From 5713a6f8a111ccef087d30e4c43f79905a41dd06 Mon Sep 17 00:00:00 2001 From: ESS-ENN Date: Thu, 5 Dec 2024 18:40:55 +0530 Subject: [PATCH 1/3] swift-xxe-prevention-swift --- .../security/swift-xxe-prevention-swift.yml | 114 +++++++++++++ .../swift-xxe-prevention-swift-snapshot.yml | 153 ++++++++++++++++++ .../swift/swift-xxe-prevention-swift-test.yml | 25 +++ 3 files changed, 292 insertions(+) create mode 100644 rules/swift/security/swift-xxe-prevention-swift.yml create mode 100644 tests/__snapshots__/swift-xxe-prevention-swift-snapshot.yml create mode 100644 tests/swift/swift-xxe-prevention-swift-test.yml diff --git a/rules/swift/security/swift-xxe-prevention-swift.yml b/rules/swift/security/swift-xxe-prevention-swift.yml new file mode 100644 index 00000000..110555c7 --- /dev/null +++ b/rules/swift/security/swift-xxe-prevention-swift.yml @@ -0,0 +1,114 @@ +id: swift-xxe-prevention-swift +severity: warning +language: swift +message: >- + Usage of Apple's native XML Parser was observed where the parser is + explicitly instructed to resolve external entities. This can lead to XXE + attacks if untrusted input is parsed. Consider disabling this + functionality where feasible. +note: >- + [CWE-611] Improper Restriction of XML External Entity Reference. + [REFERENCES] + - https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/ValidatingInput.html + - https://mas.owasp.org/MASVS/controls/MASVS-CODE-4/ + - https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing +utils: + match_pattern_upgradeKnownHostsToHTTPS: + kind: assignment + all: + - has: + stopBy: neighbor + kind: directly_assignable_expression + all: + - has: + stopBy: end + kind: simple_identifier + pattern: $F + - has: + stopBy: end + kind: navigation_suffix + has: + stopBy: neighbor + kind: simple_identifier + regex: '^shouldResolveExternalEntities$' + - has: + stopBy: neighbor + regex: '^=$' + - has: + stopBy: neighbor + kind: boolean_literal + regex: '^true$' + - follows: + stopBy: end + kind: property_declaration + all: + - has: + stopBy: end + kind: pattern + has: + stopBy: neighbor + kind: simple_identifier + pattern: $F + - has: + stopBy: neighbor + kind: call_expression + pattern: XMLParser($$$) + - not: + follows: + stopBy: end + kind: assignment + all: + - has: + stopBy: neighbor + kind: directly_assignable_expression + all: + - has: + stopBy: end + kind: simple_identifier + pattern: $F + - has: + stopBy: end + kind: navigation_suffix + has: + stopBy: neighbor + kind: simple_identifier + regex: '^shouldResolveExternalEntities$' + - has: + stopBy: neighbor + regex: '^=$' + - has: + stopBy: neighbor + kind: boolean_literal + regex: '^true$' + - not: + precedes: + stopBy: end + kind: assignment + all: + - has: + stopBy: neighbor + kind: directly_assignable_expression + all: + - has: + stopBy: end + kind: simple_identifier + pattern: $F + - has: + stopBy: end + kind: navigation_suffix + has: + stopBy: neighbor + kind: simple_identifier + regex: '^shouldResolveExternalEntities$' + - has: + stopBy: neighbor + regex: '^=$' + - has: + stopBy: neighbor + any: + - has: + stopBy: neighbor + pattern: $$$ +rule: + kind: assignment + matches: match_pattern_upgradeKnownHostsToHTTPS diff --git a/tests/__snapshots__/swift-xxe-prevention-swift-snapshot.yml b/tests/__snapshots__/swift-xxe-prevention-swift-snapshot.yml new file mode 100644 index 00000000..ec13b3ed --- /dev/null +++ b/tests/__snapshots__/swift-xxe-prevention-swift-snapshot.yml @@ -0,0 +1,153 @@ +id: swift-xxe-prevention-swift +snapshots: + ? | + let parser = XMLParser(data: xmlData) + parser.shouldResolveExternalEntities = true + parser.delegate = self + parser.parse() + : labels: + - source: parser.shouldResolveExternalEntities = true + style: primary + start: 38 + end: 81 + - source: parser + style: secondary + start: 38 + end: 44 + - source: shouldResolveExternalEntities + style: secondary + start: 45 + end: 74 + - source: .shouldResolveExternalEntities + style: secondary + start: 44 + end: 74 + - source: parser.shouldResolveExternalEntities + style: secondary + start: 38 + end: 74 + - source: = + style: secondary + start: 75 + end: 76 + - source: 'true' + style: secondary + start: 77 + end: 81 + - source: parser + style: secondary + start: 4 + end: 10 + - source: parser + style: secondary + start: 4 + end: 10 + - source: 'XMLParser(data: xmlData)' + style: secondary + start: 13 + end: 37 + - source: 'let parser = XMLParser(data: xmlData)' + style: secondary + start: 0 + end: 37 + ? | + var parser3 = XMLParser(contentsOfURL: url) + parser3.delegate = self + parser3.shouldResolveExternalEntities = true + parser3.parse() + : labels: + - source: parser3.shouldResolveExternalEntities = true + style: primary + start: 68 + end: 112 + - source: parser3 + style: secondary + start: 68 + end: 75 + - source: shouldResolveExternalEntities + style: secondary + start: 76 + end: 105 + - source: .shouldResolveExternalEntities + style: secondary + start: 75 + end: 105 + - source: parser3.shouldResolveExternalEntities + style: secondary + start: 68 + end: 105 + - source: = + style: secondary + start: 106 + end: 107 + - source: 'true' + style: secondary + start: 108 + end: 112 + - source: parser3 + style: secondary + start: 4 + end: 11 + - source: parser3 + style: secondary + start: 4 + end: 11 + - source: 'XMLParser(contentsOfURL: url)' + style: secondary + start: 14 + end: 43 + - source: 'var parser3 = XMLParser(contentsOfURL: url)' + style: secondary + start: 0 + end: 43 + ? | + var parser6 = XMLParser(contentsOfURL: url) + parser6.delegate = self + parser6.shouldResolveExternalEntities = false + parser6.shouldResolveExternalEntities = true + parser6.parse() + : labels: + - source: parser6.shouldResolveExternalEntities = true + style: primary + start: 114 + end: 158 + - source: parser6 + style: secondary + start: 114 + end: 121 + - source: shouldResolveExternalEntities + style: secondary + start: 122 + end: 151 + - source: .shouldResolveExternalEntities + style: secondary + start: 121 + end: 151 + - source: parser6.shouldResolveExternalEntities + style: secondary + start: 114 + end: 151 + - source: = + style: secondary + start: 152 + end: 153 + - source: 'true' + style: secondary + start: 154 + end: 158 + - source: parser6 + style: secondary + start: 4 + end: 11 + - source: parser6 + style: secondary + start: 4 + end: 11 + - source: 'XMLParser(contentsOfURL: url)' + style: secondary + start: 14 + end: 43 + - source: 'var parser6 = XMLParser(contentsOfURL: url)' + style: secondary + start: 0 + end: 43 diff --git a/tests/swift/swift-xxe-prevention-swift-test.yml b/tests/swift/swift-xxe-prevention-swift-test.yml new file mode 100644 index 00000000..1384e0be --- /dev/null +++ b/tests/swift/swift-xxe-prevention-swift-test.yml @@ -0,0 +1,25 @@ +id: swift-xxe-prevention-swift +valid: + - | + let parser2 = XMLParser(data: xmlData) + parser2.shouldResolveExternalEntities = false + parser2.delegate = self + parser2.parse() +invalid: + - | + let parser = XMLParser(data: xmlData) + parser.shouldResolveExternalEntities = true + parser.delegate = self + parser.parse() + - | + var parser3 = XMLParser(contentsOfURL: url) + parser3.delegate = self + parser3.shouldResolveExternalEntities = true + parser3.parse() + - | + var parser6 = XMLParser(contentsOfURL: url) + parser6.delegate = self + parser6.shouldResolveExternalEntities = false + parser6.shouldResolveExternalEntities = true + parser6.parse() + From 1b7644d8289574a5466b08c131ce1f8433f5faab Mon Sep 17 00:00:00 2001 From: ESS-ENN Date: Thu, 5 Dec 2024 18:42:14 +0530 Subject: [PATCH 2/3] swift-webview-config-allows-js-swift --- .../swift-webview-config-allows-js-swift.yml | 110 +++++++++++++ ...ebview-config-allows-js-swift-snapshot.yml | 153 ++++++++++++++++++ ...ft-webview-config-allows-js-swift-test.yml | 32 ++++ 3 files changed, 295 insertions(+) create mode 100644 rules/swift/security/swift-webview-config-allows-js-swift.yml create mode 100644 tests/__snapshots__/swift-webview-config-allows-js-swift-snapshot.yml create mode 100644 tests/swift/swift-webview-config-allows-js-swift-test.yml diff --git a/rules/swift/security/swift-webview-config-allows-js-swift.yml b/rules/swift/security/swift-webview-config-allows-js-swift.yml new file mode 100644 index 00000000..eb67b0d2 --- /dev/null +++ b/rules/swift/security/swift-webview-config-allows-js-swift.yml @@ -0,0 +1,110 @@ +id: swift-webview-config-allows-js-swift +severity: warning +language: swift +message: >- + Webviews were observed that do not have JavaScript disabled. Consider + disabling JavaScript wherever the functionality is not required, following + the principle of least privelege. +note: >- + [CWE-272] Least Privilege Violation. + [REFERENCES] + - https://mas.owasp.org/MASVS/controls/MASVS-PLATFORM-2/ +utils: + match_pattern_upgradeKnownHostsToHTTPS: + kind: assignment + all: + - has: + stopBy: neighbor + kind: directly_assignable_expression + all: + - has: + stopBy: end + kind: simple_identifier + pattern: $F + - has: + stopBy: end + kind: navigation_suffix + has: + stopBy: neighbor + kind: simple_identifier + regex: '^javaScriptEnabled|allowsContentJavaScript$' + - has: + stopBy: neighbor + regex: '^=$' + - has: + stopBy: neighbor + kind: boolean_literal + regex: '^true$' + - follows: + stopBy: end + kind: property_declaration + all: + - has: + stopBy: end + kind: pattern + has: + stopBy: neighbor + kind: simple_identifier + pattern: $F + - has: + stopBy: neighbor + kind: call_expression + any: + - pattern: WKWebpagePreferences() + - pattern: WKPreferences() + - not: + follows: + stopBy: neighbor + kind: assignment + all: + - has: + stopBy: neighbor + kind: directly_assignable_expression + all: + - has: + stopBy: end + kind: simple_identifier + pattern: $F + - has: + stopBy: end + kind: navigation_suffix + has: + stopBy: neighbor + kind: simple_identifier + regex: '^(javaScriptEnabled|allowsContentJavaScript)$' + - has: + stopBy: neighbor + regex: '^=$' + - has: + stopBy: neighbor + kind: boolean_literal + regex: '^true$' + - not: + precedes: + stopBy: end + kind: assignment + all: + - has: + stopBy: neighbor + kind: directly_assignable_expression + all: + - has: + stopBy: end + kind: simple_identifier + pattern: $F + - has: + stopBy: end + kind: navigation_suffix + has: + stopBy: neighbor + kind: simple_identifier + regex: '^(javaScriptEnabled|allowsContentJavaScript)$' + - has: + stopBy: neighbor + regex: '^=$' + - has: + stopBy: neighbor + pattern: $$$ +rule: + kind: assignment + matches: match_pattern_upgradeKnownHostsToHTTPS \ No newline at end of file diff --git a/tests/__snapshots__/swift-webview-config-allows-js-swift-snapshot.yml b/tests/__snapshots__/swift-webview-config-allows-js-swift-snapshot.yml new file mode 100644 index 00000000..37445aeb --- /dev/null +++ b/tests/__snapshots__/swift-webview-config-allows-js-swift-snapshot.yml @@ -0,0 +1,153 @@ +id: swift-webview-config-allows-js-swift +snapshots: + ? | + let preferences = WKPreferences() + preferences.javaScriptEnabled = true + preferences.javaScriptCanOpenWindowsAutomatically = false + : labels: + - source: preferences.javaScriptEnabled = true + style: primary + start: 34 + end: 70 + - source: preferences + style: secondary + start: 34 + end: 45 + - source: javaScriptEnabled + style: secondary + start: 46 + end: 63 + - source: .javaScriptEnabled + style: secondary + start: 45 + end: 63 + - source: preferences.javaScriptEnabled + style: secondary + start: 34 + end: 63 + - source: = + style: secondary + start: 64 + end: 65 + - source: 'true' + style: secondary + start: 66 + end: 70 + - source: preferences + style: secondary + start: 4 + end: 15 + - source: preferences + style: secondary + start: 4 + end: 15 + - source: WKPreferences() + style: secondary + start: 18 + end: 33 + - source: let preferences = WKPreferences() + style: secondary + start: 0 + end: 33 + ? | + let prefs = WKWebpagePreferences() + prefs.allowsContentJavaScript = false + prefs.allowsContentJavaScript = true + let config = WKWebViewConfiguration() + config.defaultWebpagePreferences = prefs + let webView = WKWebView(frame: .zero, configuration: config) + : labels: + - source: prefs.allowsContentJavaScript = true + style: primary + start: 73 + end: 109 + - source: prefs + style: secondary + start: 73 + end: 78 + - source: allowsContentJavaScript + style: secondary + start: 79 + end: 102 + - source: .allowsContentJavaScript + style: secondary + start: 78 + end: 102 + - source: prefs.allowsContentJavaScript + style: secondary + start: 73 + end: 102 + - source: = + style: secondary + start: 103 + end: 104 + - source: 'true' + style: secondary + start: 105 + end: 109 + - source: prefs + style: secondary + start: 4 + end: 9 + - source: prefs + style: secondary + start: 4 + end: 9 + - source: WKWebpagePreferences() + style: secondary + start: 12 + end: 34 + - source: let prefs = WKWebpagePreferences() + style: secondary + start: 0 + end: 34 + ? | + let prefs = WKWebpagePreferences() + prefs.allowsContentJavaScript = true + let config = WKWebViewConfiguration() + config.defaultWebpagePreferences = prefs + : labels: + - source: prefs.allowsContentJavaScript = true + style: primary + start: 35 + end: 71 + - source: prefs + style: secondary + start: 35 + end: 40 + - source: allowsContentJavaScript + style: secondary + start: 41 + end: 64 + - source: .allowsContentJavaScript + style: secondary + start: 40 + end: 64 + - source: prefs.allowsContentJavaScript + style: secondary + start: 35 + end: 64 + - source: = + style: secondary + start: 65 + end: 66 + - source: 'true' + style: secondary + start: 67 + end: 71 + - source: prefs + style: secondary + start: 4 + end: 9 + - source: prefs + style: secondary + start: 4 + end: 9 + - source: WKWebpagePreferences() + style: secondary + start: 12 + end: 34 + - source: let prefs = WKWebpagePreferences() + style: secondary + start: 0 + end: 34 diff --git a/tests/swift/swift-webview-config-allows-js-swift-test.yml b/tests/swift/swift-webview-config-allows-js-swift-test.yml new file mode 100644 index 00000000..555b6a1f --- /dev/null +++ b/tests/swift/swift-webview-config-allows-js-swift-test.yml @@ -0,0 +1,32 @@ +id: swift-webview-config-allows-js-swift +valid: + - | + let prefs2 = WKWebpagePreferences() + prefs2.allowsContentJavaScript = true + prefs2.allowsContentJavaScript = false + let config = WKWebViewConfiguration() + config.defaultWebpagePreferences = prefs2 + - | + let prefs = WKWebpagePreferences() + prefs.allowsContentJavaScript = true + prefs.allowsContentJavaScript = false + let config = WKWebViewConfiguration() + config.defaultWebpagePreferences = prefs + let webView = WKWebView(frame: .zero, configuration: config) +invalid: + - | + let prefs = WKWebpagePreferences() + prefs.allowsContentJavaScript = true + let config = WKWebViewConfiguration() + config.defaultWebpagePreferences = prefs + - | + let preferences = WKPreferences() + preferences.javaScriptEnabled = true + preferences.javaScriptCanOpenWindowsAutomatically = false + - | + let prefs = WKWebpagePreferences() + prefs.allowsContentJavaScript = false + prefs.allowsContentJavaScript = true + let config = WKWebViewConfiguration() + config.defaultWebpagePreferences = prefs + let webView = WKWebView(frame: .zero, configuration: config) From d2389754107084aef240f19827c6caaa6505e93f Mon Sep 17 00:00:00 2001 From: ESS-ENN Date: Thu, 5 Dec 2024 18:43:48 +0530 Subject: [PATCH 3/3] swift-webview-config-base-url-swift --- .../swift-webview-config-base-url-swift.yml | 73 +++ ...webview-config-base-url-swift-snapshot.yml | 514 ++++++++++++++++++ ...ift-webview-config-base-url-swift-test.yml | 38 ++ 3 files changed, 625 insertions(+) create mode 100644 rules/swift/security/swift-webview-config-base-url-swift.yml create mode 100644 tests/__snapshots__/swift-webview-config-base-url-swift-snapshot.yml create mode 100644 tests/swift/swift-webview-config-base-url-swift-test.yml diff --git a/rules/swift/security/swift-webview-config-base-url-swift.yml b/rules/swift/security/swift-webview-config-base-url-swift.yml new file mode 100644 index 00000000..284395d2 --- /dev/null +++ b/rules/swift/security/swift-webview-config-base-url-swift.yml @@ -0,0 +1,73 @@ +id: swift-webview-config-base-url-swift +severity: warning +language: swift +message: >- + UIWebView instances were observed where the baseURL is misconfigured as + nil, which allows for origin abuse within the webview. In order to remove + the effective origin, the application should explicitly set the baseURL to + `about:blank` or similar. +note: >- + [CWE-272] Least Privilege Violation. + [REFERENCES] + - https://mas.owasp.org/MASVS/controls/MASVS-PLATFORM-2/ +utils: + matches_patttern_loadHTMLString_&_load: + kind: call_expression + all: + - has: + stopBy: end + kind: navigation_expression + all: + - has: + stopBy: end + kind: simple_identifier + pattern: $W + - has: + stopBy: end + kind: navigation_suffix + has: + stopBy: end + kind: simple_identifier + regex: '^loadHTMLString|load$' + - has: + stopBy: end + kind: call_suffix + has: + stopBy: end + kind: value_argument + all: + - has: + stopBy: end + kind: simple_identifier + regex: '^baseURL$' + - has: + stopBy: end + regex: '^nil$' + - inside: + stopBy: end + kind: source_file + has: + stopBy: end + kind: property_declaration + all: + - has: + stopBy: end + kind: pattern + has: + stopBy: neighbor + kind: simple_identifier + pattern: $W + - has: + stopBy: neighbor + kind: call_expression + all: + - has: + stopBy: neighbor + kind: simple_identifier + regex: '^UIWebView$' + - has: + stopBy: neighbor + kind: call_suffix +rule: + kind: call_expression + matches: matches_patttern_loadHTMLString_&_load \ No newline at end of file diff --git a/tests/__snapshots__/swift-webview-config-base-url-swift-snapshot.yml b/tests/__snapshots__/swift-webview-config-base-url-swift-snapshot.yml new file mode 100644 index 00000000..5e2fae4a --- /dev/null +++ b/tests/__snapshots__/swift-webview-config-base-url-swift-snapshot.yml @@ -0,0 +1,514 @@ +id: swift-webview-config-base-url-swift +snapshots: + ? | + let webview = UIWebView(...) + webview.loadHTMLString(someHtmlString, baseURL: nil) + : labels: + - source: 'webview.loadHTMLString(someHtmlString, baseURL: nil)' + style: primary + start: 29 + end: 81 + - source: webview + style: secondary + start: 29 + end: 36 + - source: loadHTMLString + style: secondary + start: 37 + end: 51 + - source: .loadHTMLString + style: secondary + start: 36 + end: 51 + - source: webview.loadHTMLString + style: secondary + start: 29 + end: 51 + - source: baseURL + style: secondary + start: 68 + end: 75 + - source: nil + style: secondary + start: 77 + end: 80 + - source: 'baseURL: nil' + style: secondary + start: 68 + end: 80 + - source: '(someHtmlString, baseURL: nil)' + style: secondary + start: 51 + end: 81 + - source: webview + style: secondary + start: 4 + end: 11 + - source: webview + style: secondary + start: 4 + end: 11 + - source: UIWebView + style: secondary + start: 14 + end: 23 + - source: (...) + style: secondary + start: 23 + end: 28 + - source: UIWebView(...) + style: secondary + start: 14 + end: 28 + - source: let webview = UIWebView(...) + style: secondary + start: 0 + end: 28 + - source: | + let webview = UIWebView(...) + webview.loadHTMLString(someHtmlString, baseURL: nil) + style: secondary + start: 0 + end: 82 + ? | + let webview10 = UIWebView(frame: self.view.bounds) + let text = "This is a test." + let data = text.data(using: .utf8)! + webview10.load(data, mimetype: "text/plain", textEncodingName: "UTF-8", baseURL: nil) + self.view.addSubview(webview10) + : labels: + - source: 'webview10.load(data, mimetype: "text/plain", textEncodingName: "UTF-8", baseURL: nil)' + style: primary + start: 116 + end: 201 + - source: webview10 + style: secondary + start: 116 + end: 125 + - source: load + style: secondary + start: 126 + end: 130 + - source: .load + style: secondary + start: 125 + end: 130 + - source: webview10.load + style: secondary + start: 116 + end: 130 + - source: baseURL + style: secondary + start: 188 + end: 195 + - source: nil + style: secondary + start: 197 + end: 200 + - source: 'baseURL: nil' + style: secondary + start: 188 + end: 200 + - source: '(data, mimetype: "text/plain", textEncodingName: "UTF-8", baseURL: nil)' + style: secondary + start: 130 + end: 201 + - source: webview10 + style: secondary + start: 4 + end: 13 + - source: webview10 + style: secondary + start: 4 + end: 13 + - source: UIWebView + style: secondary + start: 16 + end: 25 + - source: '(frame: self.view.bounds)' + style: secondary + start: 25 + end: 50 + - source: 'UIWebView(frame: self.view.bounds)' + style: secondary + start: 16 + end: 50 + - source: 'let webview10 = UIWebView(frame: self.view.bounds)' + style: secondary + start: 0 + end: 50 + - source: | + let webview10 = UIWebView(frame: self.view.bounds) + let text = "This is a test." + let data = text.data(using: .utf8)! + webview10.load(data, mimetype: "text/plain", textEncodingName: "UTF-8", baseURL: nil) + self.view.addSubview(webview10) + style: secondary + start: 0 + end: 234 + ? | + let webview12 = UIWebView(frame: self.view.bounds) + let externalHtml = "" + webview12.loadHTMLString(externalHtml, baseURL: nil) + self.view.addSubview(webview12) + : labels: + - source: 'webview12.loadHTMLString(externalHtml, baseURL: nil)' + style: primary + start: 146 + end: 198 + - source: webview12 + style: secondary + start: 146 + end: 155 + - source: loadHTMLString + style: secondary + start: 156 + end: 170 + - source: .loadHTMLString + style: secondary + start: 155 + end: 170 + - source: webview12.loadHTMLString + style: secondary + start: 146 + end: 170 + - source: baseURL + style: secondary + start: 185 + end: 192 + - source: nil + style: secondary + start: 194 + end: 197 + - source: 'baseURL: nil' + style: secondary + start: 185 + end: 197 + - source: '(externalHtml, baseURL: nil)' + style: secondary + start: 170 + end: 198 + - source: webview12 + style: secondary + start: 4 + end: 13 + - source: webview12 + style: secondary + start: 4 + end: 13 + - source: UIWebView + style: secondary + start: 16 + end: 25 + - source: '(frame: self.view.bounds)' + style: secondary + start: 25 + end: 50 + - source: 'UIWebView(frame: self.view.bounds)' + style: secondary + start: 16 + end: 50 + - source: 'let webview12 = UIWebView(frame: self.view.bounds)' + style: secondary + start: 0 + end: 50 + - source: | + let webview12 = UIWebView(frame: self.view.bounds) + let externalHtml = "" + webview12.loadHTMLString(externalHtml, baseURL: nil) + self.view.addSubview(webview12) + style: secondary + start: 0 + end: 231 + ? | + let webview13 = UIWebView(frame: self.view.bounds) + let mixedContent = "" + let dataMixed = mixedContent.data(using: .utf8)! + webview13.load(dataMixed, mimetype: "text/html", textEncodingName: "UTF-8", baseURL: nil) + self.view.addSubview(webview13) + : labels: + - source: 'webview13.load(dataMixed, mimetype: "text/html", textEncodingName: "UTF-8", baseURL: nil)' + style: primary + start: 171 + end: 260 + - source: webview13 + style: secondary + start: 171 + end: 180 + - source: load + style: secondary + start: 181 + end: 185 + - source: .load + style: secondary + start: 180 + end: 185 + - source: webview13.load + style: secondary + start: 171 + end: 185 + - source: baseURL + style: secondary + start: 247 + end: 254 + - source: nil + style: secondary + start: 256 + end: 259 + - source: 'baseURL: nil' + style: secondary + start: 247 + end: 259 + - source: '(dataMixed, mimetype: "text/html", textEncodingName: "UTF-8", baseURL: nil)' + style: secondary + start: 185 + end: 260 + - source: webview13 + style: secondary + start: 4 + end: 13 + - source: webview13 + style: secondary + start: 4 + end: 13 + - source: UIWebView + style: secondary + start: 16 + end: 25 + - source: '(frame: self.view.bounds)' + style: secondary + start: 25 + end: 50 + - source: 'UIWebView(frame: self.view.bounds)' + style: secondary + start: 16 + end: 50 + - source: 'let webview13 = UIWebView(frame: self.view.bounds)' + style: secondary + start: 0 + end: 50 + - source: | + let webview13 = UIWebView(frame: self.view.bounds) + let mixedContent = "" + let dataMixed = mixedContent.data(using: .utf8)! + webview13.load(dataMixed, mimetype: "text/html", textEncodingName: "UTF-8", baseURL: nil) + self.view.addSubview(webview13) + style: secondary + start: 0 + end: 293 + ? | + let webview3 = UIWebView(...) + webview3.load(data, mimetype: "application/json", textEncodingName: "UTF8", baseURL: nil) + : labels: + - source: 'webview3.load(data, mimetype: "application/json", textEncodingName: "UTF8", baseURL: nil)' + style: primary + start: 30 + end: 119 + - source: webview3 + style: secondary + start: 30 + end: 38 + - source: load + style: secondary + start: 39 + end: 43 + - source: .load + style: secondary + start: 38 + end: 43 + - source: webview3.load + style: secondary + start: 30 + end: 43 + - source: baseURL + style: secondary + start: 106 + end: 113 + - source: nil + style: secondary + start: 115 + end: 118 + - source: 'baseURL: nil' + style: secondary + start: 106 + end: 118 + - source: '(data, mimetype: "application/json", textEncodingName: "UTF8", baseURL: nil)' + style: secondary + start: 43 + end: 119 + - source: webview3 + style: secondary + start: 4 + end: 12 + - source: webview3 + style: secondary + start: 4 + end: 12 + - source: UIWebView + style: secondary + start: 15 + end: 24 + - source: (...) + style: secondary + start: 24 + end: 29 + - source: UIWebView(...) + style: secondary + start: 15 + end: 29 + - source: let webview3 = UIWebView(...) + style: secondary + start: 0 + end: 29 + - source: | + let webview3 = UIWebView(...) + webview3.load(data, mimetype: "application/json", textEncodingName: "UTF8", baseURL: nil) + style: secondary + start: 0 + end: 120 + ? |- + let webview7 = UIWebView(frame: self.view.bounds) + webview7.load(data, mimetype: "application/json", textEncodingName: "UTF-8", baseURL: nil) + self.view.addSubview(webview7) + : labels: + - source: 'webview7.load(data, mimetype: "application/json", textEncodingName: "UTF-8", baseURL: nil)' + style: primary + start: 50 + end: 140 + - source: webview7 + style: secondary + start: 50 + end: 58 + - source: load + style: secondary + start: 59 + end: 63 + - source: .load + style: secondary + start: 58 + end: 63 + - source: webview7.load + style: secondary + start: 50 + end: 63 + - source: baseURL + style: secondary + start: 127 + end: 134 + - source: nil + style: secondary + start: 136 + end: 139 + - source: 'baseURL: nil' + style: secondary + start: 127 + end: 139 + - source: '(data, mimetype: "application/json", textEncodingName: "UTF-8", baseURL: nil)' + style: secondary + start: 63 + end: 140 + - source: webview7 + style: secondary + start: 4 + end: 12 + - source: webview7 + style: secondary + start: 4 + end: 12 + - source: UIWebView + style: secondary + start: 15 + end: 24 + - source: '(frame: self.view.bounds)' + style: secondary + start: 24 + end: 49 + - source: 'UIWebView(frame: self.view.bounds)' + style: secondary + start: 15 + end: 49 + - source: 'let webview7 = UIWebView(frame: self.view.bounds)' + style: secondary + start: 0 + end: 49 + - source: |- + let webview7 = UIWebView(frame: self.view.bounds) + webview7.load(data, mimetype: "application/json", textEncodingName: "UTF-8", baseURL: nil) + self.view.addSubview(webview7) + style: secondary + start: 0 + end: 171 + ? | + let webview9 = UIWebView(frame: self.view.bounds) + let dynamicHtml = "

Dynamic Content

" + webview9.loadHTMLString(dynamicHtml, baseURL: nil) + self.view.addSubview(webview9) + : labels: + - source: 'webview9.loadHTMLString(dynamicHtml, baseURL: nil)' + style: primary + start: 121 + end: 171 + - source: webview9 + style: secondary + start: 121 + end: 129 + - source: loadHTMLString + style: secondary + start: 130 + end: 144 + - source: .loadHTMLString + style: secondary + start: 129 + end: 144 + - source: webview9.loadHTMLString + style: secondary + start: 121 + end: 144 + - source: baseURL + style: secondary + start: 158 + end: 165 + - source: nil + style: secondary + start: 167 + end: 170 + - source: 'baseURL: nil' + style: secondary + start: 158 + end: 170 + - source: '(dynamicHtml, baseURL: nil)' + style: secondary + start: 144 + end: 171 + - source: webview9 + style: secondary + start: 4 + end: 12 + - source: webview9 + style: secondary + start: 4 + end: 12 + - source: UIWebView + style: secondary + start: 15 + end: 24 + - source: '(frame: self.view.bounds)' + style: secondary + start: 24 + end: 49 + - source: 'UIWebView(frame: self.view.bounds)' + style: secondary + start: 15 + end: 49 + - source: 'let webview9 = UIWebView(frame: self.view.bounds)' + style: secondary + start: 0 + end: 49 + - source: | + let webview9 = UIWebView(frame: self.view.bounds) + let dynamicHtml = "

Dynamic Content

" + webview9.loadHTMLString(dynamicHtml, baseURL: nil) + self.view.addSubview(webview9) + style: secondary + start: 0 + end: 203 diff --git a/tests/swift/swift-webview-config-base-url-swift-test.yml b/tests/swift/swift-webview-config-base-url-swift-test.yml new file mode 100644 index 00000000..5d044dd4 --- /dev/null +++ b/tests/swift/swift-webview-config-base-url-swift-test.yml @@ -0,0 +1,38 @@ +id: swift-webview-config-base-url-swift +valid: + - | + let webview2 = WKWebView(...) + webview2.loadHTMLString(someHtmlString, baseURL: nil) +invalid: + - | + let webview = UIWebView(...) + webview.loadHTMLString(someHtmlString, baseURL: nil) + - | + let webview3 = UIWebView(...) + webview3.load(data, mimetype: "application/json", textEncodingName: "UTF8", baseURL: nil) + - | + let webview13 = UIWebView(frame: self.view.bounds) + let mixedContent = "" + let dataMixed = mixedContent.data(using: .utf8)! + webview13.load(dataMixed, mimetype: "text/html", textEncodingName: "UTF-8", baseURL: nil) + self.view.addSubview(webview13) + - | + let webview12 = UIWebView(frame: self.view.bounds) + let externalHtml = "" + webview12.loadHTMLString(externalHtml, baseURL: nil) + self.view.addSubview(webview12) + - | + let webview10 = UIWebView(frame: self.view.bounds) + let text = "This is a test." + let data = text.data(using: .utf8)! + webview10.load(data, mimetype: "text/plain", textEncodingName: "UTF-8", baseURL: nil) + self.view.addSubview(webview10) + - | + let webview9 = UIWebView(frame: self.view.bounds) + let dynamicHtml = "

Dynamic Content

" + webview9.loadHTMLString(dynamicHtml, baseURL: nil) + self.view.addSubview(webview9) + - | + let webview7 = UIWebView(frame: self.view.bounds) + webview7.load(data, mimetype: "application/json", textEncodingName: "UTF-8", baseURL: nil) + self.view.addSubview(webview7) \ No newline at end of file