From 42e708b387840e90d6ad6db7cb1d275b286abae9 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Tue, 13 Feb 2024 17:43:43 +0000
Subject: [PATCH 1/4] Swift: Tweak the change note.

---
 swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md b/swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md
index e3c6f79bc48..1f8fc022ac5 100644
--- a/swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md
+++ b/swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* Added a new query, `swift/unsafe-unpacking`, that detects unpacking user controlled zips without validating the destination file path is within the destination directory.
\ No newline at end of file
+* Added a new experimental query, `swift/unsafe-unpacking`, that detects unpacking user controlled zips without validating the destination file path is within the destination directory.

From dfba6b97ac16f37a88cc39b76dba2aa96758002f Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Tue, 13 Feb 2024 17:45:55 +0000
Subject: [PATCH 2/4] Swift: Case consistency.

---
 swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp   | 2 +-
 .../CWE-022/{ZIPFoundationBad.swift => ZipFoundationBad.swift}  | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename swift/ql/src/experimental/Security/CWE-022/{ZIPFoundationBad.swift => ZipFoundationBad.swift} (100%)

diff --git a/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp b/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp
index 2f65296b9a8..6c53b3a789a 100644
--- a/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp
+++ b/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.qhelp
@@ -27,7 +27,7 @@ The following examples unpacks a remote zip using `Zip.unzipFile()` which is vul
 <p>
 The following examples unpacks a remote zip using `fileManager.unzipItem()` which is vulnerable to symlink path traversal.
 </p>
-<sample src="ZIPFoundationBad.swift" />
+<sample src="ZipFoundationBad.swift" />
 
 
 <p>Consider using a safer module, such as: <code>ZIPArchive</code></p>
diff --git a/swift/ql/src/experimental/Security/CWE-022/ZIPFoundationBad.swift b/swift/ql/src/experimental/Security/CWE-022/ZipFoundationBad.swift
similarity index 100%
rename from swift/ql/src/experimental/Security/CWE-022/ZIPFoundationBad.swift
rename to swift/ql/src/experimental/Security/CWE-022/ZipFoundationBad.swift

From 65e3ae0c4587fe2c7527862dbc69bf2fa72f0dbd Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Tue, 13 Feb 2024 17:49:00 +0000
Subject: [PATCH 3/4] Swift: Move the two CWE-022 tests into a common
 directory.

---
 .../CWE-022/{ => PathInjection}/PathInjectionTest.expected        | 0
 .../Security/CWE-022/{ => PathInjection}/PathInjectionTest.ql     | 0
 .../Security/CWE-022/{ => PathInjection}/testPathInjection.swift  | 0
 .../UnsafeUnpack}/UnsafeUnpack.expected                           | 0
 .../UnsafeUnpack}/UnsafeUnpack.qlref                              | 0
 .../UnsafeUnpack}/UnsafeUnpack.swift                              | 0
 6 files changed, 0 insertions(+), 0 deletions(-)
 rename swift/ql/test/query-tests/Security/CWE-022/{ => PathInjection}/PathInjectionTest.expected (100%)
 rename swift/ql/test/query-tests/Security/CWE-022/{ => PathInjection}/PathInjectionTest.ql (100%)
 rename swift/ql/test/query-tests/Security/CWE-022/{ => PathInjection}/testPathInjection.swift (100%)
 rename swift/ql/test/query-tests/Security/{CWE-022-Unsafe-Unpack => CWE-022/UnsafeUnpack}/UnsafeUnpack.expected (100%)
 rename swift/ql/test/query-tests/Security/{CWE-022-Unsafe-Unpack => CWE-022/UnsafeUnpack}/UnsafeUnpack.qlref (100%)
 rename swift/ql/test/query-tests/Security/{CWE-022-Unsafe-Unpack => CWE-022/UnsafeUnpack}/UnsafeUnpack.swift (100%)

diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.expected
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected
rename to swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.expected
diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.ql
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql
rename to swift/ql/test/query-tests/Security/CWE-022/PathInjection/PathInjectionTest.ql
diff --git a/swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift b/swift/ql/test/query-tests/Security/CWE-022/PathInjection/testPathInjection.swift
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift
rename to swift/ql/test/query-tests/Security/CWE-022/PathInjection/testPathInjection.swift
diff --git a/swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.expected b/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.expected
rename to swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected
diff --git a/swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.qlref b/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.qlref
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.qlref
rename to swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.qlref
diff --git a/swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.swift b/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.swift
similarity index 100%
rename from swift/ql/test/query-tests/Security/CWE-022-Unsafe-Unpack/UnsafeUnpack.swift
rename to swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.swift

From 159080f1336eb840ade4a7edd780592abaf833d4 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Tue, 13 Feb 2024 18:06:17 +0000
Subject: [PATCH 4/4] Swift: Accept test changes.

---
 .../Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected b/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected
index 09fc20545b0..24a612d7788 100644
--- a/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected
+++ b/swift/ql/test/query-tests/Security/CWE-022/UnsafeUnpack/UnsafeUnpack.expected
@@ -1,7 +1,7 @@
 edges
-| UnsafeUnpack.swift:62:9:62:48 | call to Data.init(contentsOf:options:) | UnsafeUnpack.swift:62:60:62:60 | source |
-| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:64:27:64:27 | source |
-| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:67:39:67:39 | source |
+| UnsafeUnpack.swift:62:9:62:48 | call to Data.init(contentsOf:options:) | UnsafeUnpack.swift:62:60:62:60 | source | provenance |  |
+| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:64:27:64:27 | source | provenance |  |
+| UnsafeUnpack.swift:62:60:62:60 | source | UnsafeUnpack.swift:67:39:67:39 | source | provenance |  |
 nodes
 | UnsafeUnpack.swift:62:9:62:48 | call to Data.init(contentsOf:options:) | semmle.label | call to Data.init(contentsOf:options:) |
 | UnsafeUnpack.swift:62:60:62:60 | source | semmle.label | source |