Swift: Add a test of taint sources.

geoffw0 · geoffw0 · commit 69dd2c0eec93 · 2022-09-27T18:58:56.000+01:00
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected
@@ -0,0 +1,2 @@
+| string.swift:27:21:27:21 | call to init(contentsOf:) | external |
+| string.swift:27:21:27:44 | call to init(contentsOf:) | external |
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.ql b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.ql
@@ -0,0 +1,5 @@
+import swift
+import codeql.swift.dataflow.FlowSources
+
+from RemoteFlowSource source
+select source, concat(source.getSourceType(), ", ")
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/string.swift b/swift/ql/test/library-tests/dataflow/flowsources/string.swift
@@ -0,0 +1,31 @@
+
+// --- stubs ---
+
+struct URL
+{
+	init?(string: String) {}
+}
+
+extension String {
+	init(contentsOf: URL) throws {
+		var data = ""
+
+		// ...
+
+		self.init(data)
+	}
+}
+
+// --- tests ---
+
+func testStrings() {
+	do
+	{
+		let string1 = String()
+		let string2 = String(repeating: "abc", count: 10)
+		let url = URL(string: "http://example.com/")
+		let string3 = try String(contentsOf: url!) // SOURCE
+	} catch {
+		// ...
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+\| string.swift:27:21:27:21 \| call to init(contentsOf:) \| external \|`
	`2`	`+\| string.swift:27:21:27:44 \| call to init(contentsOf:) \| external \|`