Swift: Add taint test of URL.

geoffw0 · geoffw0 · commit 42c3e29a290a · 2022-08-09T17:42:23.000+01:00
diff --git a/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected b/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
@@ -174,3 +174,25 @@
 | string.swift:82:31:82:31 | tainted | string.swift:85:13:85:13 | tainted |
 | string.swift:84:13:84:13 | clean | string.swift:87:13:87:13 | clean |
 | string.swift:85:13:85:13 | tainted | string.swift:88:13:88:13 | tainted |
+| url.swift:12:6:12:6 | WriteDef | url.swift:14:29:14:29 | clean |
+| url.swift:12:14:12:14 | http://example.com/ | url.swift:12:6:12:6 | WriteDef |
+| url.swift:13:6:13:6 | WriteDef | url.swift:15:31:15:31 | tainted |
+| url.swift:13:16:13:23 | call to source() | url.swift:13:6:13:6 | WriteDef |
+| url.swift:14:6:14:6 | WriteDef | url.swift:17:12:17:12 | urlClean |
+| url.swift:14:17:14:35 | ...! | url.swift:14:6:14:6 | WriteDef |
+| url.swift:14:29:14:29 | clean | url.swift:20:24:20:24 | clean |
+| url.swift:15:6:15:6 | WriteDef | url.swift:18:12:18:12 | urlTainted |
+| url.swift:15:19:15:39 | ...! | url.swift:15:6:15:6 | WriteDef |
+| url.swift:15:31:15:31 | tainted | url.swift:21:24:21:24 | tainted |
+| url.swift:17:12:17:12 | urlClean | url.swift:22:43:22:43 | urlClean |
+| url.swift:18:12:18:12 | urlTainted | url.swift:23:43:23:43 | urlTainted |
+| url.swift:20:24:20:24 | clean | url.swift:22:24:22:24 | clean |
+| url.swift:21:24:21:24 | tainted | url.swift:29:25:29:25 | tainted |
+| url.swift:22:24:22:24 | clean | url.swift:23:24:23:24 | clean |
+| url.swift:23:24:23:24 | clean | url.swift:25:25:25:25 | clean |
+| url.swift:25:25:25:25 | clean | url.swift:34:26:34:26 | clean |
+| url.swift:29:25:29:25 | tainted | url.swift:38:28:38:28 | tainted |
+| url.swift:34:2:34:31 | WriteDef | url.swift:35:12:35:12 | urlClean2 |
+| url.swift:34:14:34:31 | call to ... | url.swift:34:2:34:31 | WriteDef |
+| url.swift:38:2:38:35 | WriteDef | url.swift:39:12:39:12 | urlTainted2 |
+| url.swift:38:16:38:35 | call to ... | url.swift:38:2:38:35 | WriteDef |
diff --git a/swift/ql/test/library-tests/dataflow/taint/url.swift b/swift/ql/test/library-tests/dataflow/taint/url.swift
@@ -0,0 +1,40 @@
+
+class URL
+{
+	init?(string: String) {}
+	init?(string: String, relativeTo: URL?) {}
+}
+
+func source() -> String { return "" }
+func sink(arg: URL) {}
+
+func taintThroughURL() {
+	let clean = "http://example.com/"
+	let tainted = source()
+	let urlClean = URL(string: clean)!
+	let urlTainted = URL(string: tainted)!
+
+	sink(arg: urlClean)
+	sink(arg: urlTainted) // tainted [NOT DETECTED]
+
+	sink(arg: URL(string: clean, relativeTo: nil)!)
+	sink(arg: URL(string: tainted, relativeTo: nil)!) // tainted [NOT DETECTED]
+	sink(arg: URL(string: clean, relativeTo: urlClean)!)
+	sink(arg: URL(string: clean, relativeTo: urlTainted)!) // tainted [NOT DETECTED]
+
+	if let x = URL(string: clean) {
+		sink(arg: x)
+	}
+
+	if let y = URL(string: tainted) {
+		sink(arg: y) // tainted [NOT DETECTED]
+	}
+
+	var urlClean2 : URL!
+	urlClean2 = URL(string: clean)
+	sink(arg: urlClean2)
+
+	var urlTainted2 : URL!
+	urlTainted2 = URL(string: tainted)
+	sink(arg: urlTainted2) // tainted [NOT DETECTED]
+}
