diff --git a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll index 17ba2d63a7c..90092ac2e3e 100644 --- a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll +++ b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll @@ -165,8 +165,8 @@ module Ssa { class PhiDefinition extends Definition, SsaImpl::PhiNode { cached override Location getLocation() { - exists(SsaInput::BasicBlock bb, int i | - this.definesAt(_, bb, i) and + exists(SsaInput::BasicBlock bb | + this.definesAt(_, bb, _) and result = bb.getLocation() ) } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll index 1228d00b6ba..7c9edcecfe1 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll @@ -876,9 +876,9 @@ private module Stage1 implements StageSig { pragma[nomagic] private predicate revFlowOut(ReturnPosition pos, Configuration config) { - exists(DataFlowCall call, NodeEx out | + exists(NodeEx out | revFlow(out, _, config) and - viableReturnPosOutNodeCandFwd1(call, pos, out, config) + viableReturnPosOutNodeCandFwd1(_, pos, out, config) ) } @@ -1731,8 +1731,8 @@ private module MkStage { ) or // flow through a callable - exists(DataFlowCall call, ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp | - revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and + exists(DataFlowCall call, ParamNodeEx p, Ap innerReturnAp | + revFlowThrough(call, returnCtx, p, state, _, returnAp, ap, innerReturnAp, config) and flowThroughIntoCall(call, node, p, _, ap, innerReturnAp, config) ) or @@ -1901,8 +1901,8 @@ private module MkStage { pragma[nomagic] predicate parameterMayFlowThrough(ParamNodeEx p, Ap ap, Configuration config) { - exists(RetNodeEx ret, ReturnPosition pos | - returnFlowsThrough(ret, pos, _, _, p, ap, _, config) and + exists(ReturnPosition pos | + returnFlowsThrough(_, pos, _, _, p, ap, _, config) and parameterFlowsThroughRev(p, ap, pos, _, config) ) } @@ -1923,8 +1923,8 @@ private module MkStage { DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap, Configuration config ) { - exists(ParamNodeEx p, ReturnPosition pos, Ap innerReturnAp | - revFlowThrough(call, returnCtx, p, state, pos, returnAp, ap, innerReturnAp, config) and + exists(ParamNodeEx p, Ap innerReturnAp | + revFlowThrough(call, returnCtx, p, state, _, returnAp, ap, innerReturnAp, config) and flowThroughIntoCall(call, arg, p, _, ap, innerReturnAp, config) ) } @@ -3749,8 +3749,8 @@ private predicate paramFlowsThrough( ReturnKindExt kind, FlowState state, CallContextCall cc, SummaryCtxSome sc, AccessPath ap, AccessPathApprox apa, Configuration config ) { - exists(PathNodeMid mid, RetNodeEx ret | - pathNode(mid, ret, state, cc, sc, ap, config, _) and + exists(RetNodeEx ret | + pathNode(_, ret, state, cc, sc, ap, config, _) and kind = ret.getKind() and apa = ap.getApprox() and parameterFlowThroughAllowed(sc.getParamNode(), kind) @@ -4212,17 +4212,15 @@ private module FlowExploration { ap = TRevPartialNil() and exists(config.explorationLimit()) or - exists(PartialPathNodeRev mid | - revPartialPathStep(mid, node, state, sc1, sc2, sc3, ap, config) and - not clearsContentEx(node, ap.getHead()) and - ( - notExpectsContent(node) or - expectsContentEx(node, ap.getHead()) - ) and - not fullBarrier(node, config) and - not stateBarrier(node, state, config) and - distSink(node.getEnclosingCallable(), config) <= config.explorationLimit() - ) + revPartialPathStep(_, node, state, sc1, sc2, sc3, ap, config) and + not clearsContentEx(node, ap.getHead()) and + ( + notExpectsContent(node) or + expectsContentEx(node, ap.getHead()) + ) and + not fullBarrier(node, config) and + not stateBarrier(node, state, config) and + distSink(node.getEnclosingCallable(), config) <= config.explorationLimit() } pragma[nomagic] @@ -4230,19 +4228,17 @@ private module FlowExploration { NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2, TSummaryCtx3 sc3, PartialAccessPath ap, Configuration config ) { - exists(PartialPathNodeFwd mid | - partialPathStep(mid, node, state, cc, sc1, sc2, sc3, ap, config) and - not fullBarrier(node, config) and - not stateBarrier(node, state, config) and - not clearsContentEx(node, ap.getHead().getContent()) and - ( - notExpectsContent(node) or - expectsContentEx(node, ap.getHead().getContent()) - ) and - if node.asNode() instanceof CastingNode - then compatibleTypes(node.getDataFlowType(), ap.getType()) - else any() - ) + partialPathStep(_, node, state, cc, sc1, sc2, sc3, ap, config) and + not fullBarrier(node, config) and + not stateBarrier(node, state, config) and + not clearsContentEx(node, ap.getHead().getContent()) and + ( + notExpectsContent(node) or + expectsContentEx(node, ap.getHead().getContent()) + ) and + if node.asNode() instanceof CastingNode + then compatibleTypes(node.getDataFlowType(), ap.getType()) + else any() } /** diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll index e85e0cd92ec..533899e8a85 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll @@ -101,9 +101,7 @@ module Consistency { exists(int c | c = strictcount(Node n | - not exists(string filepath, int startline, int startcolumn, int endline, int endcolumn | - n.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - ) and + not n.hasLocationInfo(_, _, _, _, _) and not any(ConsistencyConfiguration conf).missingLocationExclude(n) ) and msg = "Nodes without location: " + c diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll index 5811809e538..d722aa68b70 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll @@ -580,10 +580,8 @@ module Private { head = TWithContentSummaryComponent(cont) ) or - exists(ContentSet cont | - head = TWithoutContentSummaryComponent(cont) and - result = getNodeType(summaryNodeInputState(c, s.tail())) - ) + head = TWithoutContentSummaryComponent(_) and + result = getNodeType(summaryNodeInputState(c, s.tail())) or exists(ReturnKind rk | head = TReturnSummaryComponent(rk) and @@ -658,8 +656,8 @@ module Private { /** Holds if summary node `ret` is a return node of kind `rk`. */ predicate summaryReturnNode(Node ret, ReturnKind rk) { - exists(SummarizedCallable callable, SummaryComponentStack s | - ret = summaryNodeOutputState(callable, s) and + exists(SummaryComponentStack s | + ret = summaryNodeOutputState(_, s) and s = TSingletonSummaryComponentStack(TReturnSummaryComponent(rk)) ) } diff --git a/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql b/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql index 1d88967ad02..9ac4ce8922f 100644 --- a/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql +++ b/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql @@ -32,12 +32,12 @@ class StaticInitializationVectorSource extends Expr { class EncryptionInitializationSink extends Expr { EncryptionInitializationSink() { // `iv` arg in `init` is a sink - exists(InitializerCallExpr call, string fName | + exists(InitializerCallExpr call | call.getStaticTarget() .hasQualifiedName([ "AES", "ChaCha20", "Blowfish", "Rabbit", "CBC", "CFB", "GCM", "OCB", "OFB", "PCBC", "CCM", "CTR" - ], fName) and + ], _) and call.getArgumentWithLabel("iv").getExpr() = this ) }