWriter, r *http.Request) { - source := r.URL.Query() + source := r.URL.Query() // $Source sourceStr := source.Get("n") sink, err := strconv.Atoi(sourceStr) @@ -17,7 +17,7 @@ func OutOfMemoryBad(w http.ResponseWriter, r *http.Request) { return } - result := make([]string, sink) // $hasTaintFlow="sink" + result := make([]string, sink) // $Alert for i := 0; i < sink; i++ { result[i] = fmt.Sprintf("Item %d", i+1) } diff --git a/ruby/ql/lib/utils/test/PrettyPrintModels.ql b/ruby/ql/lib/utils/test/PrettyPrintModels.ql new file mode 100644 index 000000000000..115cc2c12873 --- /dev/null +++ b/ruby/ql/lib/utils/test/PrettyPrintModels.ql @@ -0,0 +1,6 @@ +/** + * @kind test-postprocess + */ + +import codeql.ruby.frameworks.data.internal.ApiGraphModels +import codeql.dataflow.test.ProvenancePathGraph::TestPostProcessing::TranslateProvenanceResults diff --git a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected index 049edf75ace7..2173fed576a2 100644 --- a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected @@ -1,32 +1,49 @@ -models -| 1 | Sink: Terrapin::CommandLine!; Method[new].Argument[0]; command-injection | -| 2 | Sink: Terrapin::CommandLine!; Method[new].Argument[1]; command-injection | +#select +| CommandInjection.rb:7:10:7:15 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:7:10:7:15 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | +| CommandInjection.rb:8:16:8:18 | cmd | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:8:16:8:18 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | +| CommandInjection.rb:10:14:10:16 | cmd | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:10:14:10:16 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | +| CommandInjection.rb:11:17:11:22 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:11:17:11:22 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | +| CommandInjection.rb:13:9:13:14 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:13:9:13:14 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | +| CommandInjection.rb:30:19:30:24 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:30:19:30:24 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | +| CommandInjection.rb:34:24:34:36 | "echo #{...}" | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:34:24:34:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | +| CommandInjection.rb:35:39:35:51 | "grep #{...}" | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:35:39:35:51 | "grep #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | +| CommandInjection.rb:51:24:51:36 | "echo #{...}" | CommandInjection.rb:47:15:47:20 | call to params | CommandInjection.rb:51:24:51:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:47:15:47:20 | call to params | user-provided value | +| CommandInjection.rb:60:14:60:16 | cmd | CommandInjection.rb:55:13:55:18 | call to params | CommandInjection.rb:60:14:60:16 | cmd | This command depends on a $@. | CommandInjection.rb:55:13:55:18 | call to params | user-provided value | +| CommandInjection.rb:75:14:75:29 | "echo #{...}" | CommandInjection.rb:74:18:74:23 | number | CommandInjection.rb:75:14:75:29 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:74:18:74:23 | number | user-provided value | +| CommandInjection.rb:83:14:83:34 | "echo #{...}" | CommandInjection.rb:82:23:82:33 | blah_number | CommandInjection.rb:83:14:83:34 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:82:23:82:33 | blah_number | user-provided value | +| CommandInjection.rb:92:14:92:39 | "echo #{...}" | CommandInjection.rb:92:22:92:37 | ...[...] | CommandInjection.rb:92:14:92:39 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:92:22:92:37 | ...[...] | user-provided value | +| CommandInjection.rb:105:16:105:28 | "cat #{...}" | CommandInjection.rb:104:16:104:21 | call to params | CommandInjection.rb:105:16:105:28 | "cat #{...}" | This command depends on a $@. | CommandInjection.rb:104:16:104:21 | call to params | user-provided value | +| CommandInjection.rb:112:33:112:44 | ...[...] | CommandInjection.rb:112:33:112:38 | call to params | CommandInjection.rb:112:33:112:44 | ...[...] | This command depends on a $@. | CommandInjection.rb:112:33:112:38 | call to params | user-provided value | +| CommandInjection.rb:114:41:114:56 | "#{...}" | CommandInjection.rb:114:44:114:49 | call to params | CommandInjection.rb:114:41:114:56 | "#{...}" | This command depends on a $@. | CommandInjection.rb:114:44:114:49 | call to params | user-provided value | edges | CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:7:10:7:15 | #{...} | provenance | | | CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:8:16:8:18 | cmd | provenance | | | CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:10:14:10:16 | cmd | provenance | | | CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:11:17:11:22 | #{...} | provenance | | | CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:13:9:13:14 | #{...} | provenance | | -| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:29:19:29:24 | #{...} | provenance | | -| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:33:24:33:36 | "echo #{...}" | provenance | AdditionalTaintStep | -| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:34:39:34:51 | "grep #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:30:19:30:24 | #{...} | provenance | | +| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:34:24:34:36 | "echo #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:6:9:6:11 | cmd | CommandInjection.rb:35:39:35:51 | "grep #{...}" | provenance | AdditionalTaintStep | | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:6:15:6:26 | ...[...] | provenance | | | CommandInjection.rb:6:15:6:26 | ...[...] | CommandInjection.rb:6:9:6:11 | cmd | provenance | | -| CommandInjection.rb:46:9:46:11 | cmd | CommandInjection.rb:50:24:50:36 | "echo #{...}" | provenance | AdditionalTaintStep | -| CommandInjection.rb:46:15:46:20 | call to params | CommandInjection.rb:46:15:46:26 | ...[...] | provenance | | -| CommandInjection.rb:46:15:46:26 | ...[...] | CommandInjection.rb:46:9:46:11 | cmd | provenance | | -| CommandInjection.rb:54:7:54:9 | cmd | CommandInjection.rb:59:14:59:16 | cmd | provenance | | -| CommandInjection.rb:54:13:54:18 | call to params | CommandInjection.rb:54:13:54:24 | ...[...] | provenance | | -| CommandInjection.rb:54:13:54:24 | ...[...] | CommandInjection.rb:54:7:54:9 | cmd | provenance | | -| CommandInjection.rb:73:18:73:23 | number | CommandInjection.rb:74:14:74:29 | "echo #{...}" | provenance | AdditionalTaintStep | -| CommandInjection.rb:81:23:81:33 | blah_number | CommandInjection.rb:82:14:82:34 | "echo #{...}" | provenance | AdditionalTaintStep | -| CommandInjection.rb:91:22:91:37 | ...[...] | CommandInjection.rb:91:14:91:39 | "echo #{...}" | provenance | AdditionalTaintStep | -| CommandInjection.rb:103:9:103:12 | file | CommandInjection.rb:104:16:104:28 | "cat #{...}" | provenance | AdditionalTaintStep | -| CommandInjection.rb:103:16:103:21 | call to params | CommandInjection.rb:103:16:103:28 | ...[...] | provenance | | -| CommandInjection.rb:103:16:103:28 | ...[...] | CommandInjection.rb:103:9:103:12 | file | provenance | | -| CommandInjection.rb:111:33:111:38 | call to params | CommandInjection.rb:111:33:111:44 | ...[...] | provenance | Sink:MaD:1 | -| CommandInjection.rb:113:44:113:49 | call to params | CommandInjection.rb:113:44:113:54 | ...[...] | provenance | | -| CommandInjection.rb:113:44:113:54 | ...[...] | CommandInjection.rb:113:41:113:56 | "#{...}" | provenance | AdditionalTaintStep Sink:MaD:2 | +| CommandInjection.rb:47:9:47:11 | cmd | CommandInjection.rb:51:24:51:36 | "echo #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:47:15:47:20 | call to params | CommandInjection.rb:47:15:47:26 | ...[...] | provenance | | +| CommandInjection.rb:47:15:47:26 | ...[...] | CommandInjection.rb:47:9:47:11 | cmd | provenance | | +| CommandInjection.rb:55:7:55:9 | cmd | CommandInjection.rb:60:14:60:16 | cmd | provenance | | +| CommandInjection.rb:55:13:55:18 | call to params | CommandInjection.rb:55:13:55:24 | ...[...] | provenance | | +| CommandInjection.rb:55:13:55:24 | ...[...] | CommandInjection.rb:55:7:55:9 | cmd | provenance | | +| CommandInjection.rb:74:18:74:23 | number | CommandInjection.rb:75:14:75:29 | "echo #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:82:23:82:33 | blah_number | CommandInjection.rb:83:14:83:34 | "echo #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:92:22:92:37 | ...[...] | CommandInjection.rb:92:14:92:39 | "echo #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:104:9:104:12 | file | CommandInjection.rb:105:16:105:28 | "cat #{...}" | provenance | AdditionalTaintStep | +| CommandInjection.rb:104:16:104:21 | call to params | CommandInjection.rb:104:16:104:28 | ...[...] | provenance | | +| CommandInjection.rb:104:16:104:28 | ...[...] | CommandInjection.rb:104:9:104:12 | file | provenance | | +| CommandInjection.rb:112:33:112:38 | call to params | CommandInjection.rb:112:33:112:44 | ...[...] | provenance | Sink:MaD:1 | +| CommandInjection.rb:114:44:114:49 | call to params | CommandInjection.rb:114:44:114:54 | ...[...] | provenance | | +| CommandInjection.rb:114:44:114:54 | ...[...] | CommandInjection.rb:114:41:114:56 | "#{...}" | provenance | AdditionalTaintStep Sink:MaD:2 | +models +| 1 | Sink: Terrapin::CommandLine!; Method[new].Argument[0]; command-injection | +| 2 | Sink: Terrapin::CommandLine!; Method[new].Argument[1]; command-injection | nodes | CommandInjection.rb:6:9:6:11 | cmd | semmle.label | cmd | | CommandInjection.rb:6:15:6:20 | call to params | semmle.label | call to params | @@ -36,47 +53,30 @@ nodes | CommandInjection.rb:10:14:10:16 | cmd | semmle.label | cmd | | CommandInjection.rb:11:17:11:22 | #{...} | semmle.label | #{...} | | CommandInjection.rb:13:9:13:14 | #{...} | semmle.label | #{...} | -| CommandInjection.rb:29:19:29:24 | #{...} | semmle.label | #{...} | -| CommandInjection.rb:33:24:33:36 | "echo #{...}" | semmle.label | "echo #{...}" | -| CommandInjection.rb:34:39:34:51 | "grep #{...}" | semmle.label | "grep #{...}" | -| CommandInjection.rb:46:9:46:11 | cmd | semmle.label | cmd | -| CommandInjection.rb:46:15:46:20 | call to params | semmle.label | call to params | -| CommandInjection.rb:46:15:46:26 | ...[...] | semmle.label | ...[...] | -| CommandInjection.rb:50:24:50:36 | "echo #{...}" | semmle.label | "echo #{...}" | -| CommandInjection.rb:54:7:54:9 | cmd | semmle.label | cmd | -| CommandInjection.rb:54:13:54:18 | call to params | semmle.label | call to params | -| CommandInjection.rb:54:13:54:24 | ...[...] | semmle.label | ...[...] | -| CommandInjection.rb:59:14:59:16 | cmd | semmle.label | cmd | -| CommandInjection.rb:73:18:73:23 | number | semmle.label | number | -| CommandInjection.rb:74:14:74:29 | "echo #{...}" | semmle.label | "echo #{...}" | -| CommandInjection.rb:81:23:81:33 | blah_number | semmle.label | blah_number | -| CommandInjection.rb:82:14:82:34 | "echo #{...}" | semmle.label | "echo #{...}" | -| CommandInjection.rb:91:14:91:39 | "echo #{...}" | semmle.label | "echo #{...}" | -| CommandInjection.rb:91:22:91:37 | ...[...] | semmle.label | ...[...] | -| CommandInjection.rb:103:9:103:12 | file | semmle.label | file | -| CommandInjection.rb:103:16:103:21 | call to params | semmle.label | call to params | -| CommandInjection.rb:103:16:103:28 | ...[...] | semmle.label | ...[...] | -| CommandInjection.rb:104:16:104:28 | "cat #{...}" | semmle.label | "cat #{...}" | -| CommandInjection.rb:111:33:111:38 | call to params | semmle.label | call to params | -| CommandInjection.rb:111:33:111:44 | ...[...] | semmle.label | ...[...] | -| CommandInjection.rb:113:41:113:56 | "#{...}" | semmle.label | "#{...}" | -| CommandInjection.rb:113:44:113:49 | call to params | semmle.label | call to params | -| CommandInjection.rb:113:44:113:54 | ...[...] | semmle.label | ...[...] | +| CommandInjection.rb:30:19:30:24 | #{...} | semmle.label | #{...} | +| CommandInjection.rb:34:24:34:36 | "echo #{...}" | semmle.label | "echo #{...}" | +| CommandInjection.rb:35:39:35:51 | "grep #{...}" | semmle.label | "grep #{...}" | +| CommandInjection.rb:47:9:47:11 | cmd | semmle.label | cmd | +| CommandInjection.rb:47:15:47:20 | call to params | semmle.label | call to params | +| CommandInjection.rb:47:15:47:26 | ...[...] | semmle.label | ...[...] | +| CommandInjection.rb:51:24:51:36 | "echo #{...}" | semmle.label | "echo #{...}" | +| CommandInjection.rb:55:7:55:9 | cmd | semmle.label | cmd | +| CommandInjection.rb:55:13:55:18 | call to params | semmle.label | call to params | +| CommandInjection.rb:55:13:55:24 | ...[...] | semmle.label | ...[...] | +| CommandInjection.rb:60:14:60:16 | cmd | semmle.label | cmd | +| CommandInjection.rb:74:18:74:23 | number | semmle.label | number | +| CommandInjection.rb:75:14:75:29 | "echo #{...}" | semmle.label | "echo #{...}" | +| CommandInjection.rb:82:23:82:33 | blah_number | semmle.label | blah_number | +| CommandInjection.rb:83:14:83:34 | "echo #{...}" | semmle.label | "echo #{...}" | +| CommandInjection.rb:92:14:92:39 | "echo #{...}" | semmle.label | "echo #{...}" | +| CommandInjection.rb:92:22:92:37 | ...[...] | semmle.label | ...[...] | +| CommandInjection.rb:104:9:104:12 | file | semmle.label | file | +| CommandInjection.rb:104:16:104:21 | call to params | semmle.label | call to params | +| CommandInjection.rb:104:16:104:28 | ...[...] | semmle.label | ...[...] | +| CommandInjection.rb:105:16:105:28 | "cat #{...}" | semmle.label | "cat #{...}" | +| CommandInjection.rb:112:33:112:38 | call to params | semmle.label | call to params | +| CommandInjection.rb:112:33:112:44 | ...[...] | semmle.label | ...[...] | +| CommandInjection.rb:114:41:114:56 | "#{...}" | semmle.label | "#{...}" | +| CommandInjection.rb:114:44:114:49 | call to params | semmle.label | call to params | +| CommandInjection.rb:114:44:114:54 | ...[...] | semmle.label | ...[...] | subpaths -#select -| CommandInjection.rb:7:10:7:15 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:7:10:7:15 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | -| CommandInjection.rb:8:16:8:18 | cmd | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:8:16:8:18 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | -| CommandInjection.rb:10:14:10:16 | cmd | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:10:14:10:16 | cmd | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | -| CommandInjection.rb:11:17:11:22 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:11:17:11:22 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | -| CommandInjection.rb:13:9:13:14 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:13:9:13:14 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | -| CommandInjection.rb:29:19:29:24 | #{...} | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:29:19:29:24 | #{...} | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | -| CommandInjection.rb:33:24:33:36 | "echo #{...}" | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:33:24:33:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | -| CommandInjection.rb:34:39:34:51 | "grep #{...}" | CommandInjection.rb:6:15:6:20 | call to params | CommandInjection.rb:34:39:34:51 | "grep #{...}" | This command depends on a $@. | CommandInjection.rb:6:15:6:20 | call to params | user-provided value | -| CommandInjection.rb:50:24:50:36 | "echo #{...}" | CommandInjection.rb:46:15:46:20 | call to params | CommandInjection.rb:50:24:50:36 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:46:15:46:20 | call to params | user-provided value | -| CommandInjection.rb:59:14:59:16 | cmd | CommandInjection.rb:54:13:54:18 | call to params | CommandInjection.rb:59:14:59:16 | cmd | This command depends on a $@. | CommandInjection.rb:54:13:54:18 | call to params | user-provided value | -| CommandInjection.rb:74:14:74:29 | "echo #{...}" | CommandInjection.rb:73:18:73:23 | number | CommandInjection.rb:74:14:74:29 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:73:18:73:23 | number | user-provided value | -| CommandInjection.rb:82:14:82:34 | "echo #{...}" | CommandInjection.rb:81:23:81:33 | blah_number | CommandInjection.rb:82:14:82:34 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:81:23:81:33 | blah_number | user-provided value | -| CommandInjection.rb:91:14:91:39 | "echo #{...}" | CommandInjection.rb:91:22:91:37 | ...[...] | CommandInjection.rb:91:14:91:39 | "echo #{...}" | This command depends on a $@. | CommandInjection.rb:91:22:91:37 | ...[...] | user-provided value | -| CommandInjection.rb:104:16:104:28 | "cat #{...}" | CommandInjection.rb:103:16:103:21 | call to params | CommandInjection.rb:104:16:104:28 | "cat #{...}" | This command depends on a $@. | CommandInjection.rb:103:16:103:21 | call to params | user-provided value | -| CommandInjection.rb:111:33:111:44 | ...[...] | CommandInjection.rb:111:33:111:38 | call to params | CommandInjection.rb:111:33:111:44 | ...[...] | This command depends on a $@. | CommandInjection.rb:111:33:111:38 | call to params | user-provided value | -| CommandInjection.rb:113:41:113:56 | "#{...}" | CommandInjection.rb:113:44:113:49 | call to params | CommandInjection.rb:113:41:113:56 | "#{...}" | This command depends on a $@. | CommandInjection.rb:113:44:113:49 | call to params | user-provided value | diff --git a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.ql b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.ql deleted file mode 100644 index c0f54091eb4e..000000000000 --- a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.ql +++ /dev/null @@ -1,16 +0,0 @@ -/** - * @kind path-problem - */ - -import codeql.ruby.AST -import codeql.ruby.security.CommandInjectionQuery -import codeql.dataflow.test.ProvenancePathGraph -import codeql.ruby.frameworks.data.internal.ApiGraphModels -import ShowProvenance - -from CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, Source sourceNode -where - CommandInjectionFlow::flowPath(source, sink) and - sourceNode = source.getNode() -select sink.getNode(), source, sink, "This command depends on a $@.", sourceNode, - sourceNode.getSourceType() diff --git a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.qlref b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.qlref new file mode 100644 index 000000000000..1d0a8c019fbd --- /dev/null +++ b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.qlref @@ -0,0 +1,4 @@ +query: queries/security/cwe-078/CommandInjection.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.rb b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.rb index 12c15a30b158..e9f7498e00b4 100644 --- a/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.rb +++ b/ruby/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.rb @@ -3,14 +3,15 @@ class UsersController < ActionController::Base def create - cmd = params[:cmd] - `#{cmd}` - system(cmd) + cmd = params[:cmd] # $Source + `#{cmd}` # $Alert + system(cmd) # $Alert system("echo", cmd) # OK, because cmd is not shell interpreted - exec(cmd) - %x(echo #{cmd}) + exec(cmd) # $Alert + %x(echo #{cmd}) # $Alert result = <<`EOF` - #{cmd} + #{cmd} #{# $Alert + } EOF safe_cmd_1 = Shellwords.escape(cmd) @@ -26,12 +27,12 @@ def create if %w(foo bar).include? cmd `echo #{cmd}` else - `echo #{cmd}` + `echo #{cmd}` # $Alert end # Open3 methods - Open3.capture2("echo #{cmd}") - Open3.pipeline("cat foo.txt", "grep #{cmd}") + Open3.capture2("echo #{cmd}") # $Alert + Open3.pipeline("cat foo.txt", "grep #{cmd}") # $Alert Open3.pipeline(["echo", cmd], "tail") # OK, because cmd is not shell interpreted end @@ -43,20 +44,20 @@ def show end def index - cmd = params[:key] + cmd = params[:key] # $Source if %w(foo bar).include? cmd `echo #{cmd}` end - Open3.capture2("echo #{cmd}") + Open3.capture2("echo #{cmd}") # $Alert end def update - cmd = params[:key] + cmd = params[:key] # $Source case cmd when "foo" system(cmd) end - system(cmd) + system(cmd) # $Alert end end @@ -70,16 +71,16 @@ class QueryType < BaseObject field :with_arg, String, null: false, description: "A field with an argument" do argument :number, Int, "A number", required: true end - def with_arg(number:) - system("echo #{number}") + def with_arg(number:) # $Source + system("echo #{number}") # $Alert number.to_s end field :with_method, String, null: false, description: "A field with a custom resolver method", resolver_method: :custom_method do argument :blah_number, Int, "A number", required: true end - def custom_method(blah_number:, number: nil) - system("echo #{blah_number}") + def custom_method(blah_number:, number: nil) # $Source + system("echo #{blah_number}") # $Alert system("echo #{number}") # OK, number: is not an `argument` for this field blah_number.to_s end @@ -88,7 +89,7 @@ def custom_method(blah_number:, number: nil) argument :something, Int, "A number", required: true end def with_splat(**args) - system("echo #{args[:something]}") + system("echo #{args[:something]}") # $Alert args[:something].to_s end @@ -100,17 +101,17 @@ def foo(arg) class Foo < ActionController::Base def create - file = params[:file] - system("cat #{file}") + file = params[:file] # $Source + system("cat #{file}") # $Alert # .shellescape system("cat #{file.shellescape}") # OK, because file is shell escaped - + end def index - Terrapin::CommandLine.new(params[:foo], "bar") # BAD + Terrapin::CommandLine.new(params[:foo], "bar") # $Alert - Terrapin::CommandLine.new("echo", "#{params[foo]}") # BAD + Terrapin::CommandLine.new("echo", "#{params[foo]}") # $Alert cmd = Terrapin::CommandLine.new("echo", ":msg") cmd.run(msg: params[:foo]) # GOOD diff --git a/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.expected b/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.expected index 67e59fb08c18..b8951412c1f8 100644 --- a/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.expected +++ b/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.expected @@ -1,4 +1,14 @@ -testFailures +#select +| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | $@ of sensitive file from $@. | insecure_download.rb:27:5:27:46 | call to get | Download | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | HTTP source | +| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | $@ of sensitive file from $@. | insecure_download.rb:27:5:27:46 | call to get | Download | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | HTTP source | +| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | insecure_download.rb:33:15:33:17 | url | $@ of sensitive file from $@. | insecure_download.rb:33:5:33:18 | call to get | Download | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | HTTP source | +| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | insecure_download.rb:33:15:33:17 | url | $@ of sensitive file from $@. | insecure_download.rb:33:5:33:18 | call to get | Download | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" | HTTP source | +| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | $@ of sensitive file from $@. | insecure_download.rb:33:5:33:18 | call to get | Download | insecure_download.rb:33:15:33:17 | url | HTTP source | +| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | $@ of sensitive file from $@. | insecure_download.rb:33:5:33:18 | call to get | Download | insecure_download.rb:33:15:33:17 | url | HTTP source | +| insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | $@ of sensitive file from $@. | insecure_download.rb:37:32:37:69 | call to get | Download | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | HTTP source | +| insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | $@ of sensitive file from $@. | insecure_download.rb:41:27:41:64 | call to get | Download | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | HTTP source | +| insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | $@ of sensitive file from $@. | insecure_download.rb:43:12:43:57 | call to get | Download | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | HTTP source | +| insecure_download.rb:53:65:53:78 | "/myscript.sh" | insecure_download.rb:53:65:53:78 | "/myscript.sh" | insecure_download.rb:53:65:53:78 | "/myscript.sh" | $@ of sensitive file from $@. | insecure_download.rb:53:14:53:79 | call to get | Download | insecure_download.rb:53:65:53:78 | "/myscript.sh" | HTTP source | edges | insecure_download.rb:31:5:31:7 | url : String | insecure_download.rb:33:15:33:17 | url | provenance | | | insecure_download.rb:31:5:31:7 | url : String | insecure_download.rb:33:15:33:17 | url | provenance | | @@ -18,14 +28,3 @@ nodes | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | semmle.label | "http://example.org/unsafe.unk..." | | insecure_download.rb:53:65:53:78 | "/myscript.sh" | semmle.label | "/myscript.sh" | subpaths -#select -| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | $@ | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | "http://example.org/unsafe.APK" | -| insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | $@ | insecure_download.rb:27:15:27:45 | "http://example.org/unsafe.APK" | "http://example.org/unsafe.APK" | -| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | "http://example.org/unsafe.APK" : String | -| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:31:11:31:41 | "http://example.org/unsafe.APK" : String | "http://example.org/unsafe.APK" : String | -| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:33:15:33:17 | url | url | -| insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | insecure_download.rb:33:15:33:17 | url | $@ | insecure_download.rb:33:15:33:17 | url | url | -| insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | $@ | insecure_download.rb:37:42:37:68 | "http://example.org/unsafe" | "http://example.org/unsafe" | -| insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | $@ | insecure_download.rb:41:37:41:63 | "http://example.org/unsafe" | "http://example.org/unsafe" | -| insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | $@ | insecure_download.rb:43:22:43:56 | "http://example.org/unsafe.unk..." | "http://example.org/unsafe.unk..." | -| insecure_download.rb:53:65:53:78 | "/myscript.sh" | insecure_download.rb:53:65:53:78 | "/myscript.sh" | insecure_download.rb:53:65:53:78 | "/myscript.sh" | $@ | insecure_download.rb:53:65:53:78 | "/myscript.sh" | "/myscript.sh" | diff --git a/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.ql b/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.ql deleted file mode 100644 index a8480b23a2df..000000000000 --- a/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.ql +++ /dev/null @@ -1,23 +0,0 @@ -import codeql.ruby.security.InsecureDownloadQuery -import InsecureDownloadFlow::PathGraph -import utils.test.InlineExpectationsTest -import utils.test.InlineFlowTestUtil - -module FlowTest implements TestSig { - string getARelevantTag() { result = "BAD" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - tag = "BAD" and - exists(DataFlow::Node src, DataFlow::Node sink | InsecureDownloadFlow::flow(src, sink) | - sink.getLocation() = location and - element = sink.toString() and - if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = "" - ) - } -} - -import MakeTest - -from InsecureDownloadFlow::PathNode source, InsecureDownloadFlow::PathNode sink -where InsecureDownloadFlow::flowPath(source, sink) -select sink, source, sink, "$@", source, source.toString() diff --git a/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.qlref b/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.qlref new file mode 100644 index 000000000000..e2048e1cee4f --- /dev/null +++ b/ruby/ql/test/query-tests/security/cwe-829/InsecureDownload.qlref @@ -0,0 +1,4 @@ +query: queries/security/cwe-829/InsecureDownload.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/ruby/ql/test/query-tests/security/cwe-829/insecure_download.rb b/ruby/ql/test/query-tests/security/cwe-829/insecure_download.rb index 062de2e4e8f3..1516f9cb2d86 100644 --- a/ruby/ql/test/query-tests/security/cwe-829/insecure_download.rb +++ b/ruby/ql/test/query-tests/security/cwe-829/insecure_download.rb @@ -2,7 +2,7 @@ def foo def download_tools(installer) - Excon.get(installer[:url]) # $ MISSING: BAD= (requires hash flow) + Excon.get(installer[:url]) # $ MISSING: $Alert (requires hash flow) end constants = { @@ -24,23 +24,23 @@ def bar Excon.get("https://download.microsoft.com/download/5/f/7/5f7acaeb-8363-451f-9425-68a90f98b238/visualcppbuildtools_full.exe") # GOOD - Excon.get("http://example.org/unsafe.APK") # $BAD= + Excon.get("http://example.org/unsafe.APK") # $Alert end def baz - url = "http://example.org/unsafe.APK" + url = "http://example.org/unsafe.APK" # $Source - Excon.get(url) # $BAD= + Excon.get(url) # $Alert end def test - File.open("foo.exe").write(Excon.get("http://example.org/unsafe").body) # $BAD= + File.open("foo.exe").write(Excon.get("http://example.org/unsafe").body) # $Alert File.open("foo.safe").write(Excon.get("http://example.org/unsafe").body) # GOOD - File.write("foo.exe", Excon.get("http://example.org/unsafe").body) # $BAD= + File.write("foo.exe", Excon.get("http://example.org/unsafe").body) # $Alert - resp = Excon.get("http://example.org/unsafe.unknown") # $BAD= + resp = Excon.get("http://example.org/unsafe.unknown") # $Alert file = File.open("unsafe.exe", "w") file.write(resp.body) @@ -50,6 +50,6 @@ def test end def sh - script = Net::HTTP.new("http://mydownload.example.org").get("/myscript.sh").body # $BAD= + script = Net::HTTP.new("http://mydownload.example.org").get("/myscript.sh").body # $Alert system(script) -end \ No newline at end of file +end diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.expected b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.expected index e69de29bb2d1..c6be4599c2ae 100644 --- a/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.expected +++ b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.expected @@ -0,0 +1,415 @@ +#select +| file://:0:0:0:0 | [post] self | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | file://:0:0:0:0 | [post] self | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| file://:0:0:0:0 | [post] self | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | file://:0:0:0:0 | [post] self | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:295:24:295:24 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:295:24:295:24 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:298:30:298:30 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:298:30:298:30 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:299:22:299:22 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:299:22:299:22 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:300:34:300:34 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:300:34:300:34 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:301:26:301:26 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:301:26:301:26 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:304:40:304:40 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:304:40:304:40 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:305:44:305:44 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:305:44:305:44 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:306:31:306:31 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:306:31:306:31 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:307:35:307:35 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:307:35:307:35 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:308:44:308:44 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:308:44:308:44 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:309:33:309:33 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:309:33:309:33 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:310:28:310:28 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:310:28:310:28 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:311:40:311:40 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:311:40:311:40 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:312:35:312:35 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:312:35:312:35 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:313:23:313:23 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:313:23:313:23 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:314:27:314:27 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:314:27:314:27 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:315:22:315:22 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:315:22:315:22 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:316:30:316:30 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:316:30:316:30 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:317:51:317:51 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:317:51:317:51 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:318:24:318:24 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:318:24:318:24 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:319:45:319:45 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:319:45:319:45 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:320:21:320:21 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:320:21:320:21 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:321:34:321:34 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:321:34:321:34 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:322:25:322:25 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:322:25:322:25 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:323:37:323:37 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:323:37:323:37 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:324:21:324:21 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:324:21:324:21 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:325:34:325:34 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:325:34:325:34 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:326:25:326:25 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:326:25:326:25 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:327:37:327:37 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:327:37:327:37 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:328:31:328:31 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:328:31:328:31 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:329:60:329:60 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:329:60:329:60 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:330:35:330:35 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:330:35:330:35 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:331:60:331:60 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:331:60:331:60 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:332:21:332:21 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:332:21:332:21 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:333:34:333:34 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:333:34:333:34 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:334:25:334:25 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:334:25:334:25 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:335:37:335:37 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:335:37:335:37 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:336:50:336:50 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:336:50:336:50 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:337:35:337:35 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:337:35:337:35 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:338:35:338:35 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:338:35:338:35 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:339:41:339:41 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:339:41:339:41 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:340:33:340:33 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:340:33:340:33 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:341:38:341:38 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:341:38:341:38 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:342:51:342:51 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:342:51:342:51 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:343:43:343:43 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:343:43:343:43 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:344:34:344:34 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:344:34:344:34 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:346:50:346:50 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:346:50:346:50 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:347:42:347:42 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:347:42:347:42 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:348:40:348:40 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:348:40:348:40 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:349:43:349:43 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:349:43:349:43 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:350:60:350:60 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:350:60:350:60 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:351:50:351:50 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:351:50:351:50 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:352:50:352:50 | remoteNsUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:352:50:352:50 | remoteNsUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:353:76:353:76 | remoteNsUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:353:76:353:76 | remoteNsUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:356:41:356:41 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:356:41:356:41 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:357:41:357:41 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:357:41:357:41 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:358:41:358:41 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:358:41:358:41 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:360:43:360:43 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:360:43:360:43 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:361:43:361:43 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:361:43:361:43 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:362:26:362:26 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:362:26:362:26 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:363:30:363:30 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:363:30:363:30 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:365:59:365:59 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:365:59:365:59 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:366:46:366:46 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:366:46:366:46 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:367:42:367:42 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:367:42:367:42 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:368:48:368:84 | call to FilePath.init(stringLiteral:) | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:368:48:368:84 | call to FilePath.init(stringLiteral:) | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:369:44:369:80 | call to FilePath.init(stringLiteral:) | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:369:44:369:80 | call to FilePath.init(stringLiteral:) | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:370:25:370:25 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:370:25:370:25 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:371:26:371:26 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:371:26:371:26 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:375:28:375:28 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:375:28:375:28 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:377:32:377:32 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:377:32:377:32 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:379:33:379:33 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:379:33:379:33 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:381:40:381:40 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:381:40:381:40 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:383:38:383:38 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:383:38:383:38 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:385:38:385:38 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:385:38:385:38 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:387:38:387:38 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:387:38:387:38 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:389:38:389:38 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:389:38:389:38 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:395:35:395:35 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:395:35:395:35 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:397:40:397:40 | remoteUrl | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:397:40:397:40 | remoteUrl | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:401:2:401:2 | [post] config | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:401:2:401:2 | [post] config | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:403:2:403:2 | [post] config | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:403:2:403:2 | [post] config | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:414:22:414:22 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:414:22:414:22 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:416:24:416:24 | buffer2 | testPathInjection.swift:409:22:409:87 | call to Data.init(contentsOf:options:) | testPathInjection.swift:416:24:416:24 | buffer2 | This path depends on a $@. | testPathInjection.swift:409:22:409:87 | call to Data.init(contentsOf:options:) | user-provided value | +| testPathInjection.swift:418:25:418:25 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:418:25:418:25 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:427:49:427:49 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:427:49:427:49 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:429:25:429:25 | remoteString | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:429:25:429:25 | remoteString | This path depends on a $@. | testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:441:33:441:33 | remoteString | testPathInjection.swift:433:24:433:78 | call to String.init(contentsOf:) | testPathInjection.swift:441:33:441:33 | remoteString | This path depends on a $@. | testPathInjection.swift:433:24:433:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:450:28:450:66 | call to appendingPathComponent(_:) | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:450:28:450:66 | call to appendingPathComponent(_:) | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:451:28:451:93 | call to appendingPathComponent(_:) | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:451:28:451:93 | call to appendingPathComponent(_:) | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:453:28:453:28 | u1 | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:453:28:453:28 | u1 | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:455:28:455:28 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:455:28:455:28 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:456:28:456:28 | u2 | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:456:28:456:28 | u2 | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:461:24:461:63 | ...! | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:461:24:461:63 | ...! | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:464:24:464:38 | ...! | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:464:24:464:38 | ...! | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:465:24:465:53 | ...! | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:465:24:465:53 | ...! | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:467:32:467:32 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:467:32:467:32 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:468:38:468:38 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:468:38:468:38 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:469:45:469:45 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:469:45:469:45 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:473:32:473:35 | .pointee | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:473:32:473:35 | .pointee | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:482:32:482:36 | ...[...] | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:482:32:482:36 | ...[...] | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:484:35:484:35 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:484:35:484:35 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:485:41:485:41 | remoteString | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:485:41:485:41 | remoteString | This path depends on a $@. | testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:507:25:507:25 | remoteString | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:507:25:507:25 | remoteString | This path depends on a $@. | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:508:17:508:17 | remoteString | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:508:17:508:17 | remoteString | This path depends on a $@. | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:509:41:509:41 | remoteString | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:509:41:509:41 | remoteString | This path depends on a $@. | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:511:38:511:38 | remoteString | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:511:38:511:38 | remoteString | This path depends on a $@. | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | user-provided value | +| testPathInjection.swift:513:22:513:22 | remoteString | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:513:22:513:22 | remoteString | This path depends on a $@. | testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | user-provided value | +edges +| file://:0:0:0:0 | [post] self [fileURL] | testPathInjection.swift:248:7:248:7 | self [Return] [fileURL] | provenance | | +| file://:0:0:0:0 | [post] self [seedFilePath] | testPathInjection.swift:249:13:249:13 | self [Return] [seedFilePath] | provenance | | +| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self | provenance | | +| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self | provenance | | +| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [fileURL] | provenance | | +| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [seedFilePath] | provenance | | +| testPathInjection.swift:248:7:248:7 | value | file://:0:0:0:0 | value | provenance | | +| testPathInjection.swift:249:13:249:13 | value | file://:0:0:0:0 | value | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:290:33:290:33 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:291:37:291:37 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:300:34:300:34 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:301:26:301:26 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:305:44:305:44 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:307:35:307:35 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:308:44:308:44 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:309:33:309:33 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:311:40:311:40 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:312:35:312:35 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:314:27:314:27 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:322:25:322:25 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:323:37:323:37 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:326:25:326:25 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:327:37:327:37 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:330:35:330:35 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:331:60:331:60 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:334:25:334:25 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:335:37:335:37 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:336:50:336:50 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:337:35:337:35 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:338:35:338:35 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:339:41:339:41 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:340:33:340:33 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:341:38:341:38 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:342:51:342:51 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:343:43:343:43 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:346:50:346:50 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:347:42:347:42 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:348:40:348:40 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:349:43:349:43 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:350:60:350:60 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:351:50:351:50 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:356:41:356:41 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:357:41:357:41 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:358:41:358:41 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:360:43:360:43 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:361:43:361:43 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:363:30:363:30 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:365:59:365:59 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:366:46:366:46 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:367:42:367:42 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:368:72:368:72 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:369:68:369:68 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:371:26:371:26 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:375:28:375:28 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:377:32:377:32 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:379:33:379:33 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:381:40:381:40 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:383:38:383:38 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:385:38:385:38 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:387:38:387:38 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:389:38:389:38 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:414:22:414:22 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:418:25:418:25 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:427:49:427:49 | remoteString | provenance | | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | testPathInjection.swift:429:25:429:25 | remoteString | provenance | | +| testPathInjection.swift:290:21:290:45 | call to URL.init(string:) [some:0] | testPathInjection.swift:290:21:290:46 | ...! | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:295:24:295:24 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:298:30:298:30 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:299:22:299:22 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:304:40:304:40 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:306:31:306:31 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:310:28:310:28 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:313:23:313:23 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:315:22:315:22 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:316:30:316:30 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:317:51:317:51 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:318:24:318:24 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:319:45:319:45 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:320:21:320:21 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:321:34:321:34 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:324:21:324:21 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:325:34:325:34 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:328:31:328:31 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:329:60:329:60 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:332:21:332:21 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:333:34:333:34 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:344:34:344:34 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:362:26:362:26 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:370:25:370:25 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:395:35:395:35 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:397:40:397:40 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:401:19:401:19 | remoteUrl | provenance | | +| testPathInjection.swift:290:21:290:46 | ...! | testPathInjection.swift:403:24:403:24 | remoteUrl | provenance | | +| testPathInjection.swift:290:33:290:33 | remoteString | testPathInjection.swift:290:21:290:45 | call to URL.init(string:) [some:0] | provenance | | +| testPathInjection.swift:291:23:291:49 | call to NSURL.init(string:) [some:0] | testPathInjection.swift:291:23:291:50 | ...! | provenance | | +| testPathInjection.swift:291:23:291:50 | ...! | testPathInjection.swift:352:50:352:50 | remoteNsUrl | provenance | | +| testPathInjection.swift:291:23:291:50 | ...! | testPathInjection.swift:353:76:353:76 | remoteNsUrl | provenance | | +| testPathInjection.swift:291:37:291:37 | remoteString | testPathInjection.swift:291:23:291:49 | call to NSURL.init(string:) [some:0] | provenance | | +| testPathInjection.swift:368:72:368:72 | remoteString | testPathInjection.swift:368:48:368:84 | call to FilePath.init(stringLiteral:) | provenance | | +| testPathInjection.swift:369:68:369:68 | remoteString | testPathInjection.swift:369:44:369:80 | call to FilePath.init(stringLiteral:) | provenance | | +| testPathInjection.swift:401:19:401:19 | remoteUrl | testPathInjection.swift:248:7:248:7 | value | provenance | | +| testPathInjection.swift:401:19:401:19 | remoteUrl | testPathInjection.swift:401:2:401:2 | [post] config | provenance | | +| testPathInjection.swift:403:24:403:24 | remoteUrl | testPathInjection.swift:249:13:249:13 | value | provenance | | +| testPathInjection.swift:403:24:403:24 | remoteUrl | testPathInjection.swift:403:2:403:2 | [post] config | provenance | | +| testPathInjection.swift:409:22:409:87 | call to Data.init(contentsOf:options:) | testPathInjection.swift:411:5:411:5 | remoteData | provenance | | +| testPathInjection.swift:411:5:411:5 | remoteData | testPathInjection.swift:411:30:411:30 | [post] buffer2 | provenance | | +| testPathInjection.swift:411:30:411:30 | [post] buffer2 | testPathInjection.swift:416:24:416:24 | buffer2 | provenance | | +| testPathInjection.swift:433:24:433:78 | call to String.init(contentsOf:) | testPathInjection.swift:441:33:441:33 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:450:54:450:54 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:451:54:451:54 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:452:28:452:28 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:455:28:455:28 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:455:28:455:28 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:461:50:461:50 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:463:28:463:28 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:467:32:467:32 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:468:38:468:38 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:469:45:469:45 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:472:18:472:18 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:480:9:480:9 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:484:35:484:35 | remoteString | provenance | | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | testPathInjection.swift:485:41:485:41 | remoteString | provenance | | +| testPathInjection.swift:450:54:450:54 | remoteString | testPathInjection.swift:450:28:450:66 | call to appendingPathComponent(_:) | provenance | | +| testPathInjection.swift:451:28:451:66 | call to appendingPathComponent(_:) | testPathInjection.swift:451:28:451:93 | call to appendingPathComponent(_:) | provenance | | +| testPathInjection.swift:451:54:451:54 | remoteString | testPathInjection.swift:451:28:451:66 | call to appendingPathComponent(_:) | provenance | | +| testPathInjection.swift:452:5:452:5 | [post] u1 | testPathInjection.swift:453:28:453:28 | u1 | provenance | | +| testPathInjection.swift:452:28:452:28 | remoteString | testPathInjection.swift:452:5:452:5 | [post] u1 | provenance | | +| testPathInjection.swift:455:14:455:40 | call to URL.init(filePath:directoryHint:relativeTo:) | testPathInjection.swift:456:28:456:28 | u2 | provenance | | +| testPathInjection.swift:455:28:455:28 | remoteString | testPathInjection.swift:455:14:455:40 | call to URL.init(filePath:directoryHint:relativeTo:) | provenance | | +| testPathInjection.swift:461:24:461:62 | call to appendingPathComponent(_:) | testPathInjection.swift:461:24:461:63 | ...! | provenance | | +| testPathInjection.swift:461:50:461:50 | remoteString | testPathInjection.swift:461:24:461:62 | call to appendingPathComponent(_:) | provenance | | +| testPathInjection.swift:463:14:463:40 | call to NSURL.init(string:) [some:0] | testPathInjection.swift:463:14:463:41 | ...! | provenance | | +| testPathInjection.swift:463:14:463:41 | ...! | testPathInjection.swift:464:24:464:38 | ...! | provenance | | +| testPathInjection.swift:463:14:463:41 | ...! | testPathInjection.swift:465:24:465:24 | u4 | provenance | | +| testPathInjection.swift:463:28:463:28 | remoteString | testPathInjection.swift:463:14:463:40 | call to NSURL.init(string:) [some:0] | provenance | | +| testPathInjection.swift:465:24:465:24 | u4 | testPathInjection.swift:465:24:465:52 | call to appendingPathComponent(_:) | provenance | | +| testPathInjection.swift:465:24:465:52 | call to appendingPathComponent(_:) | testPathInjection.swift:465:24:465:53 | ...! | provenance | | +| testPathInjection.swift:472:5:472:5 | [post] s1 [pointee] | testPathInjection.swift:473:32:473:32 | s1 [pointee] | provenance | | +| testPathInjection.swift:472:18:472:18 | remoteString | testPathInjection.swift:472:5:472:5 | [post] s1 [pointee] | provenance | | +| testPathInjection.swift:473:32:473:32 | s1 [pointee] | testPathInjection.swift:473:32:473:35 | .pointee | provenance | | +| testPathInjection.swift:480:9:480:9 | remoteString | testPathInjection.swift:480:41:480:41 | [post] s3 [Collection element] | provenance | | +| testPathInjection.swift:480:41:480:41 | [post] s3 [Collection element] | testPathInjection.swift:482:32:482:32 | s3 [Collection element] | provenance | | +| testPathInjection.swift:482:32:482:32 | s3 [Collection element] | testPathInjection.swift:482:32:482:36 | ...[...] | provenance | | +| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:507:25:507:25 | remoteString | provenance | | +| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:508:17:508:17 | remoteString | provenance | | +| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:509:41:509:41 | remoteString | provenance | | +| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:511:38:511:38 | remoteString | provenance | | +| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | testPathInjection.swift:513:22:513:22 | remoteString | provenance | | +nodes +| file://:0:0:0:0 | [post] self | semmle.label | [post] self | +| file://:0:0:0:0 | [post] self | semmle.label | [post] self | +| file://:0:0:0:0 | [post] self [fileURL] | semmle.label | [post] self [fileURL] | +| file://:0:0:0:0 | [post] self [seedFilePath] | semmle.label | [post] self [seedFilePath] | +| file://:0:0:0:0 | value | semmle.label | value | +| file://:0:0:0:0 | value | semmle.label | value | +| testPathInjection.swift:248:7:248:7 | self [Return] [fileURL] | semmle.label | self [Return] [fileURL] | +| testPathInjection.swift:248:7:248:7 | value | semmle.label | value | +| testPathInjection.swift:249:13:249:13 | self [Return] [seedFilePath] | semmle.label | self [Return] [seedFilePath] | +| testPathInjection.swift:249:13:249:13 | value | semmle.label | value | +| testPathInjection.swift:289:24:289:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testPathInjection.swift:290:21:290:45 | call to URL.init(string:) [some:0] | semmle.label | call to URL.init(string:) [some:0] | +| testPathInjection.swift:290:21:290:46 | ...! | semmle.label | ...! | +| testPathInjection.swift:290:33:290:33 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:291:23:291:49 | call to NSURL.init(string:) [some:0] | semmle.label | call to NSURL.init(string:) [some:0] | +| testPathInjection.swift:291:23:291:50 | ...! | semmle.label | ...! | +| testPathInjection.swift:291:37:291:37 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:295:24:295:24 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:298:30:298:30 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:299:22:299:22 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:300:34:300:34 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:301:26:301:26 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:304:40:304:40 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:305:44:305:44 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:306:31:306:31 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:307:35:307:35 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:308:44:308:44 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:309:33:309:33 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:310:28:310:28 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:311:40:311:40 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:312:35:312:35 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:313:23:313:23 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:314:27:314:27 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:315:22:315:22 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:316:30:316:30 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:317:51:317:51 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:318:24:318:24 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:319:45:319:45 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:320:21:320:21 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:321:34:321:34 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:322:25:322:25 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:323:37:323:37 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:324:21:324:21 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:325:34:325:34 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:326:25:326:25 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:327:37:327:37 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:328:31:328:31 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:329:60:329:60 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:330:35:330:35 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:331:60:331:60 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:332:21:332:21 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:333:34:333:34 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:334:25:334:25 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:335:37:335:37 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:336:50:336:50 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:337:35:337:35 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:338:35:338:35 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:339:41:339:41 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:340:33:340:33 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:341:38:341:38 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:342:51:342:51 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:343:43:343:43 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:344:34:344:34 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:346:50:346:50 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:347:42:347:42 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:348:40:348:40 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:349:43:349:43 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:350:60:350:60 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:351:50:351:50 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:352:50:352:50 | remoteNsUrl | semmle.label | remoteNsUrl | +| testPathInjection.swift:353:76:353:76 | remoteNsUrl | semmle.label | remoteNsUrl | +| testPathInjection.swift:356:41:356:41 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:357:41:357:41 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:358:41:358:41 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:360:43:360:43 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:361:43:361:43 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:362:26:362:26 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:363:30:363:30 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:365:59:365:59 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:366:46:366:46 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:367:42:367:42 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:368:48:368:84 | call to FilePath.init(stringLiteral:) | semmle.label | call to FilePath.init(stringLiteral:) | +| testPathInjection.swift:368:72:368:72 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:369:44:369:80 | call to FilePath.init(stringLiteral:) | semmle.label | call to FilePath.init(stringLiteral:) | +| testPathInjection.swift:369:68:369:68 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:370:25:370:25 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:371:26:371:26 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:375:28:375:28 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:377:32:377:32 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:379:33:379:33 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:381:40:381:40 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:383:38:383:38 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:385:38:385:38 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:387:38:387:38 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:389:38:389:38 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:395:35:395:35 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:397:40:397:40 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:401:2:401:2 | [post] config | semmle.label | [post] config | +| testPathInjection.swift:401:19:401:19 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:403:2:403:2 | [post] config | semmle.label | [post] config | +| testPathInjection.swift:403:24:403:24 | remoteUrl | semmle.label | remoteUrl | +| testPathInjection.swift:409:22:409:87 | call to Data.init(contentsOf:options:) | semmle.label | call to Data.init(contentsOf:options:) | +| testPathInjection.swift:411:5:411:5 | remoteData | semmle.label | remoteData | +| testPathInjection.swift:411:30:411:30 | [post] buffer2 | semmle.label | [post] buffer2 | +| testPathInjection.swift:414:22:414:22 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:416:24:416:24 | buffer2 | semmle.label | buffer2 | +| testPathInjection.swift:418:25:418:25 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:427:49:427:49 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:429:25:429:25 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:433:24:433:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testPathInjection.swift:441:33:441:33 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:445:24:445:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testPathInjection.swift:450:28:450:66 | call to appendingPathComponent(_:) | semmle.label | call to appendingPathComponent(_:) | +| testPathInjection.swift:450:54:450:54 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:451:28:451:66 | call to appendingPathComponent(_:) | semmle.label | call to appendingPathComponent(_:) | +| testPathInjection.swift:451:28:451:93 | call to appendingPathComponent(_:) | semmle.label | call to appendingPathComponent(_:) | +| testPathInjection.swift:451:54:451:54 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:452:5:452:5 | [post] u1 | semmle.label | [post] u1 | +| testPathInjection.swift:452:28:452:28 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:453:28:453:28 | u1 | semmle.label | u1 | +| testPathInjection.swift:455:14:455:40 | call to URL.init(filePath:directoryHint:relativeTo:) | semmle.label | call to URL.init(filePath:directoryHint:relativeTo:) | +| testPathInjection.swift:455:28:455:28 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:455:28:455:28 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:456:28:456:28 | u2 | semmle.label | u2 | +| testPathInjection.swift:461:24:461:62 | call to appendingPathComponent(_:) | semmle.label | call to appendingPathComponent(_:) | +| testPathInjection.swift:461:24:461:63 | ...! | semmle.label | ...! | +| testPathInjection.swift:461:50:461:50 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:463:14:463:40 | call to NSURL.init(string:) [some:0] | semmle.label | call to NSURL.init(string:) [some:0] | +| testPathInjection.swift:463:14:463:41 | ...! | semmle.label | ...! | +| testPathInjection.swift:463:28:463:28 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:464:24:464:38 | ...! | semmle.label | ...! | +| testPathInjection.swift:465:24:465:24 | u4 | semmle.label | u4 | +| testPathInjection.swift:465:24:465:52 | call to appendingPathComponent(_:) | semmle.label | call to appendingPathComponent(_:) | +| testPathInjection.swift:465:24:465:53 | ...! | semmle.label | ...! | +| testPathInjection.swift:467:32:467:32 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:468:38:468:38 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:469:45:469:45 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:472:5:472:5 | [post] s1 [pointee] | semmle.label | [post] s1 [pointee] | +| testPathInjection.swift:472:18:472:18 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:473:32:473:32 | s1 [pointee] | semmle.label | s1 [pointee] | +| testPathInjection.swift:473:32:473:35 | .pointee | semmle.label | .pointee | +| testPathInjection.swift:480:9:480:9 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:480:41:480:41 | [post] s3 [Collection element] | semmle.label | [post] s3 [Collection element] | +| testPathInjection.swift:482:32:482:32 | s3 [Collection element] | semmle.label | s3 [Collection element] | +| testPathInjection.swift:482:32:482:36 | ...[...] | semmle.label | ...[...] | +| testPathInjection.swift:484:35:484:35 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:485:41:485:41 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:505:24:505:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testPathInjection.swift:507:25:507:25 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:508:17:508:17 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:509:41:509:41 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:511:38:511:38 | remoteString | semmle.label | remoteString | +| testPathInjection.swift:513:22:513:22 | remoteString | semmle.label | remoteString | +subpaths +| testPathInjection.swift:401:19:401:19 | remoteUrl | testPathInjection.swift:248:7:248:7 | value | testPathInjection.swift:248:7:248:7 | self [Return] [fileURL] | testPathInjection.swift:401:2:401:2 | [post] config | +| testPathInjection.swift:403:24:403:24 | remoteUrl | testPathInjection.swift:249:13:249:13 | value | testPathInjection.swift:249:13:249:13 | self [Return] [seedFilePath] | testPathInjection.swift:403:2:403:2 | [post] config | diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.ql b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.ql deleted file mode 100644 index a32f9c56ee90..000000000000 --- a/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.ql +++ /dev/null @@ -1,22 +0,0 @@ -import swift -import codeql.swift.dataflow.DataFlow -import codeql.swift.dataflow.FlowSources -import codeql.swift.security.PathInjectionQuery -import utils.test.InlineExpectationsTest - -module PathInjectionTest implements TestSig { - string getARelevantTag() { result = "hasPathInjection" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - exists(DataFlow::Node source, DataFlow::Node sink | - PathInjectionFlow::flow(source, sink) and - location = sink.getLocation() and - element = sink.toString() and - tag = "hasPathInjection" and - location.getFile().getName() != "" and - value = source.asExpr().getLocation().getStartLine().toString() - ) - } -} - -import MakeTest diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.qlref b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.qlref new file mode 100644 index 000000000000..6269075fd961 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.qlref @@ -0,0 +1,3 @@ +query: queries/Security/CWE-022/PathInjection.ql +postprocess: + - utils/test/InlineExpectationsTestQuery.ql diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjection/testPathInjection.swift b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/testPathInjection.swift index 2d9b6d88c393..14c38ae9eb26 100644 --- a/swift/ql/test/query-tests/Security/CWE-022/PathInjection/testPathInjection.swift +++ b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/testPathInjection.swift @@ -286,151 +286,151 @@ class Connection { // --- tests --- func test(buffer1: UnsafeMutablePointer, buffer2: UnsafeMutablePointer) { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let remoteUrl = URL(string: remoteString)! let remoteNsUrl = NSURL(string: remoteString)! let safeUrl = URL(string: "")! let safeNsUrl = NSURL(string: "")! - Data("").write(to: remoteUrl, options: []) // $ hasPathInjection=289 + Data("").write(to: remoteUrl, options: []) // $Alert let nsData = NSData() - let _ = nsData.write(to: remoteUrl, atomically: false) // $ hasPathInjection=289 - nsData.write(to: remoteUrl, options: []) // $ hasPathInjection=289 - let _ = nsData.write(toFile: remoteString, atomically: false) // $ hasPathInjection=289 - nsData.write(toFile: remoteString, options: []) // $ hasPathInjection=289 + let _ = nsData.write(to: remoteUrl, atomically: false) // $Alert + nsData.write(to: remoteUrl, options: []) // $Alert + let _ = nsData.write(toFile: remoteString, atomically: false) // $Alert + nsData.write(toFile: remoteString, options: []) // $Alert let fm = FileManager() - let _ = fm.contentsOfDirectory(at: remoteUrl, includingPropertiesForKeys: [], options: []) // $ hasPathInjection=289 - let _ = fm.contentsOfDirectory(atPath: remoteString) // $ hasPathInjection=289 - let _ = fm.enumerator(at: remoteUrl, includingPropertiesForKeys: [], options: [], errorHandler: nil) // $ hasPathInjection=289 - let _ = fm.enumerator(atPath: remoteString) // $ hasPathInjection=289 - let _ = fm.subpathsOfDirectory(atPath: remoteString) // $ hasPathInjection=289 - let _ = fm.subpaths(atPath: remoteString) // $ hasPathInjection=289 - fm.createDirectory(at: remoteUrl, withIntermediateDirectories: false, attributes: [:]) // $ hasPathInjection=289 - let _ = fm.createDirectory(atPath: remoteString, attributes: [:]) // $ hasPathInjection=289 - let _ = fm.createFile(atPath: remoteString, contents: nil, attributes: [:]) // $ hasPathInjection=289 - fm.removeItem(at: remoteUrl) // $ hasPathInjection=289 - fm.removeItem(atPath: remoteString) // $ hasPathInjection=289 - fm.trashItem(at: remoteUrl, resultingItemURL: AutoreleasingUnsafeMutablePointer()) // $ hasPathInjection=289 - let _ = fm.replaceItemAt(remoteUrl, withItemAt: safeUrl, backupItemName: nil, options: []) // $ hasPathInjection=289 - let _ = fm.replaceItemAt(safeUrl, withItemAt: remoteUrl, backupItemName: nil, options: []) // $ hasPathInjection=289 - fm.replaceItem(at: remoteUrl, withItemAt: safeUrl, backupItemName: nil, options: [], resultingItemURL: AutoreleasingUnsafeMutablePointer()) // $ hasPathInjection=289 - fm.replaceItem(at: safeUrl, withItemAt: remoteUrl, backupItemName: nil, options: [], resultingItemURL: AutoreleasingUnsafeMutablePointer()) // $ hasPathInjection=289 - fm.copyItem(at: remoteUrl, to: safeUrl) // $ hasPathInjection=289 - fm.copyItem(at: safeUrl, to: remoteUrl) // $ hasPathInjection=289 - fm.copyItem(atPath: remoteString, toPath: "") // $ hasPathInjection=289 - fm.copyItem(atPath: "", toPath: remoteString) // $ hasPathInjection=289 - fm.moveItem(at: remoteUrl, to: safeUrl) // $ hasPathInjection=289 - fm.moveItem(at: safeUrl, to: remoteUrl) // $ hasPathInjection=289 - fm.moveItem(atPath: remoteString, toPath: "") // $ hasPathInjection=289 - fm.moveItem(atPath: "", toPath: remoteString) // $ hasPathInjection=289 - fm.createSymbolicLink(at: remoteUrl, withDestinationURL: safeUrl) // $ hasPathInjection=289 - fm.createSymbolicLink(at: safeUrl, withDestinationURL: remoteUrl) // $ hasPathInjection=289 - fm.createSymbolicLink(atPath: remoteString, withDestinationPath: "") // $ hasPathInjection=289 - fm.createSymbolicLink(atPath: "", withDestinationPath: remoteString) // $ hasPathInjection=289 - fm.linkItem(at: remoteUrl, to: safeUrl) // $ hasPathInjection=289 - fm.linkItem(at: safeUrl, to: remoteUrl) // $ hasPathInjection=289 - fm.linkItem(atPath: remoteString, toPath: "") // $ hasPathInjection=289 - fm.linkItem(atPath: "", toPath: remoteString) // $ hasPathInjection=289 - let _ = fm.destinationOfSymbolicLink(atPath: remoteString) // $ hasPathInjection=289 - let _ = fm.fileExists(atPath: remoteString) // $ hasPathInjection=289 - let _ = fm.fileExists(atPath: remoteString, isDirectory: UnsafeMutablePointer.init(bitPattern: 0)) // $ hasPathInjection=289 - fm.setAttributes([:], ofItemAtPath: remoteString) // $ hasPathInjection=289 - let _ = fm.contents(atPath: remoteString) // $ hasPathInjection=289 - let _ = fm.contentsEqual(atPath: remoteString, andPath: "") // $ hasPathInjection=289 - let _ = fm.contentsEqual(atPath: "", andPath: remoteString) // $ hasPathInjection=289 - let _ = fm.changeCurrentDirectoryPath(remoteString) // $ hasPathInjection=289 - let _ = fm.unmountVolume(at: remoteUrl, options: [], completionHandler: { _ in }) // $ hasPathInjection=289 + let _ = fm.contentsOfDirectory(at: remoteUrl, includingPropertiesForKeys: [], options: []) // $Alert + let _ = fm.contentsOfDirectory(atPath: remoteString) // $Alert + let _ = fm.enumerator(at: remoteUrl, includingPropertiesForKeys: [], options: [], errorHandler: nil) // $Alert + let _ = fm.enumerator(atPath: remoteString) // $Alert + let _ = fm.subpathsOfDirectory(atPath: remoteString) // $Alert + let _ = fm.subpaths(atPath: remoteString) // $Alert + fm.createDirectory(at: remoteUrl, withIntermediateDirectories: false, attributes: [:]) // $Alert + let _ = fm.createDirectory(atPath: remoteString, attributes: [:]) // $Alert + let _ = fm.createFile(atPath: remoteString, contents: nil, attributes: [:]) // $Alert + fm.removeItem(at: remoteUrl) // $Alert + fm.removeItem(atPath: remoteString) // $Alert + fm.trashItem(at: remoteUrl, resultingItemURL: AutoreleasingUnsafeMutablePointer()) // $Alert + let _ = fm.replaceItemAt(remoteUrl, withItemAt: safeUrl, backupItemName: nil, options: []) // $Alert + let _ = fm.replaceItemAt(safeUrl, withItemAt: remoteUrl, backupItemName: nil, options: []) // $Alert + fm.replaceItem(at: remoteUrl, withItemAt: safeUrl, backupItemName: nil, options: [], resultingItemURL: AutoreleasingUnsafeMutablePointer()) // $Alert + fm.replaceItem(at: safeUrl, withItemAt: remoteUrl, backupItemName: nil, options: [], resultingItemURL: AutoreleasingUnsafeMutablePointer()) // $Alert + fm.copyItem(at: remoteUrl, to: safeUrl) // $Alert + fm.copyItem(at: safeUrl, to: remoteUrl) // $Alert + fm.copyItem(atPath: remoteString, toPath: "") // $Alert + fm.copyItem(atPath: "", toPath: remoteString) // $Alert + fm.moveItem(at: remoteUrl, to: safeUrl) // $Alert + fm.moveItem(at: safeUrl, to: remoteUrl) // $Alert + fm.moveItem(atPath: remoteString, toPath: "") // $Alert + fm.moveItem(atPath: "", toPath: remoteString) // $Alert + fm.createSymbolicLink(at: remoteUrl, withDestinationURL: safeUrl) // $Alert + fm.createSymbolicLink(at: safeUrl, withDestinationURL: remoteUrl) // $Alert + fm.createSymbolicLink(atPath: remoteString, withDestinationPath: "") // $Alert + fm.createSymbolicLink(atPath: "", withDestinationPath: remoteString) // $Alert + fm.linkItem(at: remoteUrl, to: safeUrl) // $Alert + fm.linkItem(at: safeUrl, to: remoteUrl) // $Alert + fm.linkItem(atPath: remoteString, toPath: "") // $Alert + fm.linkItem(atPath: "", toPath: remoteString) // $Alert + let _ = fm.destinationOfSymbolicLink(atPath: remoteString) // $Alert + let _ = fm.fileExists(atPath: remoteString) // $Alert + let _ = fm.fileExists(atPath: remoteString, isDirectory: UnsafeMutablePointer.init(bitPattern: 0)) // $Alert + fm.setAttributes([:], ofItemAtPath: remoteString) // $Alert + let _ = fm.contents(atPath: remoteString) // $Alert + let _ = fm.contentsEqual(atPath: remoteString, andPath: "") // $Alert + let _ = fm.contentsEqual(atPath: "", andPath: remoteString) // $Alert + let _ = fm.changeCurrentDirectoryPath(remoteString) // $Alert + let _ = fm.unmountVolume(at: remoteUrl, options: [], completionHandler: { _ in }) // $Alert // Deprecated methods - let _ = fm.changeFileAttributes([:], atPath: remoteString) // $ hasPathInjection=289 - let _ = fm.directoryContents(atPath: remoteString) // $ hasPathInjection=289 - let _ = fm.createDirectory(atPath: remoteString, attributes: [:]) // $ hasPathInjection=289 - let _ = fm.createSymbolicLink(atPath: remoteString, pathContent: "") // $ hasPathInjection=289 - let _ = fm.createSymbolicLink(atPath: "", pathContent: remoteString) // $ hasPathInjection=289 - let _ = fm.pathContentOfSymbolicLink(atPath: remoteString) // $ hasPathInjection=289 - let _ = fm.replaceItemAtURL(originalItemURL: remoteNsUrl, withItemAtURL: safeNsUrl, backupItemName: nil, options: []) // $ hasPathInjection=289 - let _ = fm.replaceItemAtURL(originalItemURL: safeNsUrl, withItemAtURL: remoteNsUrl, backupItemName: nil, options: []) // $ hasPathInjection=289 + let _ = fm.changeFileAttributes([:], atPath: remoteString) // $Alert + let _ = fm.directoryContents(atPath: remoteString) // $Alert + let _ = fm.createDirectory(atPath: remoteString, attributes: [:]) // $Alert + let _ = fm.createSymbolicLink(atPath: remoteString, pathContent: "") // $Alert + let _ = fm.createSymbolicLink(atPath: "", pathContent: remoteString) // $Alert + let _ = fm.pathContentOfSymbolicLink(atPath: remoteString) // $Alert + let _ = fm.replaceItemAtURL(originalItemURL: remoteNsUrl, withItemAtURL: safeNsUrl, backupItemName: nil, options: []) // $Alert + let _ = fm.replaceItemAtURL(originalItemURL: safeNsUrl, withItemAtURL: remoteNsUrl, backupItemName: nil, options: []) // $Alert var encoding = String.Encoding.utf8 - let _ = try! String(contentsOfFile: remoteString) // $ hasPathInjection=289 - let _ = try! String(contentsOfFile: remoteString, encoding: String.Encoding.utf8) // $ hasPathInjection=289 - let _ = try! String(contentsOfFile: remoteString, usedEncoding: &encoding) // $ hasPathInjection=289 - - let _ = try! NSString(contentsOfFile: remoteString, encoding: 0) // $ hasPathInjection=289 - let _ = try! NSString(contentsOfFile: remoteString, usedEncoding: nil) // $ hasPathInjection=289 - NSString().write(to: remoteUrl, atomically: true, encoding: 0) // $ hasPathInjection=289 - NSString().write(toFile: remoteString, atomically: true, encoding: 0) // $ hasPathInjection=289 - - let _ = NSKeyedUnarchiver().unarchiveObject(withFile: remoteString) // $ hasPathInjection=289 - let _ = ArchiveByteStream.fileStream(fd: remoteString as! FileDescriptor, automaticClose: true) // $ hasPathInjection=289 - ArchiveByteStream.withFileStream(fd: remoteString as! FileDescriptor, automaticClose: true) { _ in } // $ hasPathInjection=289 - let _ = ArchiveByteStream.fileStream(path: FilePath(stringLiteral: remoteString), mode: .readOnly, options: .append, permissions: .ownerRead) // $ hasPathInjection=289 - ArchiveByteStream.withFileStream(path: FilePath(stringLiteral: remoteString), mode: .readOnly, options: .append, permissions: .ownerRead) { _ in } // $ hasPathInjection=289 - let _ = Bundle(url: remoteUrl) // $ hasPathInjection=289 - let _ = Bundle(path: remoteString) // $ hasPathInjection=289 + let _ = try! String(contentsOfFile: remoteString) // $Alert + let _ = try! String(contentsOfFile: remoteString, encoding: String.Encoding.utf8) // $Alert + let _ = try! String(contentsOfFile: remoteString, usedEncoding: &encoding) // $Alert + + let _ = try! NSString(contentsOfFile: remoteString, encoding: 0) // $Alert + let _ = try! NSString(contentsOfFile: remoteString, usedEncoding: nil) // $Alert + NSString().write(to: remoteUrl, atomically: true, encoding: 0) // $Alert + NSString().write(toFile: remoteString, atomically: true, encoding: 0) // $Alert + + let _ = NSKeyedUnarchiver().unarchiveObject(withFile: remoteString) // $Alert + let _ = ArchiveByteStream.fileStream(fd: remoteString as! FileDescriptor, automaticClose: true) // $Alert + ArchiveByteStream.withFileStream(fd: remoteString as! FileDescriptor, automaticClose: true) { _ in } // $Alert + let _ = ArchiveByteStream.fileStream(path: FilePath(stringLiteral: remoteString), mode: .readOnly, options: .append, permissions: .ownerRead) // $Alert + ArchiveByteStream.withFileStream(path: FilePath(stringLiteral: remoteString), mode: .readOnly, options: .append, permissions: .ownerRead) { _ in } // $Alert + let _ = Bundle(url: remoteUrl) // $Alert + let _ = Bundle(path: remoteString) // $Alert // GRDB - let _ = Database(path: remoteString, description: "", configuration: Configuration()) // $ hasPathInjection=289 + let _ = Database(path: remoteString, description: "", configuration: Configuration()) // $Alert let _ = Database(path: "", description: "", configuration: Configuration()) // Safe - let _ = DatabasePool(path: remoteString, configuration: Configuration()) // $ hasPathInjection=289 + let _ = DatabasePool(path: remoteString, configuration: Configuration()) // $Alert let _ = DatabasePool(path: "", configuration: Configuration()) // Safe - let _ = DatabaseQueue(path: remoteString, configuration: Configuration()) // $ hasPathInjection=289 + let _ = DatabaseQueue(path: remoteString, configuration: Configuration()) // $Alert let _ = DatabaseQueue(path: "", configuration: Configuration()) // Safe - let _ = DatabaseSnapshotPool(path: remoteString, configuration: Configuration()) // $ hasPathInjection=289 + let _ = DatabaseSnapshotPool(path: remoteString, configuration: Configuration()) // $Alert let _ = DatabaseSnapshotPool(path: "", configuration: Configuration()) // Safe - let _ = SerializedDatabase(path: remoteString, defaultLabel: "") // $ hasPathInjection=289 + let _ = SerializedDatabase(path: remoteString, defaultLabel: "") // $Alert let _ = SerializedDatabase(path: "", defaultLabel: "") // Safe - let _ = SerializedDatabase(path: remoteString, defaultLabel: "", purpose: nil) // $ hasPathInjection=289 + let _ = SerializedDatabase(path: remoteString, defaultLabel: "", purpose: nil) // $Alert let _ = SerializedDatabase(path: "", defaultLabel: "", purpose: nil) // Safe - let _ = SerializedDatabase(path: remoteString, configuration: Configuration(), defaultLabel: "") // $ hasPathInjection=289 + let _ = SerializedDatabase(path: remoteString, configuration: Configuration(), defaultLabel: "") // $Alert let _ = SerializedDatabase(path: "", configuration: Configuration(), defaultLabel: "") // Safe - let _ = SerializedDatabase(path: remoteString, configuration: Configuration(), defaultLabel: "", purpose: nil) // $ hasPathInjection=289 + let _ = SerializedDatabase(path: remoteString, configuration: Configuration(), defaultLabel: "", purpose: nil) // $Alert let _ = SerializedDatabase(path: "", configuration: Configuration(), defaultLabel: "", purpose: nil) // Safe // Realm _ = Realm.Configuration(fileURL: safeUrl) // GOOD - _ = Realm.Configuration(fileURL: remoteUrl) // $ hasPathInjection=289 + _ = Realm.Configuration(fileURL: remoteUrl) // $Alert _ = Realm.Configuration(seedFilePath: safeUrl) // GOOD - _ = Realm.Configuration(seedFilePath: remoteUrl) // $ hasPathInjection=289 + _ = Realm.Configuration(seedFilePath: remoteUrl) // $Alert var config = Realm.Configuration() // GOOD config.fileURL = safeUrl // GOOD - config.fileURL = remoteUrl // $ hasPathInjection=289 + config.fileURL = remoteUrl // $Alert config.seedFilePath = safeUrl // GOOD - config.seedFilePath = remoteUrl // $ hasPathInjection=289 + config.seedFilePath = remoteUrl // $Alert // sqlite3 var db: OpaquePointer? let localData = Data(0) - let remoteData = Data(contentsOf: URL(string: "http://example.com/")!, options: []) + let remoteData = Data(contentsOf: URL(string: "http://example.com/")!, options: []) // $Source localData.copyBytes(to: buffer1, count: localData.count) remoteData.copyBytes(to: buffer2, count: remoteData.count) _ = sqlite3_open("myFile.sqlite3", &db) // GOOD - _ = sqlite3_open(remoteString, &db) // $ hasPathInjection=289 + _ = sqlite3_open(remoteString, &db) // $Alert _ = sqlite3_open16(buffer1, &db) // GOOD - _ = sqlite3_open16(buffer2, &db) // $ hasPathInjection=409 + _ = sqlite3_open16(buffer2, &db) // $Alert _ = sqlite3_open_v2("myFile.sqlite3", &db, 0, nil) // GOOD - _ = sqlite3_open_v2(remoteString, &db, 0, nil) // $ hasPathInjection=289 + _ = sqlite3_open_v2(remoteString, &db, 0, nil) // $Alert sqlite3_temp_directory = UnsafeMutablePointer(mutating: NSString(string: "myFile.sqlite3").utf8String) // GOOD - sqlite3_temp_directory = UnsafeMutablePointer(mutating: NSString(string: remoteString).utf8String) // $ MISSING: hasPathInjection=289 + sqlite3_temp_directory = UnsafeMutablePointer(mutating: NSString(string: remoteString).utf8String) // $ MISSING: Alert // SQLite.swift try! _ = Connection() try! _ = Connection(Connection.Location.uri("myFile.sqlite3")) // GOOD - try! _ = Connection(Connection.Location.uri(remoteString)) // $ hasPathInjection=289 + try! _ = Connection(Connection.Location.uri(remoteString)) // $Alert try! _ = Connection("myFile.sqlite3") // GOOD - try! _ = Connection(remoteString) // $ hasPathInjection=289 + try! _ = Connection(remoteString) // $Alert } func testBarriers() { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let fm = FileManager() @@ -438,51 +438,51 @@ func testBarriers() { if (filePath.lexicallyNormalized().starts(with: "/safe")) { let _ = fm.contents(atPath: remoteString) // Safe } - let _ = fm.contents(atPath: remoteString) // $ hasPathInjection=433 + let _ = fm.contents(atPath: remoteString) // $Alert } func testPathInjection2(s1: UnsafeMutablePointer, s2: UnsafeMutablePointer, s3: UnsafeMutablePointer, fm: FileManager) throws { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source var u1 = URL(filePath: "") _ = NSData(contentsOf: u1) _ = NSData(contentsOf: u1.appendingPathComponent("")) - _ = NSData(contentsOf: u1.appendingPathComponent(remoteString)) // $ hasPathInjection=445 - _ = NSData(contentsOf: u1.appendingPathComponent(remoteString).appendingPathComponent("")) // $ hasPathInjection=445 + _ = NSData(contentsOf: u1.appendingPathComponent(remoteString)) // $Alert + _ = NSData(contentsOf: u1.appendingPathComponent(remoteString).appendingPathComponent("")) // $Alert u1.appendPathComponent(remoteString) - _ = NSData(contentsOf: u1) // $ hasPathInjection=445 + _ = NSData(contentsOf: u1) // $Alert - let u2 = URL(filePath: remoteString) // $ hasPathInjection=445 - _ = NSData(contentsOf: u2) // $ hasPathInjection=445 + let u2 = URL(filePath: remoteString) // $Alert + _ = NSData(contentsOf: u2) // $Alert let u3 = NSURL(string: "")! Data("").write(to: u3.filePathURL!, options: []) Data("").write(to: u3.appendingPathComponent("")!, options: []) - Data("").write(to: u3.appendingPathComponent(remoteString)!, options: []) // $ hasPathInjection=445 + Data("").write(to: u3.appendingPathComponent(remoteString)!, options: []) // $Alert let u4 = NSURL(string: remoteString)! - Data("").write(to: u4.filePathURL!, options: []) // $ hasPathInjection=445 - Data("").write(to: u4.appendingPathComponent("")!, options: []) // $ hasPathInjection=445 + Data("").write(to: u4.filePathURL!, options: []) // $Alert + Data("").write(to: u4.appendingPathComponent("")!, options: []) // $Alert - _ = NSData(contentsOfFile: remoteString)! // $ hasPathInjection=445 - _ = NSData(contentsOfMappedFile: remoteString)! // $ hasPathInjection=445 - _ = NSData.dataWithContentsOfMappedFile(remoteString)! // $ hasPathInjection=445 + _ = NSData(contentsOfFile: remoteString)! // $Alert + _ = NSData(contentsOfMappedFile: remoteString)! // $Alert + _ = NSData.dataWithContentsOfMappedFile(remoteString)! // $Alert _ = NSData().write(toFile: s1.pointee, atomically: true) s1.pointee = remoteString - _ = NSData().write(toFile: s1.pointee, atomically: true) // $ hasPathInjection=445 - _ = NSData().write(toFile: s1[0], atomically: true) // $ MISSING: hasPathInjection=445 + _ = NSData().write(toFile: s1.pointee, atomically: true) // $Alert + _ = NSData().write(toFile: s1[0], atomically: true) // $ MISSING: Alert _ = "".completePath(into: s2, caseSensitive: false, matchesInto: nil, filterTypes: nil) _ = NSData().write(toFile: s2.pointee, atomically: true) _ = NSData().write(toFile: s2[0], atomically: true) _ = remoteString.completePath(into: s3, caseSensitive: false, matchesInto: nil, filterTypes: nil) - _ = NSData().write(toFile: s3.pointee, atomically: true) // $ MISSING: hasPathInjection=445 - _ = NSData().write(toFile: s3[0], atomically: true) // $ hasPathInjection=445 + _ = NSData().write(toFile: s3.pointee, atomically: true) // $ MISSING: Alert + _ = NSData().write(toFile: s3[0], atomically: true) // $Alert - _ = fm.fileAttributes(atPath: remoteString, traverseLink: true) // $ hasPathInjection=445 - _ = try fm.attributesOfItem(atPath: remoteString) // $ hasPathInjection=445 + _ = fm.fileAttributes(atPath: remoteString, traverseLink: true) // $Alert + _ = try fm.attributesOfItem(atPath: remoteString) // $Alert } // --- @@ -502,18 +502,18 @@ class MyFile { } func testPathInjectionHeuristics() { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source - myOpenFile1(atPath: remoteString) // $ hasPathInjection=505 - myOpenFile2(remoteString) // $ hasPathInjection=505 - myFindFiles(ofType: 0, inDirectory: remoteString) // $ hasPathInjection=505 + myOpenFile1(atPath: remoteString) // $Alert + myOpenFile2(remoteString) // $Alert + myFindFiles(ofType: 0, inDirectory: remoteString) // $Alert - let mc = MyClass(contentsOfFile: remoteString) // $ hasPathInjection=505 + let mc = MyClass(contentsOfFile: remoteString) // $Alert mc.doSomething(keyPath: remoteString) // good - not a path - mc.write(toFile: remoteString) // $ hasPathInjection=505 + mc.write(toFile: remoteString) // $Alert let mf1 = MyFile(path: "") - let mf2 = MyFile(path: remoteString) // $ MISSING: hasPathInjection= + let mf2 = MyFile(path: remoteString) // $ MISSING: Alert _ = NSSortDescriptor(key: remoteString, ascending: true) // good - not a path _ = NSSortDescriptor(keyPath: remoteString as! KeyPath, ascending: true) // good - not a path diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected index e69de29bb2d1..397e4d8a05bb 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected +++ b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected @@ -0,0 +1,297 @@ +#select +| cleartextLoggingTest.swift:167:11:167:11 | [...] | cleartextLoggingTest.swift:167:11:167:11 | password | cleartextLoggingTest.swift:167:11:167:11 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:167:11:167:11 | password | password | +| cleartextLoggingTest.swift:168:11:168:11 | [...] | cleartextLoggingTest.swift:168:11:168:11 | password | cleartextLoggingTest.swift:168:11:168:11 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:168:11:168:11 | password | password | +| cleartextLoggingTest.swift:169:26:169:26 | password | cleartextLoggingTest.swift:169:26:169:26 | password | cleartextLoggingTest.swift:169:26:169:26 | password | This operation writes 'password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:169:26:169:26 | password | password | +| cleartextLoggingTest.swift:170:11:170:11 | [...] | cleartextLoggingTest.swift:170:11:170:11 | password | cleartextLoggingTest.swift:170:11:170:11 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:170:11:170:11 | password | password | +| cleartextLoggingTest.swift:171:26:171:26 | password | cleartextLoggingTest.swift:171:26:171:26 | password | cleartextLoggingTest.swift:171:26:171:26 | password | This operation writes 'password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:171:26:171:26 | password | password | +| cleartextLoggingTest.swift:172:42:172:42 | password | cleartextLoggingTest.swift:172:42:172:42 | password | cleartextLoggingTest.swift:172:42:172:42 | password | This operation writes 'password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:172:42:172:42 | password | password | +| cleartextLoggingTest.swift:175:16:175:16 | [...] | cleartextLoggingTest.swift:175:16:175:16 | password | cleartextLoggingTest.swift:175:16:175:16 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:175:16:175:16 | password | password | +| cleartextLoggingTest.swift:177:10:177:10 | password | cleartextLoggingTest.swift:177:10:177:10 | password | cleartextLoggingTest.swift:177:10:177:10 | password | This operation writes 'password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:177:10:177:10 | password | password | +| cleartextLoggingTest.swift:179:11:179:11 | password | cleartextLoggingTest.swift:179:11:179:11 | password | cleartextLoggingTest.swift:179:11:179:11 | password | This operation writes 'password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:179:11:179:11 | password | password | +| cleartextLoggingTest.swift:180:17:180:17 | [...] | cleartextLoggingTest.swift:180:17:180:17 | password | cleartextLoggingTest.swift:180:17:180:17 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:180:17:180:17 | password | password | +| cleartextLoggingTest.swift:181:20:181:24 | [...] | cleartextLoggingTest.swift:181:24:181:24 | password | cleartextLoggingTest.swift:181:20:181:24 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:181:24:181:24 | password | password | +| cleartextLoggingTest.swift:182:11:182:11 | "..." | cleartextLoggingTest.swift:182:14:182:14 | password | cleartextLoggingTest.swift:182:11:182:11 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:182:14:182:14 | password | password | +| cleartextLoggingTest.swift:183:18:183:38 | call to getVaList(_:) | cleartextLoggingTest.swift:183:29:183:29 | password | cleartextLoggingTest.swift:183:18:183:38 | call to getVaList(_:) | This operation writes 'call to getVaList(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:183:29:183:29 | password | password | +| cleartextLoggingTest.swift:184:21:184:45 | call to getVaList(_:) | cleartextLoggingTest.swift:184:36:184:36 | password | cleartextLoggingTest.swift:184:21:184:45 | call to getVaList(_:) | This operation writes 'call to getVaList(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:184:36:184:36 | password | password | +| cleartextLoggingTest.swift:220:11:220:11 | passphrase | cleartextLoggingTest.swift:220:11:220:11 | passphrase | cleartextLoggingTest.swift:220:11:220:11 | passphrase | This operation writes 'passphrase' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:220:11:220:11 | passphrase | passphrase | +| cleartextLoggingTest.swift:221:11:221:11 | pass_phrase | cleartextLoggingTest.swift:221:11:221:11 | pass_phrase | cleartextLoggingTest.swift:221:11:221:11 | pass_phrase | This operation writes 'pass_phrase' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:221:11:221:11 | pass_phrase | pass_phrase | +| cleartextLoggingTest.swift:224:49:224:49 | [...] | cleartextLoggingTest.swift:224:49:224:49 | password | cleartextLoggingTest.swift:224:49:224:49 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:224:49:224:49 | password | password | +| cleartextLoggingTest.swift:225:55:225:63 | [...] | cleartextLoggingTest.swift:225:63:225:63 | password | cleartextLoggingTest.swift:225:55:225:63 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:225:63:225:63 | password | password | +| cleartextLoggingTest.swift:241:8:241:8 | x | cleartextLoggingTest.swift:240:24:240:24 | x | cleartextLoggingTest.swift:241:8:241:8 | x | This operation writes 'x' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:240:24:240:24 | x | x | +| cleartextLoggingTest.swift:244:8:244:8 | y | cleartextLoggingTest.swift:243:10:243:22 | call to getPassword() | cleartextLoggingTest.swift:244:8:244:8 | y | This operation writes 'y' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:243:10:243:22 | call to getPassword() | call to getPassword() | +| cleartextLoggingTest.swift:248:8:248:10 | .password | cleartextLoggingTest.swift:248:8:248:10 | .password | cleartextLoggingTest.swift:248:8:248:10 | .password | This operation writes '.password' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:248:8:248:10 | .password | .password | +| cleartextLoggingTest.swift:263:8:263:20 | .value | cleartextLoggingTest.swift:263:8:263:11 | .password | cleartextLoggingTest.swift:263:8:263:20 | .value | This operation writes '.value' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:263:8:263:11 | .password | .password | +| cleartextLoggingTest.swift:287:8:287:8 | [...] | cleartextLoggingTest.swift:286:8:286:8 | password | cleartextLoggingTest.swift:287:8:287:8 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:286:8:286:8 | password | password | +| cleartextLoggingTest.swift:290:8:290:8 | [...] | cleartextLoggingTest.swift:289:18:289:18 | password | cleartextLoggingTest.swift:290:8:290:8 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:289:18:289:18 | password | password | +| cleartextLoggingTest.swift:296:13:296:13 | [...] | cleartextLoggingTest.swift:295:13:295:13 | password | cleartextLoggingTest.swift:296:13:296:13 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:295:13:295:13 | password | password | +| cleartextLoggingTest.swift:302:7:302:7 | myString7 | cleartextLoggingTest.swift:301:7:301:7 | password | cleartextLoggingTest.swift:302:7:302:7 | myString7 | This operation writes 'myString7' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:301:7:301:7 | password | password | +| cleartextLoggingTest.swift:308:8:308:8 | [...] | cleartextLoggingTest.swift:307:18:307:18 | password | cleartextLoggingTest.swift:308:8:308:8 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:307:18:307:18 | password | password | +| cleartextLoggingTest.swift:313:8:313:8 | [...] | cleartextLoggingTest.swift:311:19:311:19 | password | cleartextLoggingTest.swift:313:8:313:8 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:311:19:311:19 | password | password | +| cleartextLoggingTest.swift:319:8:319:8 | [...] | cleartextLoggingTest.swift:318:2:318:2 | password | cleartextLoggingTest.swift:319:8:319:8 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:318:2:318:2 | password | password | +| cleartextLoggingTest.swift:334:17:334:17 | { ... } | cleartextLoggingTest.swift:334:17:334:17 | password | cleartextLoggingTest.swift:334:17:334:17 | { ... } | This operation writes '{ ... }' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:334:17:334:17 | password | password | +| cleartextLoggingTest.swift:336:20:336:20 | { ... } | cleartextLoggingTest.swift:336:20:336:20 | password | cleartextLoggingTest.swift:336:20:336:20 | { ... } | This operation writes '{ ... }' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:336:20:336:20 | password | password | +| cleartextLoggingTest.swift:338:23:338:23 | { ... } | cleartextLoggingTest.swift:338:23:338:23 | password | cleartextLoggingTest.swift:338:23:338:23 | { ... } | This operation writes '{ ... }' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:338:23:338:23 | password | password | +| cleartextLoggingTest.swift:340:23:340:23 | { ... } | cleartextLoggingTest.swift:340:23:340:23 | password | cleartextLoggingTest.swift:340:23:340:23 | { ... } | This operation writes '{ ... }' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:340:23:340:23 | password | password | +| cleartextLoggingTest.swift:342:14:342:14 | { ... } | cleartextLoggingTest.swift:342:14:342:14 | password | cleartextLoggingTest.swift:342:14:342:14 | { ... } | This operation writes '{ ... }' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:342:14:342:14 | password | password | +| cleartextLoggingTest.swift:347:69:347:69 | "..." | cleartextLoggingTest.swift:347:72:347:72 | passwordString | cleartextLoggingTest.swift:347:69:347:69 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:347:72:347:72 | passwordString | passwordString | +| cleartextLoggingTest.swift:350:61:350:61 | "..." | cleartextLoggingTest.swift:350:64:350:64 | passwordString | cleartextLoggingTest.swift:350:61:350:61 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:350:64:350:64 | passwordString | passwordString | +| cleartextLoggingTest.swift:351:92:351:118 | call to getVaList(_:) | cleartextLoggingTest.swift:351:103:351:103 | passwordString | cleartextLoggingTest.swift:351:92:351:118 | call to getVaList(_:) | This operation writes 'call to getVaList(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:351:103:351:103 | passwordString | passwordString | +| cleartextLoggingTest.swift:353:20:353:20 | "..." | cleartextLoggingTest.swift:353:23:353:23 | passwordString | cleartextLoggingTest.swift:353:20:353:20 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:353:23:353:23 | passwordString | passwordString | +| cleartextLoggingTest.swift:354:40:354:40 | [...] | cleartextLoggingTest.swift:354:40:354:40 | passwordString | cleartextLoggingTest.swift:354:40:354:40 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:354:40:354:40 | passwordString | passwordString | +| cleartextLoggingTest.swift:355:44:355:51 | [...] | cleartextLoggingTest.swift:355:51:355:51 | passwordString | cleartextLoggingTest.swift:355:44:355:51 | [...] | This operation writes '[...]' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:355:51:355:51 | passwordString | passwordString | +| cleartextLoggingTest.swift:356:17:356:17 | "..." | cleartextLoggingTest.swift:356:20:356:20 | passwordString | cleartextLoggingTest.swift:356:17:356:17 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:356:20:356:20 | passwordString | passwordString | +| cleartextLoggingTest.swift:357:37:357:63 | call to getVaList(_:) | cleartextLoggingTest.swift:357:48:357:48 | passwordString | cleartextLoggingTest.swift:357:37:357:63 | call to getVaList(_:) | This operation writes 'call to getVaList(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:357:48:357:48 | passwordString | passwordString | +| cleartextLoggingTest.swift:358:23:358:23 | "..." | cleartextLoggingTest.swift:358:26:358:26 | passwordString | cleartextLoggingTest.swift:358:23:358:23 | "..." | This operation writes '"..."' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:358:26:358:26 | passwordString | passwordString | +| cleartextLoggingTest.swift:359:43:359:69 | call to getVaList(_:) | cleartextLoggingTest.swift:359:54:359:54 | passwordString | cleartextLoggingTest.swift:359:43:359:69 | call to getVaList(_:) | This operation writes 'call to getVaList(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:359:54:359:54 | passwordString | passwordString | +| cleartextLoggingTest.swift:365:18:365:18 | authKey | cleartextLoggingTest.swift:365:18:365:18 | authKey | cleartextLoggingTest.swift:365:18:365:18 | authKey | This operation writes 'authKey' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:365:18:365:18 | authKey | authKey | +| cleartextLoggingTest.swift:366:18:366:33 | call to String.init(_:) | cleartextLoggingTest.swift:366:25:366:25 | authKey2 | cleartextLoggingTest.swift:366:18:366:33 | call to String.init(_:) | This operation writes 'call to String.init(_:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:366:25:366:25 | authKey2 | authKey2 | +| cleartextLoggingTest.swift:369:16:369:40 | call to NSString.init(string:) | cleartextLoggingTest.swift:369:33:369:33 | authKey | cleartextLoggingTest.swift:369:16:369:40 | call to NSString.init(string:) | This operation writes 'call to NSString.init(string:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:369:33:369:33 | authKey | authKey | +| cleartextLoggingTest.swift:370:13:370:13 | authKey | cleartextLoggingTest.swift:370:13:370:13 | authKey | cleartextLoggingTest.swift:370:13:370:13 | authKey | This operation writes 'authKey' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:370:13:370:13 | authKey | authKey | +| cleartextLoggingTest.swift:371:24:371:24 | authKey | cleartextLoggingTest.swift:371:24:371:24 | authKey | cleartextLoggingTest.swift:371:24:371:24 | authKey | This operation writes 'authKey' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:371:24:371:24 | authKey | authKey | +| cleartextLoggingTest.swift:378:16:378:16 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:378:16:378:16 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey | +| cleartextLoggingTest.swift:379:18:379:18 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:379:18:379:18 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey | +| cleartextLoggingTest.swift:380:18:380:18 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:380:18:380:18 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey | +| cleartextLoggingTest.swift:381:17:381:37 | call to NSString.init(string:) | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:381:17:381:37 | call to NSString.init(string:) | This operation writes 'call to NSString.init(string:)' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey | +| cleartextLoggingTest.swift:382:19:382:19 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:382:19:382:19 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey | +| cleartextLoggingTest.swift:383:20:383:20 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:383:20:383:20 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey | +| cleartextLoggingTest.swift:384:18:384:18 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:384:18:384:18 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey | +| cleartextLoggingTest.swift:385:21:385:21 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:385:21:385:21 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey | +| cleartextLoggingTest.swift:386:18:386:18 | msg | cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:386:18:386:18 | msg | This operation writes 'msg' to a log file. It may contain unencrypted sensitive data from $@. | cleartextLoggingTest.swift:377:29:377:29 | authKey | authKey | +edges +| cleartextLoggingTest.swift:167:11:167:11 | [...] [Collection element] | cleartextLoggingTest.swift:167:11:167:11 | [...] | provenance | | +| cleartextLoggingTest.swift:167:11:167:11 | password | cleartextLoggingTest.swift:167:11:167:11 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:168:11:168:11 | [...] [Collection element] | cleartextLoggingTest.swift:168:11:168:11 | [...] | provenance | | +| cleartextLoggingTest.swift:168:11:168:11 | password | cleartextLoggingTest.swift:168:11:168:11 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:170:11:170:11 | [...] [Collection element] | cleartextLoggingTest.swift:170:11:170:11 | [...] | provenance | | +| cleartextLoggingTest.swift:170:11:170:11 | password | cleartextLoggingTest.swift:170:11:170:11 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:175:16:175:16 | [...] [Collection element] | cleartextLoggingTest.swift:175:16:175:16 | [...] | provenance | | +| cleartextLoggingTest.swift:175:16:175:16 | password | cleartextLoggingTest.swift:175:16:175:16 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:180:17:180:17 | [...] [Collection element] | cleartextLoggingTest.swift:180:17:180:17 | [...] | provenance | | +| cleartextLoggingTest.swift:180:17:180:17 | password | cleartextLoggingTest.swift:180:17:180:17 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:181:20:181:24 | [...] [Collection element] | cleartextLoggingTest.swift:181:20:181:24 | [...] | provenance | | +| cleartextLoggingTest.swift:181:24:181:24 | password | cleartextLoggingTest.swift:181:20:181:24 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:182:14:182:14 | password | cleartextLoggingTest.swift:182:11:182:11 | "..." | provenance | | +| cleartextLoggingTest.swift:183:28:183:37 | [...] [Collection element] | cleartextLoggingTest.swift:183:18:183:38 | call to getVaList(_:) | provenance | | +| cleartextLoggingTest.swift:183:29:183:29 | password | cleartextLoggingTest.swift:183:28:183:37 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:184:31:184:44 | [...] [Collection element] | cleartextLoggingTest.swift:184:21:184:45 | call to getVaList(_:) | provenance | | +| cleartextLoggingTest.swift:184:36:184:36 | password | cleartextLoggingTest.swift:184:31:184:44 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:224:49:224:49 | [...] [Collection element] | cleartextLoggingTest.swift:224:49:224:49 | [...] | provenance | | +| cleartextLoggingTest.swift:224:49:224:49 | password | cleartextLoggingTest.swift:224:49:224:49 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:225:55:225:63 | [...] [Collection element] | cleartextLoggingTest.swift:225:55:225:63 | [...] | provenance | | +| cleartextLoggingTest.swift:225:63:225:63 | password | cleartextLoggingTest.swift:225:55:225:63 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:240:24:240:24 | x | cleartextLoggingTest.swift:241:8:241:8 | x | provenance | | +| cleartextLoggingTest.swift:243:10:243:22 | call to getPassword() | cleartextLoggingTest.swift:244:8:244:8 | y | provenance | | +| cleartextLoggingTest.swift:253:7:253:7 | self | file://:0:0:0:0 | self | provenance | | +| cleartextLoggingTest.swift:263:8:263:11 | .password | cleartextLoggingTest.swift:253:7:253:7 | self | provenance | | +| cleartextLoggingTest.swift:263:8:263:11 | .password | cleartextLoggingTest.swift:263:8:263:20 | .value | provenance | Config | +| cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | cleartextLoggingTest.swift:286:23:286:23 | [post] myString2 | provenance | | +| cleartextLoggingTest.swift:286:8:286:8 | password | cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:286:23:286:23 | [post] myString2 | cleartextLoggingTest.swift:287:8:287:8 | myString2 | provenance | | +| cleartextLoggingTest.swift:287:8:287:8 | [...] [Collection element] | cleartextLoggingTest.swift:287:8:287:8 | [...] | provenance | | +| cleartextLoggingTest.swift:287:8:287:8 | myString2 | cleartextLoggingTest.swift:287:8:287:8 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:289:8:289:18 | ... .+(_:_:) ... | cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | cleartextLoggingTest.swift:289:33:289:33 | [post] myString3 | provenance | | +| cleartextLoggingTest.swift:289:18:289:18 | password | cleartextLoggingTest.swift:289:8:289:18 | ... .+(_:_:) ... | provenance | | +| cleartextLoggingTest.swift:289:33:289:33 | [post] myString3 | cleartextLoggingTest.swift:290:8:290:8 | myString3 | provenance | | +| cleartextLoggingTest.swift:290:8:290:8 | [...] [Collection element] | cleartextLoggingTest.swift:290:8:290:8 | [...] | provenance | | +| cleartextLoggingTest.swift:290:8:290:8 | myString3 | cleartextLoggingTest.swift:290:8:290:8 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | cleartextLoggingTest.swift:295:28:295:28 | [post] myString5 | provenance | | +| cleartextLoggingTest.swift:295:13:295:13 | password | cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:295:28:295:28 | [post] myString5 | cleartextLoggingTest.swift:296:13:296:13 | myString5 | provenance | | +| cleartextLoggingTest.swift:296:13:296:13 | [...] [Collection element] | cleartextLoggingTest.swift:296:13:296:13 | [...] | provenance | | +| cleartextLoggingTest.swift:296:13:296:13 | myString5 | cleartextLoggingTest.swift:296:13:296:13 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:301:7:301:7 | password | cleartextLoggingTest.swift:301:22:301:22 | [post] myString7 | provenance | | +| cleartextLoggingTest.swift:301:22:301:22 | [post] myString7 | cleartextLoggingTest.swift:302:7:302:7 | myString7 | provenance | | +| cleartextLoggingTest.swift:307:2:307:2 | [post] myString9 | cleartextLoggingTest.swift:308:8:308:8 | myString9 | provenance | | +| cleartextLoggingTest.swift:307:18:307:18 | password | cleartextLoggingTest.swift:307:2:307:2 | [post] myString9 | provenance | | +| cleartextLoggingTest.swift:308:8:308:8 | [...] [Collection element] | cleartextLoggingTest.swift:308:8:308:8 | [...] | provenance | | +| cleartextLoggingTest.swift:308:8:308:8 | myString9 | cleartextLoggingTest.swift:308:8:308:8 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:311:2:311:2 | [post] myString10 | cleartextLoggingTest.swift:313:8:313:8 | myString10 | provenance | | +| cleartextLoggingTest.swift:311:19:311:19 | password | cleartextLoggingTest.swift:311:2:311:2 | [post] myString10 | provenance | | +| cleartextLoggingTest.swift:313:8:313:8 | [...] [Collection element] | cleartextLoggingTest.swift:313:8:313:8 | [...] | provenance | | +| cleartextLoggingTest.swift:313:8:313:8 | myString10 | cleartextLoggingTest.swift:313:8:313:8 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:318:2:318:2 | password | cleartextLoggingTest.swift:318:22:318:22 | [post] myString12 | provenance | | +| cleartextLoggingTest.swift:318:22:318:22 | [post] myString12 | cleartextLoggingTest.swift:319:8:319:8 | myString12 | provenance | | +| cleartextLoggingTest.swift:319:8:319:8 | [...] [Collection element] | cleartextLoggingTest.swift:319:8:319:8 | [...] | provenance | | +| cleartextLoggingTest.swift:319:8:319:8 | myString12 | cleartextLoggingTest.swift:319:8:319:8 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:334:17:334:17 | password | cleartextLoggingTest.swift:334:17:334:17 | { ... } | provenance | | +| cleartextLoggingTest.swift:336:20:336:20 | password | cleartextLoggingTest.swift:336:20:336:20 | { ... } | provenance | | +| cleartextLoggingTest.swift:338:23:338:23 | password | cleartextLoggingTest.swift:338:23:338:23 | { ... } | provenance | | +| cleartextLoggingTest.swift:340:23:340:23 | password | cleartextLoggingTest.swift:340:23:340:23 | { ... } | provenance | | +| cleartextLoggingTest.swift:342:14:342:14 | password | cleartextLoggingTest.swift:342:14:342:14 | { ... } | provenance | | +| cleartextLoggingTest.swift:347:72:347:72 | passwordString | cleartextLoggingTest.swift:347:69:347:69 | "..." | provenance | | +| cleartextLoggingTest.swift:350:64:350:64 | passwordString | cleartextLoggingTest.swift:350:61:350:61 | "..." | provenance | | +| cleartextLoggingTest.swift:351:102:351:117 | [...] [Collection element] | cleartextLoggingTest.swift:351:92:351:118 | call to getVaList(_:) | provenance | | +| cleartextLoggingTest.swift:351:103:351:103 | passwordString | cleartextLoggingTest.swift:351:102:351:117 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:353:23:353:23 | passwordString | cleartextLoggingTest.swift:353:20:353:20 | "..." | provenance | | +| cleartextLoggingTest.swift:354:40:354:40 | [...] [Collection element] | cleartextLoggingTest.swift:354:40:354:40 | [...] | provenance | | +| cleartextLoggingTest.swift:354:40:354:40 | passwordString | cleartextLoggingTest.swift:354:40:354:40 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:355:44:355:51 | [...] [Collection element] | cleartextLoggingTest.swift:355:44:355:51 | [...] | provenance | | +| cleartextLoggingTest.swift:355:51:355:51 | passwordString | cleartextLoggingTest.swift:355:44:355:51 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:356:20:356:20 | passwordString | cleartextLoggingTest.swift:356:17:356:17 | "..." | provenance | | +| cleartextLoggingTest.swift:357:47:357:62 | [...] [Collection element] | cleartextLoggingTest.swift:357:37:357:63 | call to getVaList(_:) | provenance | | +| cleartextLoggingTest.swift:357:48:357:48 | passwordString | cleartextLoggingTest.swift:357:47:357:62 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:358:26:358:26 | passwordString | cleartextLoggingTest.swift:358:23:358:23 | "..." | provenance | | +| cleartextLoggingTest.swift:359:53:359:68 | [...] [Collection element] | cleartextLoggingTest.swift:359:43:359:69 | call to getVaList(_:) | provenance | | +| cleartextLoggingTest.swift:359:54:359:54 | passwordString | cleartextLoggingTest.swift:359:53:359:68 | [...] [Collection element] | provenance | | +| cleartextLoggingTest.swift:366:25:366:25 | authKey2 | cleartextLoggingTest.swift:366:18:366:33 | call to String.init(_:) | provenance | | +| cleartextLoggingTest.swift:369:33:369:33 | authKey | cleartextLoggingTest.swift:369:16:369:40 | call to NSString.init(string:) | provenance | | +| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:378:16:378:16 | msg | provenance | | +| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:379:18:379:18 | msg | provenance | | +| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:380:18:380:18 | msg | provenance | | +| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:381:34:381:34 | msg | provenance | | +| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:382:19:382:19 | msg | provenance | | +| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:383:20:383:20 | msg | provenance | | +| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:384:18:384:18 | msg | provenance | | +| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:385:21:385:21 | msg | provenance | | +| cleartextLoggingTest.swift:377:29:377:29 | authKey | cleartextLoggingTest.swift:386:18:386:18 | msg | provenance | | +| cleartextLoggingTest.swift:381:34:381:34 | msg | cleartextLoggingTest.swift:381:17:381:37 | call to NSString.init(string:) | provenance | | +| file://:0:0:0:0 | self | file://:0:0:0:0 | .value | provenance | Config | +nodes +| cleartextLoggingTest.swift:167:11:167:11 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:167:11:167:11 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:167:11:167:11 | password | semmle.label | password | +| cleartextLoggingTest.swift:168:11:168:11 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:168:11:168:11 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:168:11:168:11 | password | semmle.label | password | +| cleartextLoggingTest.swift:169:26:169:26 | password | semmle.label | password | +| cleartextLoggingTest.swift:170:11:170:11 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:170:11:170:11 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:170:11:170:11 | password | semmle.label | password | +| cleartextLoggingTest.swift:171:26:171:26 | password | semmle.label | password | +| cleartextLoggingTest.swift:172:42:172:42 | password | semmle.label | password | +| cleartextLoggingTest.swift:175:16:175:16 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:175:16:175:16 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:175:16:175:16 | password | semmle.label | password | +| cleartextLoggingTest.swift:177:10:177:10 | password | semmle.label | password | +| cleartextLoggingTest.swift:179:11:179:11 | password | semmle.label | password | +| cleartextLoggingTest.swift:180:17:180:17 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:180:17:180:17 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:180:17:180:17 | password | semmle.label | password | +| cleartextLoggingTest.swift:181:20:181:24 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:181:20:181:24 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:181:24:181:24 | password | semmle.label | password | +| cleartextLoggingTest.swift:182:11:182:11 | "..." | semmle.label | "..." | +| cleartextLoggingTest.swift:182:14:182:14 | password | semmle.label | password | +| cleartextLoggingTest.swift:183:18:183:38 | call to getVaList(_:) | semmle.label | call to getVaList(_:) | +| cleartextLoggingTest.swift:183:28:183:37 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:183:29:183:29 | password | semmle.label | password | +| cleartextLoggingTest.swift:184:21:184:45 | call to getVaList(_:) | semmle.label | call to getVaList(_:) | +| cleartextLoggingTest.swift:184:31:184:44 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:184:36:184:36 | password | semmle.label | password | +| cleartextLoggingTest.swift:220:11:220:11 | passphrase | semmle.label | passphrase | +| cleartextLoggingTest.swift:221:11:221:11 | pass_phrase | semmle.label | pass_phrase | +| cleartextLoggingTest.swift:224:49:224:49 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:224:49:224:49 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:224:49:224:49 | password | semmle.label | password | +| cleartextLoggingTest.swift:225:55:225:63 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:225:55:225:63 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:225:63:225:63 | password | semmle.label | password | +| cleartextLoggingTest.swift:240:24:240:24 | x | semmle.label | x | +| cleartextLoggingTest.swift:241:8:241:8 | x | semmle.label | x | +| cleartextLoggingTest.swift:243:10:243:22 | call to getPassword() | semmle.label | call to getPassword() | +| cleartextLoggingTest.swift:244:8:244:8 | y | semmle.label | y | +| cleartextLoggingTest.swift:248:8:248:10 | .password | semmle.label | .password | +| cleartextLoggingTest.swift:253:7:253:7 | self | semmle.label | self | +| cleartextLoggingTest.swift:263:8:263:11 | .password | semmle.label | .password | +| cleartextLoggingTest.swift:263:8:263:20 | .value | semmle.label | .value | +| cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:286:8:286:8 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:286:8:286:8 | password | semmle.label | password | +| cleartextLoggingTest.swift:286:23:286:23 | [post] myString2 | semmle.label | [post] myString2 | +| cleartextLoggingTest.swift:287:8:287:8 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:287:8:287:8 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:287:8:287:8 | myString2 | semmle.label | myString2 | +| cleartextLoggingTest.swift:289:8:289:18 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:289:8:289:18 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:289:18:289:18 | password | semmle.label | password | +| cleartextLoggingTest.swift:289:33:289:33 | [post] myString3 | semmle.label | [post] myString3 | +| cleartextLoggingTest.swift:290:8:290:8 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:290:8:290:8 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:290:8:290:8 | myString3 | semmle.label | myString3 | +| cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:295:13:295:13 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:295:13:295:13 | password | semmle.label | password | +| cleartextLoggingTest.swift:295:28:295:28 | [post] myString5 | semmle.label | [post] myString5 | +| cleartextLoggingTest.swift:296:13:296:13 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:296:13:296:13 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:296:13:296:13 | myString5 | semmle.label | myString5 | +| cleartextLoggingTest.swift:301:7:301:7 | password | semmle.label | password | +| cleartextLoggingTest.swift:301:22:301:22 | [post] myString7 | semmle.label | [post] myString7 | +| cleartextLoggingTest.swift:302:7:302:7 | myString7 | semmle.label | myString7 | +| cleartextLoggingTest.swift:307:2:307:2 | [post] myString9 | semmle.label | [post] myString9 | +| cleartextLoggingTest.swift:307:18:307:18 | password | semmle.label | password | +| cleartextLoggingTest.swift:308:8:308:8 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:308:8:308:8 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:308:8:308:8 | myString9 | semmle.label | myString9 | +| cleartextLoggingTest.swift:311:2:311:2 | [post] myString10 | semmle.label | [post] myString10 | +| cleartextLoggingTest.swift:311:19:311:19 | password | semmle.label | password | +| cleartextLoggingTest.swift:313:8:313:8 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:313:8:313:8 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:313:8:313:8 | myString10 | semmle.label | myString10 | +| cleartextLoggingTest.swift:318:2:318:2 | password | semmle.label | password | +| cleartextLoggingTest.swift:318:22:318:22 | [post] myString12 | semmle.label | [post] myString12 | +| cleartextLoggingTest.swift:319:8:319:8 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:319:8:319:8 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:319:8:319:8 | myString12 | semmle.label | myString12 | +| cleartextLoggingTest.swift:334:17:334:17 | password | semmle.label | password | +| cleartextLoggingTest.swift:334:17:334:17 | { ... } | semmle.label | { ... } | +| cleartextLoggingTest.swift:336:20:336:20 | password | semmle.label | password | +| cleartextLoggingTest.swift:336:20:336:20 | { ... } | semmle.label | { ... } | +| cleartextLoggingTest.swift:338:23:338:23 | password | semmle.label | password | +| cleartextLoggingTest.swift:338:23:338:23 | { ... } | semmle.label | { ... } | +| cleartextLoggingTest.swift:340:23:340:23 | password | semmle.label | password | +| cleartextLoggingTest.swift:340:23:340:23 | { ... } | semmle.label | { ... } | +| cleartextLoggingTest.swift:342:14:342:14 | password | semmle.label | password | +| cleartextLoggingTest.swift:342:14:342:14 | { ... } | semmle.label | { ... } | +| cleartextLoggingTest.swift:347:69:347:69 | "..." | semmle.label | "..." | +| cleartextLoggingTest.swift:347:72:347:72 | passwordString | semmle.label | passwordString | +| cleartextLoggingTest.swift:350:61:350:61 | "..." | semmle.label | "..." | +| cleartextLoggingTest.swift:350:64:350:64 | passwordString | semmle.label | passwordString | +| cleartextLoggingTest.swift:351:92:351:118 | call to getVaList(_:) | semmle.label | call to getVaList(_:) | +| cleartextLoggingTest.swift:351:102:351:117 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:351:103:351:103 | passwordString | semmle.label | passwordString | +| cleartextLoggingTest.swift:353:20:353:20 | "..." | semmle.label | "..." | +| cleartextLoggingTest.swift:353:23:353:23 | passwordString | semmle.label | passwordString | +| cleartextLoggingTest.swift:354:40:354:40 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:354:40:354:40 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:354:40:354:40 | passwordString | semmle.label | passwordString | +| cleartextLoggingTest.swift:355:44:355:51 | [...] | semmle.label | [...] | +| cleartextLoggingTest.swift:355:44:355:51 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:355:51:355:51 | passwordString | semmle.label | passwordString | +| cleartextLoggingTest.swift:356:17:356:17 | "..." | semmle.label | "..." | +| cleartextLoggingTest.swift:356:20:356:20 | passwordString | semmle.label | passwordString | +| cleartextLoggingTest.swift:357:37:357:63 | call to getVaList(_:) | semmle.label | call to getVaList(_:) | +| cleartextLoggingTest.swift:357:47:357:62 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:357:48:357:48 | passwordString | semmle.label | passwordString | +| cleartextLoggingTest.swift:358:23:358:23 | "..." | semmle.label | "..." | +| cleartextLoggingTest.swift:358:26:358:26 | passwordString | semmle.label | passwordString | +| cleartextLoggingTest.swift:359:43:359:69 | call to getVaList(_:) | semmle.label | call to getVaList(_:) | +| cleartextLoggingTest.swift:359:53:359:68 | [...] [Collection element] | semmle.label | [...] [Collection element] | +| cleartextLoggingTest.swift:359:54:359:54 | passwordString | semmle.label | passwordString | +| cleartextLoggingTest.swift:365:18:365:18 | authKey | semmle.label | authKey | +| cleartextLoggingTest.swift:366:18:366:33 | call to String.init(_:) | semmle.label | call to String.init(_:) | +| cleartextLoggingTest.swift:366:25:366:25 | authKey2 | semmle.label | authKey2 | +| cleartextLoggingTest.swift:369:16:369:40 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) | +| cleartextLoggingTest.swift:369:33:369:33 | authKey | semmle.label | authKey | +| cleartextLoggingTest.swift:370:13:370:13 | authKey | semmle.label | authKey | +| cleartextLoggingTest.swift:371:24:371:24 | authKey | semmle.label | authKey | +| cleartextLoggingTest.swift:377:29:377:29 | authKey | semmle.label | authKey | +| cleartextLoggingTest.swift:378:16:378:16 | msg | semmle.label | msg | +| cleartextLoggingTest.swift:379:18:379:18 | msg | semmle.label | msg | +| cleartextLoggingTest.swift:380:18:380:18 | msg | semmle.label | msg | +| cleartextLoggingTest.swift:381:17:381:37 | call to NSString.init(string:) | semmle.label | call to NSString.init(string:) | +| cleartextLoggingTest.swift:381:34:381:34 | msg | semmle.label | msg | +| cleartextLoggingTest.swift:382:19:382:19 | msg | semmle.label | msg | +| cleartextLoggingTest.swift:383:20:383:20 | msg | semmle.label | msg | +| cleartextLoggingTest.swift:384:18:384:18 | msg | semmle.label | msg | +| cleartextLoggingTest.swift:385:21:385:21 | msg | semmle.label | msg | +| cleartextLoggingTest.swift:386:18:386:18 | msg | semmle.label | msg | +| file://:0:0:0:0 | .value | semmle.label | .value | +| file://:0:0:0:0 | self | semmle.label | self | +subpaths +| cleartextLoggingTest.swift:263:8:263:11 | .password | cleartextLoggingTest.swift:253:7:253:7 | self | file://:0:0:0:0 | .value | cleartextLoggingTest.swift:263:8:263:20 | .value | diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.ql b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.ql deleted file mode 100644 index e7371e9d7435..000000000000 --- a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.ql +++ /dev/null @@ -1,20 +0,0 @@ -import swift -import codeql.swift.dataflow.DataFlow -import codeql.swift.security.CleartextLoggingQuery -import utils.test.InlineExpectationsTest - -module CleartextLogging implements TestSig { - string getARelevantTag() { result = "hasCleartextLogging" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - exists(DataFlow::Node source, DataFlow::Node sink | - CleartextLoggingFlow::flow(source, sink) and - location = sink.getLocation() and - element = sink.toString() and - tag = "hasCleartextLogging" and - value = source.asExpr().getLocation().getStartLine().toString() - ) - } -} - -import MakeTest diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.qlref b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.qlref new file mode 100644 index 000000000000..d277352353d1 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.qlref @@ -0,0 +1,3 @@ +query: queries/Security/CWE-312/CleartextLogging.ql +postprocess: + - utils/test/InlineExpectationsTestQuery.ql diff --git a/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift b/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift index c3f293785195..9d959c32872b 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift +++ b/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift @@ -164,24 +164,24 @@ class MyRemoteLogger { // --- tests --- func test1(password: String, passwordHash : String, passphrase: String, pass_phrase: String) { - print(password) // $ hasCleartextLogging=167 - print(password, separator: "") // $ $ hasCleartextLogging=168 - print("", separator: password) // $ hasCleartextLogging=169 - print(password, separator: "", terminator: "") // $ hasCleartextLogging=170 - print("", separator: password, terminator: "") // $ hasCleartextLogging=171 - print("", separator: "", terminator: password) // $ hasCleartextLogging=172 + print(password) // $Alert + print(password, separator: "") // $Alert + print("", separator: password) // $Alert + print(password, separator: "", terminator: "") // $Alert + print("", separator: password, terminator: "") // $Alert + print("", separator: "", terminator: password) // $Alert print(passwordHash) // safe - debugPrint(password) // $ hasCleartextLogging=175 + debugPrint(password) // $Alert - dump(password) // $ hasCleartextLogging=177 + dump(password) // $Alert - NSLog(password) // $ hasCleartextLogging=179 - NSLog("%@", password) // $ hasCleartextLogging=180 - NSLog("%@ %@", "", password) // $ hasCleartextLogging=181 - NSLog("\(password)") // $ hasCleartextLogging=182 - NSLogv("%@", getVaList([password])) // $ hasCleartextLogging=183 - NSLogv("%@ %@", getVaList(["", password])) // $ hasCleartextLogging=184 + NSLog(password) // $Alert + NSLog("%@", password) // $Alert + NSLog("%@ %@", "", password) // $Alert + NSLog("\(password)") // $Alert + NSLogv("%@", getVaList([password])) // $Alert + NSLogv("%@ %@", getVaList(["", password])) // $Alert NSLog(passwordHash) // safe NSLogv("%@", getVaList([passwordHash])) // safe @@ -191,38 +191,38 @@ func test1(password: String, passwordHash : String, passphrase: String, pass_phr log.log("\(password)") // safe log.log("\(password, privacy: .auto)") // safe log.log("\(password, privacy: .private)") // safe - log.log("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=194 + log.log("\(password, privacy: .public)") // $ MISSING: Alert log.log("\(passwordHash, privacy: .public)") // safe log.log("\(password, privacy: .sensitive)") // safe - log.log("\(bankAccount)") // $ MISSING: hasCleartextLogging=197 - log.log("\(bankAccount, privacy: .auto)") // $ MISSING: hasCleartextLogging=198 + log.log("\(bankAccount)") // $ MISSING: Alert + log.log("\(bankAccount, privacy: .auto)") // $ MISSING: Alert log.log("\(bankAccount, privacy: .private)") // safe - log.log("\(bankAccount, privacy: .public)") // $ MISSING: hasCleartextLogging=200 + log.log("\(bankAccount, privacy: .public)") // $ MISSING: Alert log.log("\(bankAccount, privacy: .sensitive)") // safe - log.log(level: .default, "\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=202 - log.trace("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=203 + log.log(level: .default, "\(password, privacy: .public)") // $ MISSING: Alert + log.trace("\(password, privacy: .public)") // $ MISSING: Alert log.trace("\(passwordHash, privacy: .public)") // safe - log.debug("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=205 + log.debug("\(password, privacy: .public)") // $ MISSING: Alert log.debug("\(passwordHash, privacy: .public)") // safe - log.info("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=207 + log.info("\(password, privacy: .public)") // $ MISSING: Alert log.info("\(passwordHash, privacy: .public)") // safe - log.notice("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=209 + log.notice("\(password, privacy: .public)") // $ MISSING: Alert log.notice("\(passwordHash, privacy: .public)") // safe - log.warning("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=211 + log.warning("\(password, privacy: .public)") // $ MISSING: Alert log.warning("\(passwordHash, privacy: .public)") // safe - log.error("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=213 + log.error("\(password, privacy: .public)") // $ MISSING: Alert log.error("\(passwordHash, privacy: .public)") // safe - log.critical("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=215 + log.critical("\(password, privacy: .public)") // $ MISSING: Alert log.critical("\(passwordHash, privacy: .public)") // safe - log.fault("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=217 + log.fault("\(password, privacy: .public)") // $ MISSING: Alert log.fault("\(passwordHash, privacy: .public)") // safe - NSLog(passphrase) // $ hasCleartextLogging=220 - NSLog(pass_phrase) // $ hasCleartextLogging=221 + NSLog(passphrase) // $ Alert + NSLog(pass_phrase) // $ Alert os_log("%@", log: .default, type: .default, "") // safe - os_log("%@", log: .default, type: .default, password) // $ hasCleartextLogging=224 - os_log("%@ %@ %@", log: .default, type: .default, "", "", password) // $ hasCleartextLogging=225 + os_log("%@", log: .default, type: .default, password) // $Alert + os_log("%@ %@ %@", log: .default, type: .default, "", "", password) // $Alert } class MyClass { @@ -236,16 +236,16 @@ func doSomething(password: String) { } func test3(x: String) { // alternative evidence of sensitivity... - NSLog(x) // $ MISSING: hasCleartextLogging=240 - doSomething(password: x); - NSLog(x) // $ hasCleartextLogging=240 + NSLog(x) // $ MISSING: Alert + doSomething(password: x); // $Source + NSLog(x) // $ Alert - let y = getPassword(); - NSLog(y) // $ hasCleartextLogging=243 + let y = getPassword(); // $Source + NSLog(y) // $ Alert let z = MyClass() NSLog(z.harmless) // safe - NSLog(z.password) // $ hasCleartextLogging=248 + NSLog(z.password) // $Alert } struct MyOuter { @@ -260,7 +260,7 @@ struct MyOuter { func test3(mo : MyOuter) { // struct members... - NSLog(mo.password.value) // $ hasCleartextLogging=263 + NSLog(mo.password.value) // $Alert NSLog(mo.harmless.value) // safe } @@ -283,40 +283,40 @@ func test4(harmless: String, password: String) { print(harmless, to: &myString1) print(myString1) // safe - print(password, to: &myString2) - print(myString2) // $ hasCleartextLogging=286 + print(password, to: &myString2) // $Source + print(myString2) // $Alert - print("log: " + password, to: &myString3) - print(myString3) // $ hasCleartextLogging=289 + print("log: " + password, to: &myString3) // $Source + print(myString3) // $Alert debugPrint(harmless, to: &myString4) debugPrint(myString4) // safe - debugPrint(password, to: &myString5) - debugPrint(myString5) // $ hasCleartextLogging=295 + debugPrint(password, to: &myString5) // $Source + debugPrint(myString5) // $Alert dump(harmless, to: &myString6) dump(myString6) // safe - dump(password, to: &myString7) - dump(myString7) // $ hasCleartextLogging=301 + dump(password, to: &myString7) // $Source + dump(myString7) // $Alert myString8.write(harmless) print(myString8) - myString9.write(password) - print(myString9) // $ hasCleartextLogging=307 + myString9.write(password) // $Source + print(myString9) // $Alert myString10.write(harmless) - myString10.write(password) + myString10.write(password) // $Source myString10.write(harmless) - print(myString10) // $ hasCleartextLogging=311 + print(myString10) // $Alert harmless.write(to: &myString11) print(myString11) - password.write(to: &myString12) - print(myString12) // $ hasCleartextLogging=318 + password.write(to: &myString12) // $Source + print(myString12) // $Alert print(password, to: &myString13) // $ safe - only printed to another string debugPrint(password, to: &myString13) // $ safe - only printed to another string @@ -331,59 +331,59 @@ func test5(password: String, caseNum: Int) { switch caseNum { case 0: - assert(false, password) // $ hasCleartextLogging=334 + assert(false, password) // $Alert case 1: - assertionFailure(password) // $ hasCleartextLogging=336 + assertionFailure(password) // $Alert case 2: - precondition(false, password) // $ hasCleartextLogging=338 + precondition(false, password) // $Alert case 3: - preconditionFailure(password) // $ hasCleartextLogging=340 + preconditionFailure(password) // $Alert default: - fatalError(password) // $ hasCleartextLogging=342 + fatalError(password) // $Alert } } func test6(passwordString: String) { - let e = NSException(name: NSExceptionName("exception"), reason: "\(passwordString) is incorrect!", userInfo: nil) // $ hasCleartextLogging=347 + let e = NSException(name: NSExceptionName("exception"), reason: "\(passwordString) is incorrect!", userInfo: nil) // $Alert e.raise() - NSException.raise(NSExceptionName("exception"), format: "\(passwordString) is incorrect!", arguments: getVaList([])) // $ hasCleartextLogging=350 - NSException.raise(NSExceptionName("exception"), format: "%s is incorrect!", arguments: getVaList([passwordString])) // $ hasCleartextLogging=351 + NSException.raise(NSExceptionName("exception"), format: "\(passwordString) is incorrect!", arguments: getVaList([])) // $Alert + NSException.raise(NSExceptionName("exception"), format: "%s is incorrect!", arguments: getVaList([passwordString])) // $Alert - _ = dprintf(0, "\(passwordString) is incorrect!") // $ hasCleartextLogging=353 - _ = dprintf(0, "%s is incorrect!", passwordString) // $ hasCleartextLogging=354 - _ = dprintf(0, "%s: %s is incorrect!", "foo", passwordString) // $ hasCleartextLogging=355 - _ = vprintf("\(passwordString) is incorrect!", getVaList([])) // $ hasCleartextLogging=356 - _ = vprintf("%s is incorrect!", getVaList([passwordString])) // $ hasCleartextLogging=357 - _ = vfprintf(nil, "\(passwordString) is incorrect!", getVaList([])) // $ hasCleartextLogging=358 - _ = vfprintf(nil, "%s is incorrect!", getVaList([passwordString])) // $ hasCleartextLogging=359 + _ = dprintf(0, "\(passwordString) is incorrect!") // $Alert + _ = dprintf(0, "%s is incorrect!", passwordString) // $Alert + _ = dprintf(0, "%s: %s is incorrect!", "foo", passwordString) // $Alert + _ = vprintf("\(passwordString) is incorrect!", getVaList([])) // $Alert + _ = vprintf("%s is incorrect!", getVaList([passwordString])) // $Alert + _ = vfprintf(nil, "\(passwordString) is incorrect!", getVaList([])) // $Alert + _ = vfprintf(nil, "%s is incorrect!", getVaList([passwordString])) // $Alert _ = vasprintf_l(nil, nil, "\(passwordString) is incorrect!", getVaList([])) // good (`sprintf` is not logging) _ = vasprintf_l(nil, nil, "%s is incorrect!", getVaList([passwordString])) // good (`sprintf` is not logging) } func test7(authKey: String, authKey2: Int, authKey3: Float, password: String, secret: String) { - log(message: authKey) // $ hasCleartextLogging=365 - log(message: String(authKey2)) // $ hasCleartextLogging=366 - logging(message: authKey) // $ MISSING: hasCleartextLogging=367 - logfile(file: 0, message: authKey) // $ MISSING: hasCleartextLogging=368 - logMessage(NSString(string: authKey)) // $ hasCleartextLogging=369 - logInfo(authKey) // $ hasCleartextLogging=370 - logError(errorMsg: authKey) // $ hasCleartextLogging=371 + log(message: authKey) // $Alert + log(message: String(authKey2)) // $Alert + logging(message: authKey) // $ MISSING: Alert + logfile(file: 0, message: authKey) // $ MISSING: Alert + logMessage(NSString(string: authKey)) // $Alert + logInfo(authKey) // $Alert + logError(errorMsg: authKey) // $Alert harmless(authKey) // GOOD: not logging _ = logarithm(authKey3) // GOOD: not logging doLogin(login: authKey) // GOOD: not logging let logger = LogFile() - let msg = "authKey: " + authKey - logger.log(msg) // $ hasCleartextLogging=377 - logger.trace(msg) // $ hasCleartextLogging=377 - logger.debug(msg) // $ hasCleartextLogging=377 - logger.info(NSString(string: msg)) // $ hasCleartextLogging=377 - logger.notice(msg) // $ hasCleartextLogging=377 - logger.warning(msg) // $ hasCleartextLogging=377 - logger.error(msg) // $ hasCleartextLogging=377 - logger.critical(msg) // $ hasCleartextLogging=377 - logger.fatal(msg) // $ hasCleartextLogging=377 + let msg = "authKey: " + authKey // $Source + logger.log(msg) // $Alert + logger.trace(msg) // $Alert + logger.debug(msg) // $Alert + logger.info(NSString(string: msg)) // $Alert + logger.notice(msg) // $Alert + logger.warning(msg) // $Alert + logger.error(msg) // $Alert + logger.critical(msg) // $Alert + logger.fatal(msg) // $Alert let logic = Logic() logic.addInt(authKey2) // GOOD: not logging diff --git a/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected b/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected index e69de29bb2d1..3f582702b1f9 100644 --- a/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected +++ b/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected @@ -0,0 +1,85 @@ +#select +| testAEXMLDocumentXXE.swift:51:32:51:32 | remoteString | testAEXMLDocumentXXE.swift:50:24:50:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:51:32:51:32 | remoteString | XML parsing depends on a $@ without guarding against external entity expansion. | testAEXMLDocumentXXE.swift:50:24:50:78 | call to String.init(contentsOf:) | user-provided value | +| testAEXMLDocumentXXE.swift:74:32:74:32 | remoteData | testAEXMLDocumentXXE.swift:70:24:70:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:74:32:74:32 | remoteData | XML parsing depends on a $@ without guarding against external entity expansion. | testAEXMLDocumentXXE.swift:70:24:70:78 | call to String.init(contentsOf:) | user-provided value | +| testAEXMLDocumentXXE.swift:99:17:99:17 | remoteData | testAEXMLDocumentXXE.swift:97:24:97:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:99:17:99:17 | remoteData | XML parsing depends on a $@ without guarding against external entity expansion. | testAEXMLDocumentXXE.swift:97:24:97:78 | call to String.init(contentsOf:) | user-provided value | +| testAEXMLDocumentXXE.swift:128:46:128:46 | remoteData | testAEXMLDocumentXXE.swift:126:24:126:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:128:46:128:46 | remoteData | XML parsing depends on a $@ without guarding against external entity expansion. | testAEXMLDocumentXXE.swift:126:24:126:78 | call to String.init(contentsOf:) | user-provided value | +| testXMLDocumentXXE.swift:40:37:40:37 | remoteUrl | testXMLDocumentXXE.swift:38:24:38:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:40:37:40:37 | remoteUrl | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLDocumentXXE.swift:38:24:38:78 | call to String.init(contentsOf:) | user-provided value | +| testXMLDocumentXXE.swift:58:31:58:31 | remoteData | testXMLDocumentXXE.swift:56:24:56:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:58:31:58:31 | remoteData | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLDocumentXXE.swift:56:24:56:78 | call to String.init(contentsOf:) | user-provided value | +| testXMLDocumentXXE.swift:75:36:75:36 | remoteString | testXMLDocumentXXE.swift:74:24:74:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:75:36:75:36 | remoteString | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLDocumentXXE.swift:74:24:74:78 | call to String.init(contentsOf:) | user-provided value | +| testXMLParserXXE.swift:34:34:34:34 | remoteData | testXMLParserXXE.swift:32:24:32:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:34:34:34:34 | remoteData | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLParserXXE.swift:32:24:32:78 | call to String.init(contentsOf:) | user-provided value | +| testXMLParserXXE.swift:42:36:42:36 | remoteStream | testXMLParserXXE.swift:39:24:39:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:42:36:42:36 | remoteStream | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLParserXXE.swift:39:24:39:78 | call to String.init(contentsOf:) | user-provided value | +| testXMLParserXXE.swift:49:40:49:40 | remoteUrl | testXMLParserXXE.swift:47:24:47:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:49:40:49:40 | remoteUrl | XML parsing depends on a $@ without guarding against external entity expansion. | testXMLParserXXE.swift:47:24:47:78 | call to String.init(contentsOf:) | user-provided value | +edges +| testAEXMLDocumentXXE.swift:50:24:50:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:51:32:51:32 | remoteString | provenance | | +| testAEXMLDocumentXXE.swift:70:24:70:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:71:27:71:27 | remoteString | provenance | | +| testAEXMLDocumentXXE.swift:71:22:71:39 | call to Data.init(_:) | testAEXMLDocumentXXE.swift:74:32:74:32 | remoteData | provenance | | +| testAEXMLDocumentXXE.swift:71:27:71:27 | remoteString | testAEXMLDocumentXXE.swift:71:22:71:39 | call to Data.init(_:) | provenance | | +| testAEXMLDocumentXXE.swift:97:24:97:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:98:27:98:27 | remoteString | provenance | | +| testAEXMLDocumentXXE.swift:98:22:98:39 | call to Data.init(_:) | testAEXMLDocumentXXE.swift:99:17:99:17 | remoteData | provenance | | +| testAEXMLDocumentXXE.swift:98:27:98:27 | remoteString | testAEXMLDocumentXXE.swift:98:22:98:39 | call to Data.init(_:) | provenance | | +| testAEXMLDocumentXXE.swift:126:24:126:78 | call to String.init(contentsOf:) | testAEXMLDocumentXXE.swift:127:27:127:27 | remoteString | provenance | | +| testAEXMLDocumentXXE.swift:127:22:127:39 | call to Data.init(_:) | testAEXMLDocumentXXE.swift:128:46:128:46 | remoteData | provenance | | +| testAEXMLDocumentXXE.swift:127:27:127:27 | remoteString | testAEXMLDocumentXXE.swift:127:22:127:39 | call to Data.init(_:) | provenance | | +| testXMLDocumentXXE.swift:38:24:38:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:39:33:39:33 | remoteString | provenance | | +| testXMLDocumentXXE.swift:39:21:39:45 | call to URL.init(string:) [some:0] | testXMLDocumentXXE.swift:39:21:39:46 | ...! | provenance | | +| testXMLDocumentXXE.swift:39:21:39:46 | ...! | testXMLDocumentXXE.swift:40:37:40:37 | remoteUrl | provenance | | +| testXMLDocumentXXE.swift:39:33:39:33 | remoteString | testXMLDocumentXXE.swift:39:21:39:45 | call to URL.init(string:) [some:0] | provenance | | +| testXMLDocumentXXE.swift:56:24:56:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:57:27:57:27 | remoteString | provenance | | +| testXMLDocumentXXE.swift:57:22:57:39 | call to Data.init(_:) | testXMLDocumentXXE.swift:58:31:58:31 | remoteData | provenance | | +| testXMLDocumentXXE.swift:57:27:57:27 | remoteString | testXMLDocumentXXE.swift:57:22:57:39 | call to Data.init(_:) | provenance | | +| testXMLDocumentXXE.swift:74:24:74:78 | call to String.init(contentsOf:) | testXMLDocumentXXE.swift:75:36:75:36 | remoteString | provenance | | +| testXMLParserXXE.swift:32:24:32:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:33:27:33:27 | remoteString | provenance | | +| testXMLParserXXE.swift:33:22:33:39 | call to Data.init(_:) | testXMLParserXXE.swift:34:34:34:34 | remoteData | provenance | | +| testXMLParserXXE.swift:33:27:33:27 | remoteString | testXMLParserXXE.swift:33:22:33:39 | call to Data.init(_:) | provenance | | +| testXMLParserXXE.swift:39:24:39:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:40:27:40:27 | remoteString | provenance | | +| testXMLParserXXE.swift:40:22:40:39 | call to Data.init(_:) | testXMLParserXXE.swift:41:42:41:42 | remoteData | provenance | | +| testXMLParserXXE.swift:40:22:40:39 | call to Data.init(_:) | testXMLParserXXE.swift:42:36:42:36 | remoteStream | provenance | AdditionalTaintStep | +| testXMLParserXXE.swift:40:27:40:27 | remoteString | testXMLParserXXE.swift:40:22:40:39 | call to Data.init(_:) | provenance | | +| testXMLParserXXE.swift:41:24:41:52 | call to InputStream.init(data:) | testXMLParserXXE.swift:42:36:42:36 | remoteStream | provenance | | +| testXMLParserXXE.swift:41:42:41:42 | remoteData | testXMLParserXXE.swift:41:24:41:52 | call to InputStream.init(data:) | provenance | | +| testXMLParserXXE.swift:47:24:47:78 | call to String.init(contentsOf:) | testXMLParserXXE.swift:48:33:48:33 | remoteString | provenance | | +| testXMLParserXXE.swift:48:21:48:45 | call to URL.init(string:) [some:0] | testXMLParserXXE.swift:48:21:48:46 | ...! | provenance | | +| testXMLParserXXE.swift:48:21:48:46 | ...! | testXMLParserXXE.swift:49:40:49:40 | remoteUrl | provenance | | +| testXMLParserXXE.swift:48:33:48:33 | remoteString | testXMLParserXXE.swift:48:21:48:45 | call to URL.init(string:) [some:0] | provenance | | +nodes +| testAEXMLDocumentXXE.swift:50:24:50:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testAEXMLDocumentXXE.swift:51:32:51:32 | remoteString | semmle.label | remoteString | +| testAEXMLDocumentXXE.swift:70:24:70:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testAEXMLDocumentXXE.swift:71:22:71:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) | +| testAEXMLDocumentXXE.swift:71:27:71:27 | remoteString | semmle.label | remoteString | +| testAEXMLDocumentXXE.swift:74:32:74:32 | remoteData | semmle.label | remoteData | +| testAEXMLDocumentXXE.swift:97:24:97:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testAEXMLDocumentXXE.swift:98:22:98:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) | +| testAEXMLDocumentXXE.swift:98:27:98:27 | remoteString | semmle.label | remoteString | +| testAEXMLDocumentXXE.swift:99:17:99:17 | remoteData | semmle.label | remoteData | +| testAEXMLDocumentXXE.swift:126:24:126:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testAEXMLDocumentXXE.swift:127:22:127:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) | +| testAEXMLDocumentXXE.swift:127:27:127:27 | remoteString | semmle.label | remoteString | +| testAEXMLDocumentXXE.swift:128:46:128:46 | remoteData | semmle.label | remoteData | +| testXMLDocumentXXE.swift:38:24:38:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testXMLDocumentXXE.swift:39:21:39:45 | call to URL.init(string:) [some:0] | semmle.label | call to URL.init(string:) [some:0] | +| testXMLDocumentXXE.swift:39:21:39:46 | ...! | semmle.label | ...! | +| testXMLDocumentXXE.swift:39:33:39:33 | remoteString | semmle.label | remoteString | +| testXMLDocumentXXE.swift:40:37:40:37 | remoteUrl | semmle.label | remoteUrl | +| testXMLDocumentXXE.swift:56:24:56:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testXMLDocumentXXE.swift:57:22:57:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) | +| testXMLDocumentXXE.swift:57:27:57:27 | remoteString | semmle.label | remoteString | +| testXMLDocumentXXE.swift:58:31:58:31 | remoteData | semmle.label | remoteData | +| testXMLDocumentXXE.swift:74:24:74:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testXMLDocumentXXE.swift:75:36:75:36 | remoteString | semmle.label | remoteString | +| testXMLParserXXE.swift:32:24:32:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testXMLParserXXE.swift:33:22:33:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) | +| testXMLParserXXE.swift:33:27:33:27 | remoteString | semmle.label | remoteString | +| testXMLParserXXE.swift:34:34:34:34 | remoteData | semmle.label | remoteData | +| testXMLParserXXE.swift:39:24:39:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testXMLParserXXE.swift:40:22:40:39 | call to Data.init(_:) | semmle.label | call to Data.init(_:) | +| testXMLParserXXE.swift:40:27:40:27 | remoteString | semmle.label | remoteString | +| testXMLParserXXE.swift:41:24:41:52 | call to InputStream.init(data:) | semmle.label | call to InputStream.init(data:) | +| testXMLParserXXE.swift:41:42:41:42 | remoteData | semmle.label | remoteData | +| testXMLParserXXE.swift:42:36:42:36 | remoteStream | semmle.label | remoteStream | +| testXMLParserXXE.swift:47:24:47:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| testXMLParserXXE.swift:48:21:48:45 | call to URL.init(string:) [some:0] | semmle.label | call to URL.init(string:) [some:0] | +| testXMLParserXXE.swift:48:21:48:46 | ...! | semmle.label | ...! | +| testXMLParserXXE.swift:48:33:48:33 | remoteString | semmle.label | remoteString | +| testXMLParserXXE.swift:49:40:49:40 | remoteUrl | semmle.label | remoteUrl | +subpaths diff --git a/swift/ql/test/query-tests/Security/CWE-611/XXETest.ql b/swift/ql/test/query-tests/Security/CWE-611/XXETest.ql deleted file mode 100644 index 64001151b442..000000000000 --- a/swift/ql/test/query-tests/Security/CWE-611/XXETest.ql +++ /dev/null @@ -1,27 +0,0 @@ -import swift -import codeql.swift.dataflow.FlowSources -import codeql.swift.security.XXEQuery -import utils.test.InlineExpectationsTest - -class TestRemoteSource extends RemoteFlowSource { - TestRemoteSource() { this.asExpr().(ApplyExpr).getStaticTarget().getName().matches("source%") } - - override string getSourceType() { result = "Test source" } -} - -module XxeTest implements TestSig { - string getARelevantTag() { result = "hasXXE" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr | - XxeFlow::flow(source, sink) and - sinkExpr = sink.asExpr() and - location = sinkExpr.getLocation() and - element = sinkExpr.toString() and - tag = "hasXXE" and - value = source.asExpr().getLocation().getStartLine().toString() - ) - } -} - -import MakeTest diff --git a/swift/ql/test/query-tests/Security/CWE-611/XXETest.qlref b/swift/ql/test/query-tests/Security/CWE-611/XXETest.qlref new file mode 100644 index 000000000000..83154ac29d4d --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-611/XXETest.qlref @@ -0,0 +1,3 @@ +query: queries/Security/CWE-611/XXE.ql +postprocess: + - utils/test/InlineExpectationsTestQuery.ql diff --git a/swift/ql/test/query-tests/Security/CWE-611/testAEXMLDocumentXXE.swift b/swift/ql/test/query-tests/Security/CWE-611/testAEXMLDocumentXXE.swift index 9f3370301580..b47e4d4d8474 100644 --- a/swift/ql/test/query-tests/Security/CWE-611/testAEXMLDocumentXXE.swift +++ b/swift/ql/test/query-tests/Security/CWE-611/testAEXMLDocumentXXE.swift @@ -47,8 +47,8 @@ func testString() { var options = AEXMLOptions() options.parserSettings.shouldResolveExternalEntities = true - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) - let _ = AEXMLDocument(xml: remoteString, encoding: String.Encoding.utf8, options: options) // $ hasXXE=50 + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source + let _ = AEXMLDocument(xml: remoteString, encoding: String.Encoding.utf8, options: options) // $Alert } func testStringSafeImplicit() { @@ -67,11 +67,11 @@ func testStringSafeExplicit() { } func testData() { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let remoteData = Data(remoteString) var options = AEXMLOptions() options.parserSettings.shouldResolveExternalEntities = true - let _ = AEXMLDocument(xml: remoteData, options: options) // $ hasXXE=70 + let _ = AEXMLDocument(xml: remoteData, options: options) // $Alert } func testDataSafeImplicit() { @@ -94,9 +94,9 @@ func testDataLoadXml() { options.parserSettings.shouldResolveExternalEntities = true let doc = AEXMLDocument(root: nil, options: options) - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let remoteData = Data(remoteString) - doc.loadXML(remoteData) // $ hasXXE=97 + doc.loadXML(remoteData) // $Alert } func testDataLoadXmlSafeImplicit() { @@ -123,9 +123,9 @@ func testParser() { options.parserSettings.shouldResolveExternalEntities = true let doc = AEXMLDocument(root: nil, options: options) - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let remoteData = Data(remoteString) - let _ = AEXMLParser(document: doc, data: remoteData) // $ hasXXE=126 + let _ = AEXMLParser(document: doc, data: remoteData) // $Alert } func testParserSafeImplicit() { @@ -145,4 +145,4 @@ func testParserSafeExplicit() { let remoteString = String(contentsOf: URL(string: "http://example.com/")!) let remoteData = Data(remoteString) let _ = AEXMLParser(document: doc, data: remoteData) // NO XXE -} \ No newline at end of file +} diff --git a/swift/ql/test/query-tests/Security/CWE-611/testXMLDocumentXXE.swift b/swift/ql/test/query-tests/Security/CWE-611/testXMLDocumentXXE.swift index 07180301e727..d8fd9aede54b 100644 --- a/swift/ql/test/query-tests/Security/CWE-611/testXMLDocumentXXE.swift +++ b/swift/ql/test/query-tests/Security/CWE-611/testXMLDocumentXXE.swift @@ -35,9 +35,9 @@ class XMLDocument { // --- tests --- func testUrl() { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let remoteUrl = URL(string: remoteString)! - let _ = XMLDocument(contentsOf: remoteUrl, options: [.nodeLoadExternalEntitiesAlways]) // $ hasXXE=38 + let _ = XMLDocument(contentsOf: remoteUrl, options: [.nodeLoadExternalEntitiesAlways]) // $Alert } func testUrlSafeImplicit() { @@ -53,9 +53,9 @@ func testUrlSafeExplicit() { } func testData() { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let remoteData = Data(remoteString) - let _ = XMLDocument(data: remoteData, options: [.nodeLoadExternalEntitiesAlways]) // $ hasXXE=56 + let _ = XMLDocument(data: remoteData, options: [.nodeLoadExternalEntitiesAlways]) // $Alert } func testDataSafeImplicit() { @@ -71,8 +71,8 @@ func testDataSafeExplicit() { } func testString() { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) - let _ = XMLDocument(xmlString: remoteString, options: [.nodeLoadExternalEntitiesAlways]) // $ hasXXE=74 + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source + let _ = XMLDocument(xmlString: remoteString, options: [.nodeLoadExternalEntitiesAlways]) // $Alert } func testStringSafeImplicit() { diff --git a/swift/ql/test/query-tests/Security/CWE-611/testXMLParserXXE.swift b/swift/ql/test/query-tests/Security/CWE-611/testXMLParserXXE.swift index 75538f014f9f..bef00fcd9340 100644 --- a/swift/ql/test/query-tests/Security/CWE-611/testXMLParserXXE.swift +++ b/swift/ql/test/query-tests/Security/CWE-611/testXMLParserXXE.swift @@ -29,24 +29,24 @@ class XMLParser { // --- tests --- func testData() { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let remoteData = Data(remoteString) - let parser = XMLParser(data: remoteData) // $ hasXXE=32 + let parser = XMLParser(data: remoteData) // $Alert parser.shouldResolveExternalEntities = true } func testInputStream() { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let remoteData = Data(remoteString) let remoteStream = InputStream(data: remoteData) - let parser = XMLParser(stream: remoteStream) // $ hasXXE=39 + let parser = XMLParser(stream: remoteStream) // $Alert parser.shouldResolveExternalEntities = true } func testUrl() { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let remoteUrl = URL(string: remoteString)! - let parser = XMLParser(contentsOf: remoteUrl) // $ hasXXE=47 + let parser = XMLParser(contentsOf: remoteUrl) // $Alert parser?.shouldResolveExternalEntities = true } @@ -89,4 +89,4 @@ func testUrlSafeExplicit() { let remoteUrl = URL(string: remoteString)! let parser = XMLParser(contentsOf: remoteUrl) // NO XXE: parser disables external entities parser?.shouldResolveExternalEntities = false -} \ No newline at end of file +} diff --git a/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.expected b/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.expected index e69de29bb2d1..4c1b0eb782ef 100644 --- a/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.expected +++ b/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.expected @@ -0,0 +1,20 @@ +#select +| predicateInjection.swift:26:25:26:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:26:25:26:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value | +| predicateInjection.swift:29:25:29:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:29:25:29:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value | +| predicateInjection.swift:31:25:31:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:31:25:31:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value | +| predicateInjection.swift:33:25:33:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:33:25:33:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value | +| predicateInjection.swift:36:42:36:42 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:36:42:36:42 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value | +edges +| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:26:25:26:25 | remoteString | provenance | | +| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:29:25:29:25 | remoteString | provenance | | +| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:31:25:31:25 | remoteString | provenance | | +| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:33:25:33:25 | remoteString | provenance | | +| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:36:42:36:42 | remoteString | provenance | | +nodes +| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| predicateInjection.swift:26:25:26:25 | remoteString | semmle.label | remoteString | +| predicateInjection.swift:29:25:29:25 | remoteString | semmle.label | remoteString | +| predicateInjection.swift:31:25:31:25 | remoteString | semmle.label | remoteString | +| predicateInjection.swift:33:25:33:25 | remoteString | semmle.label | remoteString | +| predicateInjection.swift:36:42:36:42 | remoteString | semmle.label | remoteString | +subpaths diff --git a/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.ql b/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.ql deleted file mode 100644 index 202ca05ad43b..000000000000 --- a/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.ql +++ /dev/null @@ -1,21 +0,0 @@ -import swift -import codeql.swift.dataflow.DataFlow -import codeql.swift.security.PredicateInjectionQuery -import utils.test.InlineExpectationsTest - -module PredicateInjectionTest implements TestSig { - string getARelevantTag() { result = "hasPredicateInjection" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr | - PredicateInjectionFlow::flow(source, sink) and - sinkExpr = sink.asExpr() and - location = sinkExpr.getLocation() and - element = sinkExpr.toString() and - tag = "hasPredicateInjection" and - value = source.asExpr().getLocation().getStartLine().toString() - ) - } -} - -import MakeTest diff --git a/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.qlref b/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.qlref new file mode 100644 index 000000000000..f968b9a35259 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.qlref @@ -0,0 +1,3 @@ +query: queries/Security/CWE-943/PredicateInjection.ql +postprocess: + - utils/test/InlineExpectationsTestQuery.ql diff --git a/swift/ql/test/query-tests/Security/CWE-946/predicateInjection.swift b/swift/ql/test/query-tests/Security/CWE-946/predicateInjection.swift index 1de6b50f4cf5..ede22eae8ea0 100644 --- a/swift/ql/test/query-tests/Security/CWE-946/predicateInjection.swift +++ b/swift/ql/test/query-tests/Security/CWE-946/predicateInjection.swift @@ -20,19 +20,19 @@ class NSPredicate { // --- tests --- func test() { - let remoteString = String(contentsOf: URL(string: "http://example.com/")!) + let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source let safeString = "safe" - NSPredicate(format: remoteString, argumentArray: []) // $ hasPredicateInjection=23 + NSPredicate(format: remoteString, argumentArray: []) // $Alert NSPredicate(format: safeString, argumentArray: []) // Safe NSPredicate(format: safeString, argumentArray: [remoteString]) // Safe - NSPredicate(format: remoteString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // $ hasPredicateInjection=23 + NSPredicate(format: remoteString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // $Alert NSPredicate(format: safeString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // Safe - NSPredicate(format: remoteString) // $ hasPredicateInjection=23 + NSPredicate(format: remoteString) // $Alert NSPredicate(format: safeString) // Safe - NSPredicate(format: remoteString, "" as! CVarArg) // $ hasPredicateInjection=23 + NSPredicate(format: remoteString, "" as! CVarArg) // $Alert NSPredicate(format: safeString, "" as! CVarArg) // Safe NSPredicate(format: safeString, remoteString as! CVarArg) // Safe - NSPredicate(fromMetadataQueryString: remoteString) // $ hasPredicateInjection=23 + NSPredicate(fromMetadataQueryString: remoteString) // $Alert NSPredicate(fromMetadataQueryString: safeString) // Safe }