This commit is contained in:
Geoffrey White 2023-09-19 13:08:08 +01:00
Родитель 48d1b667cf
Коммит 158008ac4f
7 изменённых файлов: 61 добавлений и 4 удалений

Просмотреть файл

@ -7,9 +7,11 @@ edges
| CommandInjection.swift:69:12:69:12 | userControlledString | CommandInjection.swift:75:27:75:27 | userControlledString |
| CommandInjection.swift:69:12:69:12 | userControlledString [some:0] | CommandInjection.swift:75:27:75:27 | userControlledString [some:0] |
| CommandInjection.swift:69:40:69:94 | call to String.init(contentsOf:) | CommandInjection.swift:69:40:69:94 | call to String.init(contentsOf:) [some:0] |
| CommandInjection.swift:69:40:69:94 | call to String.init(contentsOf:) | CommandInjection.swift:75:27:75:27 | userControlledString |
| CommandInjection.swift:69:40:69:94 | call to String.init(contentsOf:) [some:0, some:0] | CommandInjection.swift:69:8:69:12 | let ...? [some:0, some:0] |
| CommandInjection.swift:69:40:69:94 | call to String.init(contentsOf:) [some:0] | CommandInjection.swift:69:8:69:12 | let ...? [some:0] |
| CommandInjection.swift:69:40:69:94 | call to String.init(contentsOf:) [some:0] | CommandInjection.swift:69:40:69:94 | call to String.init(contentsOf:) [some:0, some:0] |
| CommandInjection.swift:69:40:69:94 | call to String.init(contentsOf:) [some:0] | CommandInjection.swift:75:27:75:27 | userControlledString [some:0] |
| CommandInjection.swift:75:2:75:2 | [post] task1 [arguments] | CommandInjection.swift:75:2:75:2 | [post] task1 |
| CommandInjection.swift:75:20:75:47 | [...] | CommandInjection.swift:75:2:75:2 | [post] task1 [arguments] |
| CommandInjection.swift:75:27:75:27 | userControlledString | CommandInjection.swift:75:20:75:47 | [...] |
@ -17,8 +19,10 @@ edges
| CommandInjection.swift:75:27:75:27 | userControlledString [some:0] | CommandInjection.swift:78:43:78:43 | userControlledString [some:0] |
| CommandInjection.swift:78:5:78:9 | let ...? [some:0] | CommandInjection.swift:78:9:78:9 | validatedString |
| CommandInjection.swift:78:9:78:9 | validatedString | CommandInjection.swift:81:31:81:31 | validatedString |
| CommandInjection.swift:78:27:78:63 | call to validateCommand(_:) | CommandInjection.swift:81:31:81:31 | validatedString |
| CommandInjection.swift:78:27:78:63 | call to validateCommand(_:) [some:0] | CommandInjection.swift:78:5:78:9 | let ...? [some:0] |
| CommandInjection.swift:78:43:78:43 | userControlledString | CommandInjection.swift:58:22:58:33 | command |
| CommandInjection.swift:78:43:78:43 | userControlledString | CommandInjection.swift:78:27:78:63 | call to validateCommand(_:) |
| CommandInjection.swift:78:43:78:43 | userControlledString | CommandInjection.swift:78:27:78:63 | call to validateCommand(_:) [some:0] |
| CommandInjection.swift:78:43:78:43 | userControlledString [some:0] | CommandInjection.swift:58:22:58:33 | command [some:0] |
| CommandInjection.swift:78:43:78:43 | userControlledString [some:0] | CommandInjection.swift:78:27:78:63 | call to validateCommand(_:) [some:0] |
@ -29,6 +33,8 @@ edges
| CommandInjection.swift:99:12:99:12 | userControlledString | CommandInjection.swift:114:36:114:36 | userControlledString |
| CommandInjection.swift:99:12:99:12 | userControlledString | CommandInjection.swift:115:28:115:28 | userControlledString |
| CommandInjection.swift:99:40:99:94 | call to String.init(contentsOf:) | CommandInjection.swift:99:40:99:94 | call to String.init(contentsOf:) [some:0] |
| CommandInjection.swift:99:40:99:94 | call to String.init(contentsOf:) | CommandInjection.swift:114:36:114:36 | userControlledString |
| CommandInjection.swift:99:40:99:94 | call to String.init(contentsOf:) | CommandInjection.swift:115:28:115:28 | userControlledString |
| CommandInjection.swift:99:40:99:94 | call to String.init(contentsOf:) [some:0] | CommandInjection.swift:99:8:99:12 | let ...? [some:0] |
| CommandInjection.swift:114:2:114:2 | [post] task3 [executableURL] | CommandInjection.swift:114:2:114:2 | [post] task3 |
| CommandInjection.swift:114:24:114:56 | call to URL.init(string:) [some:0] | CommandInjection.swift:114:24:114:57 | ...! |
@ -90,6 +96,7 @@ edges
| CommandInjection.swift:180:9:180:13 | let ...? [some:0] | CommandInjection.swift:180:13:180:13 | userControlledString |
| CommandInjection.swift:180:13:180:13 | userControlledString | CommandInjection.swift:184:19:184:19 | userControlledString |
| CommandInjection.swift:180:41:180:95 | call to String.init(contentsOf:) | CommandInjection.swift:180:41:180:95 | call to String.init(contentsOf:) [some:0] |
| CommandInjection.swift:180:41:180:95 | call to String.init(contentsOf:) | CommandInjection.swift:184:19:184:19 | userControlledString |
| CommandInjection.swift:180:41:180:95 | call to String.init(contentsOf:) [some:0] | CommandInjection.swift:180:9:180:13 | let ...? [some:0] |
| CommandInjection.swift:184:18:184:39 | [...] | CommandInjection.swift:186:18:186:18 | tainted1 |
| CommandInjection.swift:184:18:184:39 | [...] | CommandInjection.swift:187:19:187:19 | tainted1 |
@ -139,6 +146,7 @@ nodes
| CommandInjection.swift:75:27:75:27 | userControlledString [some:0] | semmle.label | userControlledString [some:0] |
| CommandInjection.swift:78:5:78:9 | let ...? [some:0] | semmle.label | let ...? [some:0] |
| CommandInjection.swift:78:9:78:9 | validatedString | semmle.label | validatedString |
| CommandInjection.swift:78:27:78:63 | call to validateCommand(_:) | semmle.label | call to validateCommand(_:) |
| CommandInjection.swift:78:27:78:63 | call to validateCommand(_:) [some:0] | semmle.label | call to validateCommand(_:) [some:0] |
| CommandInjection.swift:78:43:78:43 | userControlledString | semmle.label | userControlledString |
| CommandInjection.swift:78:43:78:43 | userControlledString [some:0] | semmle.label | userControlledString [some:0] |
@ -240,6 +248,7 @@ nodes
| file://:0:0:0:0 | url | semmle.label | url |
| file://:0:0:0:0 | url | semmle.label | url |
subpaths
| CommandInjection.swift:78:43:78:43 | userControlledString | CommandInjection.swift:58:22:58:33 | command | CommandInjection.swift:62:16:62:16 | command | CommandInjection.swift:78:27:78:63 | call to validateCommand(_:) |
| CommandInjection.swift:78:43:78:43 | userControlledString | CommandInjection.swift:58:22:58:33 | command | CommandInjection.swift:62:16:62:16 | command [some:0] | CommandInjection.swift:78:27:78:63 | call to validateCommand(_:) [some:0] |
| CommandInjection.swift:78:43:78:43 | userControlledString [some:0] | CommandInjection.swift:58:22:58:33 | command [some:0] | CommandInjection.swift:62:16:62:16 | command [some:0] | CommandInjection.swift:78:27:78:63 | call to validateCommand(_:) [some:0] |
#select

Просмотреть файл

@ -74,7 +74,7 @@ func test_sqlite_swift_api(db: Connection) throws {
try db.execute(unsafeQuery2) // BAD
try db.execute(unsafeQuery3) // BAD
try db.execute(safeQuery1) // GOOD
try db.execute(safeQuery2) // GOOD
try db.execute(safeQuery2) // GOOD [FALSE POSITIVE]
// --- prepared statements ---

Просмотреть файл

@ -82,6 +82,7 @@ edges
| GRDB.swift:342:26:342:80 | call to String.init(contentsOf:) | GRDB.swift:349:84:349:84 | remoteString |
| GRDB.swift:342:26:342:80 | call to String.init(contentsOf:) | GRDB.swift:350:69:350:69 | remoteString |
| GRDB.swift:342:26:342:80 | call to String.init(contentsOf:) | GRDB.swift:351:84:351:84 | remoteString |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:63:25:63:25 | remoteString |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:73:17:73:17 | unsafeQuery1 |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:74:17:74:17 | unsafeQuery2 |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:75:17:75:17 | unsafeQuery3 |
@ -97,6 +98,9 @@ edges
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:117:16:117:16 | unsafeQuery1 |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:119:16:119:16 | unsafeQuery1 |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:132:20:132:20 | remoteString |
| SQLite.swift:63:21:63:37 | call to Self.init(_:) | SQLite.swift:77:17:77:17 | safeQuery2 |
| SQLite.swift:63:25:63:25 | remoteString | SQLite.swift:63:21:63:37 | call to Self.init(_:) |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:123:25:123:25 | remoteString |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:133:33:133:33 | unsafeQuery1 |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:134:33:134:33 | unsafeQuery2 |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:135:33:135:33 | unsafeQuery3 |
@ -104,6 +108,8 @@ edges
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:175:29:175:29 | unsafeQuery3 |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:183:29:183:29 | unsafeQuery3 |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:189:13:189:13 | unsafeQuery3 |
| sqlite3_c_api.swift:123:21:123:37 | call to Self.init(_:) | sqlite3_c_api.swift:137:33:137:33 | safeQuery2 |
| sqlite3_c_api.swift:123:25:123:25 | remoteString | sqlite3_c_api.swift:123:21:123:37 | call to Self.init(_:) |
| sqlite3_c_api.swift:189:13:189:13 | unsafeQuery3 | sqlite3_c_api.swift:189:13:189:58 | call to data(using:allowLossyConversion:) |
| sqlite3_c_api.swift:189:13:189:58 | call to data(using:allowLossyConversion:) | sqlite3_c_api.swift:190:2:190:2 | data |
| sqlite3_c_api.swift:190:2:190:2 | data | sqlite3_c_api.swift:190:21:190:21 | [post] buffer |
@ -207,9 +213,12 @@ nodes
| GRDB.swift:350:69:350:69 | remoteString | semmle.label | remoteString |
| GRDB.swift:351:84:351:84 | remoteString | semmle.label | remoteString |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| SQLite.swift:63:21:63:37 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| SQLite.swift:63:25:63:25 | remoteString | semmle.label | remoteString |
| SQLite.swift:73:17:73:17 | unsafeQuery1 | semmle.label | unsafeQuery1 |
| SQLite.swift:74:17:74:17 | unsafeQuery2 | semmle.label | unsafeQuery2 |
| SQLite.swift:75:17:75:17 | unsafeQuery3 | semmle.label | unsafeQuery3 |
| SQLite.swift:77:17:77:17 | safeQuery2 | semmle.label | safeQuery2 |
| SQLite.swift:83:29:83:29 | unsafeQuery3 | semmle.label | unsafeQuery3 |
| SQLite.swift:95:32:95:32 | remoteString | semmle.label | remoteString |
| SQLite.swift:100:29:100:29 | unsafeQuery1 | semmle.label | unsafeQuery1 |
@ -223,9 +232,12 @@ nodes
| SQLite.swift:119:16:119:16 | unsafeQuery1 | semmle.label | unsafeQuery1 |
| SQLite.swift:132:20:132:20 | remoteString | semmle.label | remoteString |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| sqlite3_c_api.swift:123:21:123:37 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| sqlite3_c_api.swift:123:25:123:25 | remoteString | semmle.label | remoteString |
| sqlite3_c_api.swift:133:33:133:33 | unsafeQuery1 | semmle.label | unsafeQuery1 |
| sqlite3_c_api.swift:134:33:134:33 | unsafeQuery2 | semmle.label | unsafeQuery2 |
| sqlite3_c_api.swift:135:33:135:33 | unsafeQuery3 | semmle.label | unsafeQuery3 |
| sqlite3_c_api.swift:137:33:137:33 | safeQuery2 | semmle.label | safeQuery2 |
| sqlite3_c_api.swift:145:26:145:26 | unsafeQuery3 | semmle.label | unsafeQuery3 |
| sqlite3_c_api.swift:175:29:175:29 | unsafeQuery3 | semmle.label | unsafeQuery3 |
| sqlite3_c_api.swift:183:29:183:29 | unsafeQuery3 | semmle.label | unsafeQuery3 |
@ -324,6 +336,7 @@ subpaths
| SQLite.swift:73:17:73:17 | unsafeQuery1 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:73:17:73:17 | unsafeQuery1 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:74:17:74:17 | unsafeQuery2 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:74:17:74:17 | unsafeQuery2 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:75:17:75:17 | unsafeQuery3 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:75:17:75:17 | unsafeQuery3 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:77:17:77:17 | safeQuery2 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:77:17:77:17 | safeQuery2 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:83:29:83:29 | unsafeQuery3 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:83:29:83:29 | unsafeQuery3 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:95:32:95:32 | remoteString | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:95:32:95:32 | remoteString | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:100:29:100:29 | unsafeQuery1 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:100:29:100:29 | unsafeQuery1 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
@ -339,6 +352,7 @@ subpaths
| sqlite3_c_api.swift:133:33:133:33 | unsafeQuery1 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:133:33:133:33 | unsafeQuery1 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:134:33:134:33 | unsafeQuery2 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:134:33:134:33 | unsafeQuery2 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:135:33:135:33 | unsafeQuery3 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:135:33:135:33 | unsafeQuery3 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:137:33:137:33 | safeQuery2 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:137:33:137:33 | safeQuery2 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:145:26:145:26 | unsafeQuery3 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:145:26:145:26 | unsafeQuery3 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:175:29:175:29 | unsafeQuery3 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:175:29:175:29 | unsafeQuery3 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |
| sqlite3_c_api.swift:183:29:183:29 | unsafeQuery3 | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:183:29:183:29 | unsafeQuery3 | This query depends on a $@. | sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | user-provided value |

Просмотреть файл

@ -134,7 +134,7 @@ func test_sqlite3_c_api(db: OpaquePointer?, buffer: UnsafeMutablePointer<UInt8>)
let result2 = sqlite3_exec(db, unsafeQuery2, nil, nil, nil) // BAD
let result3 = sqlite3_exec(db, unsafeQuery3, nil, nil, nil) // BAD
let result4 = sqlite3_exec(db, safeQuery1, nil, nil, nil) // GOOD
let result5 = sqlite3_exec(db, safeQuery2, nil, nil, nil) // GOOD
let result5 = sqlite3_exec(db, safeQuery2, nil, nil, nil) // GOOD [FALSE POSITIVE]
// --- prepared statements ---

Просмотреть файл

@ -4,6 +4,7 @@ edges
| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | UnsafeJsEval.swift:205:7:205:7 | remoteString |
| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... |
| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | UnsafeJsEval.swift:211:24:211:37 | .utf8 |
| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | UnsafeJsEval.swift:217:35:217:35 | remoteString |
| UnsafeJsEval.swift:204:7:204:66 | try! ... | UnsafeJsEval.swift:265:13:265:13 | string |
| UnsafeJsEval.swift:204:7:204:66 | try! ... | UnsafeJsEval.swift:268:13:268:13 | string |
| UnsafeJsEval.swift:204:7:204:66 | try! ... | UnsafeJsEval.swift:276:13:276:13 | string |
@ -32,6 +33,16 @@ edges
| UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | UnsafeJsEval.swift:285:13:285:13 | string |
| UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | UnsafeJsEval.swift:299:13:299:13 | string |
| UnsafeJsEval.swift:214:24:214:24 | remoteData | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) |
| UnsafeJsEval.swift:217:7:217:57 | ... .+(_:_:) ... | UnsafeJsEval.swift:265:13:265:13 | string |
| UnsafeJsEval.swift:217:7:217:57 | ... .+(_:_:) ... | UnsafeJsEval.swift:268:13:268:13 | string |
| UnsafeJsEval.swift:217:7:217:57 | ... .+(_:_:) ... | UnsafeJsEval.swift:276:13:276:13 | string |
| UnsafeJsEval.swift:217:7:217:57 | ... .+(_:_:) ... | UnsafeJsEval.swift:279:13:279:13 | string |
| UnsafeJsEval.swift:217:7:217:57 | ... .+(_:_:) ... | UnsafeJsEval.swift:285:13:285:13 | string |
| UnsafeJsEval.swift:217:7:217:57 | ... .+(_:_:) ... | UnsafeJsEval.swift:299:13:299:13 | string |
| UnsafeJsEval.swift:217:24:217:53 | call to String.init(_:) | UnsafeJsEval.swift:217:7:217:57 | ... .+(_:_:) ... |
| UnsafeJsEval.swift:217:31:217:47 | call to Self.init(_:) | UnsafeJsEval.swift:217:31:217:52 | ... ??(_:_:) ... |
| UnsafeJsEval.swift:217:31:217:52 | ... ??(_:_:) ... | UnsafeJsEval.swift:217:24:217:53 | call to String.init(_:) |
| UnsafeJsEval.swift:217:35:217:35 | remoteString | UnsafeJsEval.swift:217:31:217:47 | call to Self.init(_:) |
| UnsafeJsEval.swift:265:13:265:13 | string | UnsafeJsEval.swift:266:43:266:43 | string |
| UnsafeJsEval.swift:266:43:266:43 | string | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
| UnsafeJsEval.swift:268:13:268:13 | string | UnsafeJsEval.swift:269:43:269:43 | string |
@ -67,6 +78,11 @@ nodes
| UnsafeJsEval.swift:211:24:211:37 | .utf8 | semmle.label | .utf8 |
| UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | semmle.label | call to String.init(decoding:as:) |
| UnsafeJsEval.swift:214:24:214:24 | remoteData | semmle.label | remoteData |
| UnsafeJsEval.swift:217:7:217:57 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
| UnsafeJsEval.swift:217:24:217:53 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| UnsafeJsEval.swift:217:31:217:47 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| UnsafeJsEval.swift:217:31:217:52 | ... ??(_:_:) ... | semmle.label | ... ??(_:_:) ... |
| UnsafeJsEval.swift:217:35:217:35 | remoteString | semmle.label | remoteString |
| UnsafeJsEval.swift:265:13:265:13 | string | semmle.label | string |
| UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | semmle.label | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
| UnsafeJsEval.swift:266:43:266:43 | string | semmle.label | string |

Просмотреть файл

@ -12,10 +12,18 @@ edges
| UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:85:72:85:72 | tainted |
| UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:88:11:88:11 | tainted |
| UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:91:61:91:61 | tainted |
| UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:93:26:93:26 | tainted |
| UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:97:27:97:27 | tainted |
| UncontrolledFormatString.swift:81:47:81:47 | tainted | UncontrolledFormatString.swift:81:30:81:54 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:82:65:82:65 | tainted | UncontrolledFormatString.swift:82:48:82:72 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:84:54:84:54 | tainted | UncontrolledFormatString.swift:84:37:84:61 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:85:72:85:72 | tainted | UncontrolledFormatString.swift:85:55:85:79 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:93:22:93:33 | call to Self.init(_:) | UncontrolledFormatString.swift:95:28:95:28 | taintedSan |
| UncontrolledFormatString.swift:93:26:93:26 | tainted | UncontrolledFormatString.swift:93:22:93:33 | call to Self.init(_:) |
| UncontrolledFormatString.swift:97:23:97:34 | call to Self.init(_:) | UncontrolledFormatString.swift:98:30:98:30 | taintedVal2 |
| UncontrolledFormatString.swift:97:27:97:27 | tainted | UncontrolledFormatString.swift:97:23:97:34 | call to Self.init(_:) |
| UncontrolledFormatString.swift:98:23:98:41 | call to String.init(_:) | UncontrolledFormatString.swift:99:28:99:28 | taintedSan2 |
| UncontrolledFormatString.swift:98:30:98:30 | taintedVal2 | UncontrolledFormatString.swift:98:23:98:41 | call to String.init(_:) |
nodes
| UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| UncontrolledFormatString.swift:70:28:70:28 | tainted | semmle.label | tainted |
@ -35,6 +43,14 @@ nodes
| UncontrolledFormatString.swift:85:72:85:72 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:88:11:88:11 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:91:61:91:61 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:93:22:93:33 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| UncontrolledFormatString.swift:93:26:93:26 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:95:28:95:28 | taintedSan | semmle.label | taintedSan |
| UncontrolledFormatString.swift:97:23:97:34 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
| UncontrolledFormatString.swift:97:27:97:27 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:98:23:98:41 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| UncontrolledFormatString.swift:98:30:98:30 | taintedVal2 | semmle.label | taintedVal2 |
| UncontrolledFormatString.swift:99:28:99:28 | taintedSan2 | semmle.label | taintedSan2 |
subpaths
#select
| UncontrolledFormatString.swift:70:28:70:28 | tainted | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:70:28:70:28 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | this user-provided value |
@ -50,3 +66,5 @@ subpaths
| UncontrolledFormatString.swift:85:55:85:79 | call to NSString.init(string:) | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:85:55:85:79 | call to NSString.init(string:) | This format string depends on $@. | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:88:11:88:11 | tainted | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:88:11:88:11 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:91:61:91:61 | tainted | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:91:61:91:61 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:95:28:95:28 | taintedSan | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:95:28:95:28 | taintedSan | This format string depends on $@. | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:99:28:99:28 | taintedSan2 | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:99:28:99:28 | taintedSan2 | This format string depends on $@. | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | this user-provided value |

Просмотреть файл

@ -92,9 +92,9 @@ func tests() {
let taintedVal = Int(tainted)!
let taintedSan = "\(taintedVal)"
let q = String(format: taintedSan) // GOOD: sufficiently sanitized
let q = String(format: taintedSan) // GOOD: sufficiently sanitized [FALSE POSITIVE]
let taintedVal2 = Int(tainted) ?? 0
let taintedSan2 = String(taintedVal2)
let r = String(format: taintedSan2) // GOOD: sufficiently sanitized
let r = String(format: taintedSan2) // GOOD: sufficiently sanitized [FALSE POSITIVE]
}