Skip to content

Commit 16ba5b1

Browse files
d10cd10c
committed
Swift: update doctests
1 parent 4b7a89e commit 16ba5b1

3 files changed

Lines changed: 4 additions & 4 deletions

File tree

swift/ql/src/queries/Security/CWE-094/UnsafeJsEvalBad.swift

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,4 +3,4 @@ let remoteData = try String(contentsOf: URL(string: "http://example.com/evil.jso
33

44
...
55

6-
_ = try await webview.evaluateJavaScript("alert(" + remoteData + ")") // BAD
6+
_ = try await webview.evaluateJavaScript("console.log(" + remoteData + ")") // BAD

swift/ql/src/queries/Security/CWE-094/UnsafeJsEvalGood.swift

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ let remoteData = try String(contentsOf: URL(string: "http://example.com/evil.jso
44
...
55

66
_ = try await webview.callAsyncJavaScript(
7-
"alert(JSON.parse(data))",
7+
"console.log(data)",
88
arguments: ["data": remoteData], // GOOD
99
contentWorld: .page
1010
)

swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -317,10 +317,10 @@ func testQHelpExamples() {
317317
let webview = WKWebView()
318318
let remoteData = try String(contentsOf: URL(string: "http://example.com/evil.json")!)
319319

320-
_ = try await webview.evaluateJavaScript("alert(" + remoteData + ")") // BAD [NOT DETECTED - TODO: extract Callables of @MainActor method calls]
320+
_ = try await webview.evaluateJavaScript("console.log(" + remoteData + ")") // BAD [NOT DETECTED - TODO: extract Callables of @MainActor method calls]
321321

322322
_ = try await webview.callAsyncJavaScript(
323-
"alert(JSON.parse(data))",
323+
"console.log(data)",
324324
arguments: ["data": remoteData], // GOOD
325325
contentWorld: .page
326326
)

0 commit comments

Comments
 (0)