Swift: Add consistent CSV extension points.

2026-04-18 21:44:02 +02:00 · 2023-01-24 18:49:50 +00:00
parent 6a210d719b
commit 5375678ca6
5 changed files with 18 additions and 1 deletions
--- a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
@@ -25,6 +25,9 @@ class CleartextLoggingAdditionalTaintStep extends Unit {
  abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
 }

+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultCleartextLoggingSink extends CleartextLoggingSink {
  DefaultCleartextLoggingSink() { sinkNode(this, "logging") }
 }
--- a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
@@ -29,6 +29,9 @@ class PathInjectionAdditionalTaintStep extends Unit {
  abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
 }

+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultPathInjectionSink extends PathInjectionSink {
  DefaultPathInjectionSink() { sinkNode(this, "path-injection") }
 }
--- a/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll
@@ -24,6 +24,9 @@ class PredicateInjectionAdditionalTaintStep extends Unit {
  abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
 }

+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultPredicateInjectionSink extends PredicateInjectionSink {
  DefaultPredicateInjectionSink() { sinkNode(this, "predicate-injection") }
 }
--- a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll
@@ -34,7 +34,7 @@ private class DefaultUncontrolledFormatStringSink extends UncontrolledFormatStri
    // the format argument to a `FormattingFunctionCall`.
    this.asExpr() = any(FormattingFunctionCall fc).getFormat()
    or
-    // a sink defined in a Csv model.
+    // a sink defined in a CSV model.
    sinkNode(this, "uncontrolled-format-string")
  }
 }
--- a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll
@@ -4,6 +4,7 @@ import swift
 private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.frameworks.AEXML
 private import codeql.swift.frameworks.Libxml2
+private import codeql.swift.dataflow.ExternalFlow

 /** A data flow sink for XML external entities (XXE) vulnerabilities. */
 abstract class XxeSink extends DataFlow::Node { }
@@ -201,3 +202,10 @@ private predicate lib2xmlOptionLocalTaintStep(DataFlow::Node source, DataFlow::N
    source.asExpr() = int32Init.getAnArgument().getExpr() and sink.asExpr() = int32Init
  )
 }
+
+/**
+ * A sink defined in a CSV model.
+ */
+private class DefaultXxeSink extends XxeSink {
+  DefaultXxeSink() { sinkNode(this, "xxe") }
+}