Swift: Default content read step.

swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPublic.qll

@@ -37,4 +37,9 @@ predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet cs)
     cx.asNominalTypeDecl() = d and
     cs.getAReadContent().(DataFlow::Content::FieldContent).getField() = cx.getAMember()
   )
+  or
+  // We often expect taint to reach a sink inside `CollectionContent`, for example an array element
+  // or pointer contents. It is convenient to have a default implicit read step for these cases rather
+  // than implementing this step in a lot of separate `allowImplicitRead`s.
+  cs.getAReadContent() instanceof DataFlow::Content::CollectionContent
 }

swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll

@@ -25,12 +25,6 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig {
   predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
     any(CleartextLoggingAdditionalFlowStep s).step(n1, n2)
   }
-
-  predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
-    // flow out from collection content at the sink.
-    isSink(node) and
-    c.getAReadContent() instanceof DataFlow::Content::CollectionContent
-  }
 }
 
 /**

swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseQuery.qll

@@ -45,11 +45,6 @@ module CleartextStorageDatabaseConfig implements DataFlow::ConfigSig {
     isSink(node) and
     node.asExpr().getType().getUnderlyingType() instanceof DictionaryType and
     c.getAReadContent().(DataFlow::Content::TupleContent).getIndex() = 1
-    or
-    // flow out from array elements (and other collection content) at the sink,
-    // for example in `database.allStatements(sql: "", arguments: [sensitive])`.
-    isSink(node) and
-    c.getAReadContent() instanceof DataFlow::Content::CollectionContent
   }
 }
 

swift/ql/lib/codeql/swift/security/CommandInjectionQuery.qll

@@ -23,12 +23,6 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(CommandInjectionAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
-
-  predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
-    // flow out from array elements of at the sink, for example in `task.arguments = [tainted]`.
-    isSink(node) and
-    c.getAReadContent() instanceof DataFlow::Content::CollectionContent
-  }
 }
 
 /**

swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyQuery.qll

@@ -41,12 +41,6 @@ module HardcodedKeyConfig implements DataFlow::ConfigSig {
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(HardcodedEncryptionKeyAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
-
-  predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
-    // flow out of collections at the sink
-    isSink(node) and
-    c.getAReadContent() instanceof DataFlow::Content::CollectionContent
-  }
 }
 
 module HardcodedKeyFlow = TaintTracking::Global<HardcodedKeyConfig>;

swift/ql/lib/codeql/swift/security/UnsafeJsEvalQuery.qll

@@ -22,16 +22,6 @@ module UnsafeJsEvalConfig implements DataFlow::ConfigSig {
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(UnsafeJsEvalAdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
-
-  predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
-    // flow out from content a the sink
-    (
-      isSink(node)
-      or
-      isAdditionalFlowStep(node, _)
-    ) and
-    c.getAReadContent() instanceof DataFlow::Content::CollectionContent
-  }
 }
 
 /**