Merge pull request #11980 from geoffw0/modern2

Swift: Structure modernized queries more consistently
2026-04-25 08:45:14 +02:00 · 2023-01-27 14:33:43 +00:00
parent 794ba428a7 5375678ca6
commit 6c0b50c696
10 changed files with 25 additions and 8 deletions
--- a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
@@ -89,9 +89,9 @@ private module Frameworks {
  private import codeql.swift.frameworks.StandardLibrary.UrlSession
  private import codeql.swift.frameworks.StandardLibrary.WebView
  private import codeql.swift.frameworks.Alamofire.Alamofire
-  private import codeql.swift.security.CleartextLogging
-  private import codeql.swift.security.PathInjection
-  private import codeql.swift.security.PredicateInjection
+  private import codeql.swift.security.CleartextLoggingExtensions
+  private import codeql.swift.security.PathInjectionExtensions
+  private import codeql.swift.security.PredicateInjectionExtensions
 }

 /**
--- a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
@@ -25,6 +25,9 @@ class CleartextLoggingAdditionalTaintStep extends Unit {
  abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
 }

+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultCleartextLoggingSink extends CleartextLoggingSink {
  DefaultCleartextLoggingSink() { sinkNode(this, "logging") }
 }
--- a/swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll
+++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll
@@ -6,7 +6,7 @@
 import swift
 private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.dataflow.TaintTracking
-private import codeql.swift.security.CleartextLogging
+private import codeql.swift.security.CleartextLoggingExtensions
 private import codeql.swift.security.SensitiveExprs

 /**
--- a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
@@ -29,6 +29,9 @@ class PathInjectionAdditionalTaintStep extends Unit {
  abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
 }

+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultPathInjectionSink extends PathInjectionSink {
  DefaultPathInjectionSink() { sinkNode(this, "path-injection") }
 }
--- a/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll
+++ b/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll
@@ -8,7 +8,7 @@ private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.dataflow.ExternalFlow
 private import codeql.swift.dataflow.FlowSources
 private import codeql.swift.dataflow.TaintTracking
-private import codeql.swift.security.PathInjection
+private import codeql.swift.security.PathInjectionExtensions

 /**
 * A taint-tracking configuration for path injection vulnerabilities.
--- a/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll
@@ -24,6 +24,9 @@ class PredicateInjectionAdditionalTaintStep extends Unit {
  abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
 }

+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultPredicateInjectionSink extends PredicateInjectionSink {
  DefaultPredicateInjectionSink() { sinkNode(this, "predicate-injection") }
 }
--- a/swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll
+++ b/swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll
@@ -7,7 +7,7 @@ import swift
 private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.dataflow.FlowSources
 private import codeql.swift.dataflow.TaintTracking
-private import codeql.swift.security.PredicateInjection
+private import codeql.swift.security.PredicateInjectionExtensions

 /**
 * A taint-tracking configuration for predicate injection vulnerabilities.
--- a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll
@@ -34,7 +34,7 @@ private class DefaultUncontrolledFormatStringSink extends UncontrolledFormatStri
    // the format argument to a `FormattingFunctionCall`.
    this.asExpr() = any(FormattingFunctionCall fc).getFormat()
    or
-    // a sink defined in a Csv model.
+    // a sink defined in a CSV model.
    sinkNode(this, "uncontrolled-format-string")
  }
 }
--- a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll
@@ -4,6 +4,7 @@ import swift
 private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.frameworks.AEXML
 private import codeql.swift.frameworks.Libxml2
+private import codeql.swift.dataflow.ExternalFlow

 /** A data flow sink for XML external entities (XXE) vulnerabilities. */
 abstract class XxeSink extends DataFlow::Node { }
@@ -201,3 +202,10 @@ private predicate lib2xmlOptionLocalTaintStep(DataFlow::Node source, DataFlow::N
    source.asExpr() = int32Init.getAnArgument().getExpr() and sink.asExpr() = int32Init
  )
 }
+
+/**
+ * A sink defined in a CSV model.
+ */
+private class DefaultXxeSink extends XxeSink {
+  DefaultXxeSink() { sinkNode(this, "xxe") }
+}
--- a/swift/ql/lib/codeql/swift/security/XXEQuery.qll
+++ b/swift/ql/lib/codeql/swift/security/XXEQuery.qll
@@ -7,7 +7,7 @@ import swift
 import codeql.swift.dataflow.DataFlow
 import codeql.swift.dataflow.FlowSources
 import codeql.swift.dataflow.TaintTracking
-import codeql.swift.security.XXE
+import codeql.swift.security.XXEExtensions

 /**
 * A taint-tracking configuration for XML external entities (XXE) vulnerabilities.