Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9d49986

Browse files
geoffw0geoffw0
committed
Swift: Make QL-for-QL happy.
1 parent 39f1352 commit 9d49986

1 file changed

Lines changed: 10 additions & 10 deletions

File tree

swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,8 @@ import codeql.swift.frameworks.StandardLibrary.String
2323
* A taint source that is `String(contentsOf:)`.
2424
* TODO: this shouldn't be needed when `StringSource` in `String.qll` is working.
2525
*/
26-
class StringContentsOfURLSource extends RemoteFlowSource {
27-
StringContentsOfURLSource() {
26+
class StringContentsOfUrlSource extends RemoteFlowSource {
27+
StringContentsOfUrlSource() {
2828
exists(CallExpr call, AbstractFunctionDecl f |
2929
call.getFunction().(ApplyExpr).getStaticTarget() = f and
3030
f.getName() = "init(contentsOf:)" and
@@ -41,12 +41,12 @@ class StringContentsOfURLSource extends RemoteFlowSource {
4141
* to `UIWebView.loadHTMLString`.
4242
*/
4343
class Sink extends DataFlow::Node {
44-
Expr baseURL;
44+
Expr baseUrl;
4545

4646
Sink() {
4747
exists(
4848
AbstractFunctionDecl funcDecl, CallExpr call, string funcName, string paramName, int arg,
49-
int baseURLarg
49+
int baseUrlArg
5050
|
5151
// arguments to method calls...
5252
exists(string className, ClassDecl c |
@@ -75,19 +75,19 @@ class Sink extends DataFlow::Node {
7575
funcDecl.getParam(pragma[only_bind_into](arg)).getName() = paramName and
7676
call.getArgument(pragma[only_bind_into](arg)).getExpr() = this.asExpr() and
7777
// match up `baseURLArg`
78-
funcDecl.getParam(pragma[only_bind_into](baseURLarg)).getName() = "baseURL" and
79-
call.getArgument(pragma[only_bind_into](baseURLarg)).getExpr() = baseURL
78+
funcDecl.getParam(pragma[only_bind_into](baseUrlArg)).getName() = "baseURL" and
79+
call.getArgument(pragma[only_bind_into](baseUrlArg)).getExpr() = baseUrl
8080
)
8181
}
8282

8383
/**
8484
* Gets the `baseURL` argument associated with this sink.
8585
*/
86-
Expr getBaseURL() { result = baseURL }
86+
Expr getBaseUrl() { result = baseUrl }
8787
}
8888

8989
/**
90-
* Taint configuration from taint sources to sinks (and `baseURL` arguments)
90+
* A taint configuration from taint sources to sinks (and `baseURL` arguments)
9191
* for this query.
9292
*/
9393
class UnsafeWebViewFetchConfig extends TaintTracking::Configuration {
@@ -133,11 +133,11 @@ where
133133
sink = sinkNode.getNode() and
134134
(
135135
// base URL is nil
136-
sink.getBaseURL() instanceof NilLiteralExpr and
136+
sink.getBaseUrl() instanceof NilLiteralExpr and
137137
message = "Tainted data is used in a WebView fetch without restricting the base URL."
138138
or
139139
// base URL is tainted
140-
config.hasFlow(_, any(DataFlow::Node n | n.asExpr() = sink.getBaseURL())) and
140+
config.hasFlow(_, any(DataFlow::Node n | n.asExpr() = sink.getBaseUrl())) and
141141
message = "Tainted data is used in a WebView fetch with a tainted base URL."
142142
)
143143
select sinkNode, sourceNode, sinkNode, message

0 commit comments

Comments
 (0)