Skip to content

Commit d2c7491

Browse files
geoffw0geoffw0
committed
Swift: Repair UnsafeWebViewFetch query via taint summary.
1 parent 13b2b1f commit d2c7491

File tree

2 files changed

+29
-1
lines changed

2 files changed

+29
-1
lines changed

swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ private module Cached {
4949
)
5050
or
5151
// allow flow through `URL.init`.
52-
exists(CallExpr call, ClassDecl c, AbstractFunctionDecl f |
52+
exists(CallExpr call, StructDecl c, AbstractFunctionDecl f |
5353
c.getName() = "URL" and
5454
c.getAMember() = f and
5555
f.getName() = ["init(string:)", "init(string:relativeTo:)"] and

swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.expected

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,15 +13,27 @@ edges
1313
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:127:25:127:25 | "..." |
1414
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:135:25:135:25 | remoteString |
1515
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:137:25:137:25 | remoteString |
16+
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:138:47:138:56 | ...! |
1617
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:139:25:139:25 | remoteString |
18+
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:139:48:139:57 | ...! |
19+
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:140:47:140:57 | ...! |
1720
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:141:25:141:25 | remoteString |
21+
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:141:48:141:58 | ...! |
22+
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:153:85:153:94 | ...! |
23+
| UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:154:86:154:95 | ...! |
1824
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:168:25:168:25 | remoteString |
1925
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:171:25:171:51 | ... .+(_:_:) ... |
2026
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:174:25:174:25 | "..." |
2127
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:182:25:182:25 | remoteString |
2228
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:184:25:184:25 | remoteString |
29+
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:185:47:185:56 | ...! |
2330
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:186:25:186:25 | remoteString |
31+
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:186:48:186:57 | ...! |
32+
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:187:47:187:57 | ...! |
2433
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:188:25:188:25 | remoteString |
34+
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:188:48:188:58 | ...! |
35+
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:200:90:200:99 | ...! |
36+
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | UnsafeWebViewFetch.swift:201:91:201:100 | ...! |
2537
| UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() : | UnsafeWebViewFetch.swift:210:25:210:25 | htmlData |
2638
| UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() : | UnsafeWebViewFetch.swift:211:25:211:25 | htmlData |
2739
nodes
@@ -40,17 +52,29 @@ nodes
4052
| UnsafeWebViewFetch.swift:127:25:127:25 | "..." | semmle.label | "..." |
4153
| UnsafeWebViewFetch.swift:135:25:135:25 | remoteString | semmle.label | remoteString |
4254
| UnsafeWebViewFetch.swift:137:25:137:25 | remoteString | semmle.label | remoteString |
55+
| UnsafeWebViewFetch.swift:138:47:138:56 | ...! | semmle.label | ...! |
4356
| UnsafeWebViewFetch.swift:139:25:139:25 | remoteString | semmle.label | remoteString |
57+
| UnsafeWebViewFetch.swift:139:48:139:57 | ...! | semmle.label | ...! |
58+
| UnsafeWebViewFetch.swift:140:47:140:57 | ...! | semmle.label | ...! |
4459
| UnsafeWebViewFetch.swift:141:25:141:25 | remoteString | semmle.label | remoteString |
60+
| UnsafeWebViewFetch.swift:141:48:141:58 | ...! | semmle.label | ...! |
61+
| UnsafeWebViewFetch.swift:153:85:153:94 | ...! | semmle.label | ...! |
62+
| UnsafeWebViewFetch.swift:154:86:154:95 | ...! | semmle.label | ...! |
4563
| UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() : | semmle.label | call to getRemoteData() : |
4664
| UnsafeWebViewFetch.swift:167:25:167:39 | call to getRemoteData() | semmle.label | call to getRemoteData() |
4765
| UnsafeWebViewFetch.swift:168:25:168:25 | remoteString | semmle.label | remoteString |
4866
| UnsafeWebViewFetch.swift:171:25:171:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
4967
| UnsafeWebViewFetch.swift:174:25:174:25 | "..." | semmle.label | "..." |
5068
| UnsafeWebViewFetch.swift:182:25:182:25 | remoteString | semmle.label | remoteString |
5169
| UnsafeWebViewFetch.swift:184:25:184:25 | remoteString | semmle.label | remoteString |
70+
| UnsafeWebViewFetch.swift:185:47:185:56 | ...! | semmle.label | ...! |
5271
| UnsafeWebViewFetch.swift:186:25:186:25 | remoteString | semmle.label | remoteString |
72+
| UnsafeWebViewFetch.swift:186:48:186:57 | ...! | semmle.label | ...! |
73+
| UnsafeWebViewFetch.swift:187:47:187:57 | ...! | semmle.label | ...! |
5374
| UnsafeWebViewFetch.swift:188:25:188:25 | remoteString | semmle.label | remoteString |
75+
| UnsafeWebViewFetch.swift:188:48:188:58 | ...! | semmle.label | ...! |
76+
| UnsafeWebViewFetch.swift:200:90:200:99 | ...! | semmle.label | ...! |
77+
| UnsafeWebViewFetch.swift:201:91:201:100 | ...! | semmle.label | ...! |
5478
| UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() : | semmle.label | call to getRemoteData() : |
5579
| UnsafeWebViewFetch.swift:210:25:210:25 | htmlData | semmle.label | htmlData |
5680
| UnsafeWebViewFetch.swift:211:25:211:25 | htmlData | semmle.label | htmlData |
@@ -63,8 +87,12 @@ subpaths
6387
| UnsafeWebViewFetch.swift:121:25:121:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:121:25:121:25 | remoteString | Tainted data is used in a WebView fetch without restricting the base URL. |
6488
| UnsafeWebViewFetch.swift:124:25:124:51 | ... .+(_:_:) ... | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:124:25:124:51 | ... .+(_:_:) ... | Tainted data is used in a WebView fetch without restricting the base URL. |
6589
| UnsafeWebViewFetch.swift:127:25:127:25 | "..." | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:127:25:127:25 | "..." | Tainted data is used in a WebView fetch without restricting the base URL. |
90+
| UnsafeWebViewFetch.swift:139:25:139:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:139:25:139:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
91+
| UnsafeWebViewFetch.swift:141:25:141:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:141:25:141:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
6692
| UnsafeWebViewFetch.swift:167:25:167:39 | call to getRemoteData() | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:167:25:167:39 | call to getRemoteData() | Tainted data is used in a WebView fetch without restricting the base URL. |
6793
| UnsafeWebViewFetch.swift:168:25:168:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:168:25:168:25 | remoteString | Tainted data is used in a WebView fetch without restricting the base URL. |
6894
| UnsafeWebViewFetch.swift:171:25:171:51 | ... .+(_:_:) ... | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:171:25:171:51 | ... .+(_:_:) ... | Tainted data is used in a WebView fetch without restricting the base URL. |
6995
| UnsafeWebViewFetch.swift:174:25:174:25 | "..." | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:174:25:174:25 | "..." | Tainted data is used in a WebView fetch without restricting the base URL. |
96+
| UnsafeWebViewFetch.swift:186:25:186:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:186:25:186:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
97+
| UnsafeWebViewFetch.swift:188:25:188:25 | remoteString | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:188:25:188:25 | remoteString | Tainted data is used in a WebView fetch with a tainted base URL. |
7098
| UnsafeWebViewFetch.swift:210:25:210:25 | htmlData | UnsafeWebViewFetch.swift:94:14:94:37 | call to init(contentsOf:) : | UnsafeWebViewFetch.swift:210:25:210:25 | htmlData | Tainted data is used in a WebView fetch without restricting the base URL. |

0 commit comments

Comments
 (0)