Swift: Extend test cases.

geoffw0 · geoffw0 · commit 9e773302ed25 · 2022-07-27T17:39:01.000+01:00
diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected
@@ -1,19 +1,19 @@
 edges
 | StringLengthConflation.swift:60:47:60:50 | .length :  | StringLengthConflation.swift:60:47:60:59 | ... call to /(_:_:) ... |
 | StringLengthConflation.swift:66:33:66:36 | .length :  | StringLengthConflation.swift:66:33:66:45 | ... call to /(_:_:) ... |
-| StringLengthConflation.swift:93:28:93:31 | .length :  | StringLengthConflation.swift:93:28:93:40 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:97:27:97:30 | .length :  | StringLengthConflation.swift:97:27:97:39 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:101:25:101:28 | .length :  | StringLengthConflation.swift:101:25:101:37 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:105:25:105:28 | .length :  | StringLengthConflation.swift:105:25:105:37 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:111:23:111:26 | .length :  | StringLengthConflation.swift:111:23:111:35 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:117:22:117:25 | .length :  | StringLengthConflation.swift:117:22:117:34 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:122:34:122:36 | .count :  | StringLengthConflation.swift:122:34:122:44 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:123:36:123:38 | .count :  | StringLengthConflation.swift:123:36:123:46 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:128:36:128:38 | .count :  | StringLengthConflation.swift:128:36:128:46 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:129:38:129:40 | .count :  | StringLengthConflation.swift:129:38:129:48 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:134:34:134:36 | .count :  | StringLengthConflation.swift:134:34:134:44 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:135:36:135:38 | .count :  | StringLengthConflation.swift:135:36:135:46 | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:141:28:141:30 | .count :  | StringLengthConflation.swift:141:28:141:38 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:96:28:96:31 | .length :  | StringLengthConflation.swift:96:28:96:40 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:100:27:100:30 | .length :  | StringLengthConflation.swift:100:27:100:39 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:104:25:104:28 | .length :  | StringLengthConflation.swift:104:25:104:37 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:108:25:108:28 | .length :  | StringLengthConflation.swift:108:25:108:37 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:114:23:114:26 | .length :  | StringLengthConflation.swift:114:23:114:35 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:120:22:120:25 | .length :  | StringLengthConflation.swift:120:22:120:34 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:125:34:125:36 | .count :  | StringLengthConflation.swift:125:34:125:44 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:126:36:126:38 | .count :  | StringLengthConflation.swift:126:36:126:46 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:131:36:131:38 | .count :  | StringLengthConflation.swift:131:36:131:46 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:132:38:132:40 | .count :  | StringLengthConflation.swift:132:38:132:48 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:137:34:137:36 | .count :  | StringLengthConflation.swift:137:34:137:44 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:138:36:138:38 | .count :  | StringLengthConflation.swift:138:36:138:46 | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:144:28:144:30 | .count :  | StringLengthConflation.swift:144:28:144:38 | ... call to -(_:_:) ... |
 nodes
 | StringLengthConflation.swift:53:43:53:46 | .length | semmle.label | .length |
 | StringLengthConflation.swift:60:47:60:50 | .length :  | semmle.label | .length :  |
@@ -22,49 +22,49 @@ nodes
 | StringLengthConflation.swift:66:33:66:45 | ... call to /(_:_:) ... | semmle.label | ... call to /(_:_:) ... |
 | StringLengthConflation.swift:72:33:72:35 | .count | semmle.label | .count |
 | StringLengthConflation.swift:78:47:78:49 | .count | semmle.label | .count |
-| StringLengthConflation.swift:93:28:93:31 | .length :  | semmle.label | .length :  |
-| StringLengthConflation.swift:93:28:93:40 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:97:27:97:30 | .length :  | semmle.label | .length :  |
-| StringLengthConflation.swift:97:27:97:39 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:101:25:101:28 | .length :  | semmle.label | .length :  |
-| StringLengthConflation.swift:101:25:101:37 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:105:25:105:28 | .length :  | semmle.label | .length :  |
-| StringLengthConflation.swift:105:25:105:37 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:111:23:111:26 | .length :  | semmle.label | .length :  |
-| StringLengthConflation.swift:111:23:111:35 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:117:22:117:25 | .length :  | semmle.label | .length :  |
-| StringLengthConflation.swift:117:22:117:34 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:122:34:122:36 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:122:34:122:44 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:123:36:123:38 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:123:36:123:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:128:36:128:38 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:128:36:128:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:129:38:129:40 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:129:38:129:48 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:134:34:134:36 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:134:34:134:44 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:135:36:135:38 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:135:36:135:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
-| StringLengthConflation.swift:141:28:141:30 | .count :  | semmle.label | .count :  |
-| StringLengthConflation.swift:141:28:141:38 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:96:28:96:31 | .length :  | semmle.label | .length :  |
+| StringLengthConflation.swift:96:28:96:40 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:100:27:100:30 | .length :  | semmle.label | .length :  |
+| StringLengthConflation.swift:100:27:100:39 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:104:25:104:28 | .length :  | semmle.label | .length :  |
+| StringLengthConflation.swift:104:25:104:37 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:108:25:108:28 | .length :  | semmle.label | .length :  |
+| StringLengthConflation.swift:108:25:108:37 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:114:23:114:26 | .length :  | semmle.label | .length :  |
+| StringLengthConflation.swift:114:23:114:35 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:120:22:120:25 | .length :  | semmle.label | .length :  |
+| StringLengthConflation.swift:120:22:120:34 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:125:34:125:36 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:125:34:125:44 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:126:36:126:38 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:126:36:126:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:131:36:131:38 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:131:36:131:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:132:38:132:40 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:132:38:132:48 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:137:34:137:36 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:137:34:137:44 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:138:36:138:38 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:138:36:138:46 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
+| StringLengthConflation.swift:144:28:144:30 | .count :  | semmle.label | .count :  |
+| StringLengthConflation.swift:144:28:144:38 | ... call to -(_:_:) ... | semmle.label | ... call to -(_:_:) ... |
 subpaths
 #select
 | StringLengthConflation.swift:53:43:53:46 | .length | StringLengthConflation.swift:53:43:53:46 | .length | StringLengthConflation.swift:53:43:53:46 | .length | This NSString length is used in a String, but it may not be equivalent. |
 | StringLengthConflation.swift:60:47:60:59 | ... call to /(_:_:) ... | StringLengthConflation.swift:60:47:60:50 | .length :  | StringLengthConflation.swift:60:47:60:59 | ... call to /(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
 | StringLengthConflation.swift:66:33:66:45 | ... call to /(_:_:) ... | StringLengthConflation.swift:66:33:66:36 | .length :  | StringLengthConflation.swift:66:33:66:45 | ... call to /(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
 | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | This String length is used in an NSString, but it may not be equivalent. |
 | StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:93:28:93:40 | ... call to -(_:_:) ... | StringLengthConflation.swift:93:28:93:31 | .length :  | StringLengthConflation.swift:93:28:93:40 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
-| StringLengthConflation.swift:97:27:97:39 | ... call to -(_:_:) ... | StringLengthConflation.swift:97:27:97:30 | .length :  | StringLengthConflation.swift:97:27:97:39 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
-| StringLengthConflation.swift:101:25:101:37 | ... call to -(_:_:) ... | StringLengthConflation.swift:101:25:101:28 | .length :  | StringLengthConflation.swift:101:25:101:37 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
-| StringLengthConflation.swift:105:25:105:37 | ... call to -(_:_:) ... | StringLengthConflation.swift:105:25:105:28 | .length :  | StringLengthConflation.swift:105:25:105:37 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
-| StringLengthConflation.swift:111:23:111:35 | ... call to -(_:_:) ... | StringLengthConflation.swift:111:23:111:26 | .length :  | StringLengthConflation.swift:111:23:111:35 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
-| StringLengthConflation.swift:117:22:117:34 | ... call to -(_:_:) ... | StringLengthConflation.swift:117:22:117:25 | .length :  | StringLengthConflation.swift:117:22:117:34 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
-| StringLengthConflation.swift:122:34:122:44 | ... call to -(_:_:) ... | StringLengthConflation.swift:122:34:122:36 | .count :  | StringLengthConflation.swift:122:34:122:44 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:123:36:123:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:123:36:123:38 | .count :  | StringLengthConflation.swift:123:36:123:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:128:36:128:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:128:36:128:38 | .count :  | StringLengthConflation.swift:128:36:128:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:129:38:129:48 | ... call to -(_:_:) ... | StringLengthConflation.swift:129:38:129:40 | .count :  | StringLengthConflation.swift:129:38:129:48 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:134:34:134:44 | ... call to -(_:_:) ... | StringLengthConflation.swift:134:34:134:36 | .count :  | StringLengthConflation.swift:134:34:134:44 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:135:36:135:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:135:36:135:38 | .count :  | StringLengthConflation.swift:135:36:135:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
-| StringLengthConflation.swift:141:28:141:38 | ... call to -(_:_:) ... | StringLengthConflation.swift:141:28:141:30 | .count :  | StringLengthConflation.swift:141:28:141:38 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:96:28:96:40 | ... call to -(_:_:) ... | StringLengthConflation.swift:96:28:96:31 | .length :  | StringLengthConflation.swift:96:28:96:40 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:100:27:100:39 | ... call to -(_:_:) ... | StringLengthConflation.swift:100:27:100:30 | .length :  | StringLengthConflation.swift:100:27:100:39 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:104:25:104:37 | ... call to -(_:_:) ... | StringLengthConflation.swift:104:25:104:28 | .length :  | StringLengthConflation.swift:104:25:104:37 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:108:25:108:37 | ... call to -(_:_:) ... | StringLengthConflation.swift:108:25:108:28 | .length :  | StringLengthConflation.swift:108:25:108:37 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:114:23:114:35 | ... call to -(_:_:) ... | StringLengthConflation.swift:114:23:114:26 | .length :  | StringLengthConflation.swift:114:23:114:35 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:120:22:120:34 | ... call to -(_:_:) ... | StringLengthConflation.swift:120:22:120:25 | .length :  | StringLengthConflation.swift:120:22:120:34 | ... call to -(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
+| StringLengthConflation.swift:125:34:125:44 | ... call to -(_:_:) ... | StringLengthConflation.swift:125:34:125:36 | .count :  | StringLengthConflation.swift:125:34:125:44 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:126:36:126:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:126:36:126:38 | .count :  | StringLengthConflation.swift:126:36:126:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:131:36:131:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:131:36:131:38 | .count :  | StringLengthConflation.swift:131:36:131:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:132:38:132:48 | ... call to -(_:_:) ... | StringLengthConflation.swift:132:38:132:40 | .count :  | StringLengthConflation.swift:132:38:132:48 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:137:34:137:44 | ... call to -(_:_:) ... | StringLengthConflation.swift:137:34:137:36 | .count :  | StringLengthConflation.swift:137:34:137:44 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:138:36:138:46 | ... call to -(_:_:) ... | StringLengthConflation.swift:138:36:138:38 | .count :  | StringLengthConflation.swift:138:36:138:46 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:144:28:144:38 | ... call to -(_:_:) ... | StringLengthConflation.swift:144:28:144:30 | .count :  | StringLengthConflation.swift:144:28:144:38 | ... call to -(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift
@@ -76,16 +76,19 @@ func test(s: String) {
 
     let range5 = NSRange(location: 0, length: ns.length) // GOOD
     let range6 = NSRange(location: 0, length: s.count) // BAD: String length used in NSMakeRange
-    print("NSRange '\(range5.description)' / '\(range6.description)'")
+    let range7 = NSRange(location: 0, length: s.utf8.count) // BAD: String.utf8  length used in NSMakeRange [NOT DETECTED]
+    let range8 = NSRange(location: 0, length: s.utf16.count) // BAD: String.utf16 length used in NSMakeRange [NOT DETECTED]
+    let range9 = NSRange(location: 0, length: s.unicodeScalars.count) // BAD: String.unicodeScalars length used in NSMakeRange [NOT DETECTED]
+    print("NSRange '\(range5.description)' / '\(range6.description)' '\(range7.description)' '\(range8.description)' '\(range9.description)'")
 
     // --- converting Range to NSRange ---
 
-    let range7 = s.startIndex ..< s.endIndex
-    let range8 = NSRange(range7, in: s) // GOOD
-    let location = s.distance(from: s.startIndex, to: range7.lowerBound)
-    let length = s.distance(from: range7.lowerBound, to: range7.upperBound)
-    let range9 = NSRange(location: location, length: length) // BAD [NOT DETECTED]
-    print("NSRange '\(range8.description)' / '\(range9.description)'")
+    let range10 = s.startIndex ..< s.endIndex
+    let range11 = NSRange(range10, in: s) // GOOD
+    let location = s.distance(from: s.startIndex, to: range10.lowerBound)
+    let length = s.distance(from: range10.lowerBound, to: range10.upperBound)
+    let range12 = NSRange(location: location, length: length) // BAD [NOT DETECTED]
+    print("NSRange '\(range11.description)' / '\(range12.description)'")
 
     // --- String operations using an integer directly ---
 
