Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Swift: Model withUnsafeBytes and similar closure methods #13827

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

geoffw0
Copy link
Contributor

@geoffw0 geoffw0 commented Jul 27, 2023

(draft PR because this is currently sitting atop an early version of #13741 that is necessary to get some of the results; please ignore those commits, they will be rebased away once that PR is merged)

Model withUnsafeBytes and some similar closure methods.

Limitations:

  • I've used .ArrayContent to access content when we know the Collection is an Array. I've used two models - one with .ArrayContent and one with no content specifier - when the object could be an Array or another type of Collection. I've used no content specifier for pointers (UnsafePointer etc) since we don't have content for any of those (yet). Thus, some level of conflation (e.g. between ptr and ptr[0]) is inevitable at this stage. We should be able to improve accuracy as we implement further types of content flow.
  • another limitation is that certain methods and fields used in some of the tests (e.g. .baseAddress) are not yet modelled. There is an in-progress issue for these.
  • I'm not sure why taint from array elements isn't always flowing into closures, e.g. in int.swift line 19. It works if the qualifier is a tainted array, but not if it's an array with tainted content as in the test (despite there being models for both cases).
    • update: there's a fix in another PR that very likely addresses this.

TODO:

@geoffw0 geoffw0 marked this pull request as ready for review August 4, 2023 08:47
@geoffw0 geoffw0 requested a review from a team as a code owner August 4, 2023 08:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant