From 8df7fbf6d660f67c2a7d5b0a380183d4ea1c8e81 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 23 Aug 2024 11:30:50 +0200 Subject: [PATCH] Swift: update test output The 'first' field is seen as a TaintInheritingContent, which means any read step for 'first' becomes a taint step too. This type of taint step does not permit an implicit read before it, because it wasn't contributed by a configuration. So there is no way for the taint to get out of the collection content before the taint step through '.first'. The test previously passed because an implicit read at once of the earlier sinks could follow use-use flow down to the receiver of .first, allowing it to escape the collection content. --- .../ql/test/library-tests/dataflow/taint/libraries/set.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/set.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/set.swift index 76b41ff8b93..b7ca5b86cca 100644 --- a/swift/ql/test/library-tests/dataflow/taint/libraries/set.swift +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/set.swift @@ -28,7 +28,7 @@ func testSet(ix: Int) { sink(arg: taintedSet.max()!) // $ tainted=t1 sink(arg: taintedSet.firstIndex(of: source("t2"))!) sink(arg: taintedSet[taintedSet.firstIndex(of: source("t3"))!]) // $ tainted=t1 - sink(arg: taintedSet.first!) // $ tainted=t1 + sink(arg: taintedSet.first!) // $ MISSING: tainted=t1 for elem in taintedSet { sink(arg: elem) // $ tainted=t1 } @@ -100,7 +100,7 @@ func testSet(ix: Int) { sink(arg: taintedSet.sorted().randomElement()!) // $ tainted=t1 sink(arg: taintedSet.shuffled().randomElement()!) // $ tainted=t1 - sink(arg: taintedSet.lazy[taintedSet.firstIndex(of: source("t11"))!]) // $ tainted=t1 + sink(arg: taintedSet.lazy[taintedSet.firstIndex(of: source("t11"))!]) // $ MISSING: tainted=t1 var it = taintedSet.makeIterator() sink(arg: it.next()!) // $ tainted=t1