Skip to content

Commit e038f60

Browse files
geoffw0geoffw0
committed
Swift: Convert some sinks to CSV.
1 parent 7d05446 commit e038f60

File tree

1 file changed

+13
-32
lines changed

1 file changed

+13
-32
lines changed

swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll

Lines changed: 13 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -30,38 +30,6 @@ class CleartextTransmissionAdditionalFlowStep extends Unit {
3030
abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
3131
}
3232

33-
/**
34-
* An `Expr` that is transmitted with `NWConnection.send`.
35-
*/
36-
private class NWConnectionSendSink extends CleartextTransmissionSink {
37-
NWConnectionSendSink() {
38-
// `content` arg to `NWConnection.send` is a sink
39-
exists(CallExpr call |
40-
call.getStaticTarget()
41-
.(Method)
42-
.hasQualifiedName("NWConnection", "send(content:contentContext:isComplete:completion:)") and
43-
call.getArgument(0).getExpr() = this.asExpr()
44-
)
45-
}
46-
}
47-
48-
/**
49-
* An `Expr` that is used to form a `URL`. Such expressions are very likely to
50-
* be transmitted over a network, because that's what URLs are for.
51-
*/
52-
private class UrlSink extends CleartextTransmissionSink {
53-
UrlSink() {
54-
// `string` arg in `URL.init` is a sink
55-
// (we assume here that the URL goes on to be used in a network operation)
56-
exists(CallExpr call |
57-
call.getStaticTarget()
58-
.(Method)
59-
.hasQualifiedName("URL", ["init(string:)", "init(string:relativeTo:)"]) and
60-
call.getArgument(0).getExpr() = this.asExpr()
61-
)
62-
}
63-
}
64-
6533
/**
6634
* An `Expr` that transmitted through the Alamofire library.
6735
*/
@@ -98,3 +66,16 @@ private class CleartextTransmissionDefaultBarrier extends CleartextTransmissionB
9866
private class DefaultCleartextTransmissionSink extends CleartextTransmissionSink {
9967
DefaultCleartextTransmissionSink() { sinkNode(this, "transmission") }
10068
}
69+
70+
private class TransmissionSinks extends SinkModelCsv {
71+
override predicate row(string row) {
72+
row =
73+
[
74+
";NWConnection;true;send(content:contentContext:isComplete:completion:);;;Argument[0];transmission",
75+
// an `Expr` that is used to form a `URL` is very likely to be transmitted over a network, because
76+
// that's what URLs are for.
77+
";URL;true;init(string:);;;Argument[0];transmission",
78+
";URL;true;init(string:relativeTo:);;;Argument[0];transmission",
79+
]
80+
}
81+
}

0 commit comments

Comments
 (0)