Swift: PredicatUpgrade predicate injection sources from RemoteFlowSource to FlowSource. Even local input should be in parameters rather than concatenated into the predicate.

2026-04-24 00:05:14 +02:00 · 2023-04-14 17:50:57 +01:00
parent 7b8606d411
commit 2adc4c0feb
1 changed files with 2 additions and 2 deletions
--- a/swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll
+++ b/swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll
@@ -15,7 +15,7 @@ private import codeql.swift.security.PredicateInjectionExtensions
 deprecated class PredicateInjectionConf extends TaintTracking::Configuration {
  PredicateInjectionConf() { this = "PredicateInjectionConf" }

-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  override predicate isSource(DataFlow::Node source) { source instanceof FlowSource }

  override predicate isSink(DataFlow::Node sink) { sink instanceof PredicateInjectionSink }

@@ -32,7 +32,7 @@ deprecated class PredicateInjectionConf extends TaintTracking::Configuration {
 * A taint-tracking configuration for predicate injection vulnerabilities.
 */
 module PredicateInjectionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof FlowSource }

  predicate isSink(DataFlow::Node sink) { sink instanceof PredicateInjectionSink }