Skip to content

Commit ec7e718

Browse files
d10cd10c
committed
Swift: convert PredicateInjection test to .qlref
1 parent 8b69221 commit ec7e718

File tree

4 files changed

+29
-27
lines changed

4 files changed

+29
-27
lines changed

swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.expected

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
#select
2+
| predicateInjection.swift:26:25:26:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:26:25:26:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
3+
| predicateInjection.swift:29:25:29:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:29:25:29:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
4+
| predicateInjection.swift:31:25:31:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:31:25:31:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
5+
| predicateInjection.swift:33:25:33:25 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:33:25:33:25 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
6+
| predicateInjection.swift:36:42:36:42 | remoteString | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:36:42:36:42 | remoteString | This predicate depends on a $@. | predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | user-provided value |
7+
edges
8+
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:26:25:26:25 | remoteString | provenance | |
9+
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:29:25:29:25 | remoteString | provenance | |
10+
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:31:25:31:25 | remoteString | provenance | |
11+
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:33:25:33:25 | remoteString | provenance | |
12+
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | predicateInjection.swift:36:42:36:42 | remoteString | provenance | |
13+
nodes
14+
| predicateInjection.swift:23:24:23:78 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
15+
| predicateInjection.swift:26:25:26:25 | remoteString | semmle.label | remoteString |
16+
| predicateInjection.swift:29:25:29:25 | remoteString | semmle.label | remoteString |
17+
| predicateInjection.swift:31:25:31:25 | remoteString | semmle.label | remoteString |
18+
| predicateInjection.swift:33:25:33:25 | remoteString | semmle.label | remoteString |
19+
| predicateInjection.swift:36:42:36:42 | remoteString | semmle.label | remoteString |
20+
subpaths

swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.ql

Lines changed: 0 additions & 21 deletions
This file was deleted.

swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.qlref

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
query: queries/Security/CWE-943/PredicateInjection.ql
2+
postprocess:
3+
- utils/test/InlineExpectationsTestQuery.ql

swift/ql/test/query-tests/Security/CWE-946/predicateInjection.swift

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -20,19 +20,19 @@ class NSPredicate {
2020
// --- tests ---
2121

2222
func test() {
23-
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
23+
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $Source
2424
let safeString = "safe"
2525

26-
NSPredicate(format: remoteString, argumentArray: []) // $ hasPredicateInjection=23
26+
NSPredicate(format: remoteString, argumentArray: []) // $Alert
2727
NSPredicate(format: safeString, argumentArray: []) // Safe
2828
NSPredicate(format: safeString, argumentArray: [remoteString]) // Safe
29-
NSPredicate(format: remoteString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // $ hasPredicateInjection=23
29+
NSPredicate(format: remoteString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // $Alert
3030
NSPredicate(format: safeString, arguments: CVaListPointer(_fromUnsafeMutablePointer: UnsafeMutablePointer(bitPattern: 0)!)) // Safe
31-
NSPredicate(format: remoteString) // $ hasPredicateInjection=23
31+
NSPredicate(format: remoteString) // $Alert
3232
NSPredicate(format: safeString) // Safe
33-
NSPredicate(format: remoteString, "" as! CVarArg) // $ hasPredicateInjection=23
33+
NSPredicate(format: remoteString, "" as! CVarArg) // $Alert
3434
NSPredicate(format: safeString, "" as! CVarArg) // Safe
3535
NSPredicate(format: safeString, remoteString as! CVarArg) // Safe
36-
NSPredicate(fromMetadataQueryString: remoteString) // $ hasPredicateInjection=23
36+
NSPredicate(fromMetadataQueryString: remoteString) // $Alert
3737
NSPredicate(fromMetadataQueryString: safeString) // Safe
3838
}

0 commit comments

Comments
 (0)