From 5bf82aeddfa36d7cfbb520e2c71f454439c7a229 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 2 Jun 2023 11:13:57 +0100 Subject: [PATCH 1/3] Swift: Add FieldDecl.hasQualifiedName. --- .../codeql/swift/elements/decl/VarDecl.qll | 26 ++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll index ca650d12407..f7fd03bf906 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll @@ -9,8 +9,32 @@ class VarDecl extends Generated::VarDecl { } /** - * A field declaration. + * A field declaration. That is, a variable declaration that is a member of a + * class, struct, enum or protocol. */ class FieldDecl extends VarDecl { FieldDecl() { this = any(Decl ctx).getAMember() } + + /** + * Holds if this field is called `fieldName` and is a member of a + * class, struct, extension, enum or protocol called `typeName`. + */ + cached + predicate hasQualifiedName(string typeName, string fieldName) { + this.getName() = fieldName and + exists(Decl d | + d.asNominalTypeDecl().getFullName() = typeName and + d.getAMember() = this + ) + } + + /** + * Holds if this field is called `fieldName` and is a member of a + * class, struct, extension, enum or protocol called `typeName` in a module + * called `moduleName`. + */ + predicate hasQualifiedName(string moduleName, string typeName, string fieldName) { + this.hasQualifiedName(typeName, fieldName) and + this.getModule().getFullName() = moduleName + } } From c7c8807f40b4c5e864a4a2d05e15e2d1f4744ad9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 2 Jun 2023 11:44:47 +0100 Subject: [PATCH 2/3] Swift: Use FieldDecl.hasQualifiedName. --- .../frameworks/StandardLibrary/Collection.qll | 7 ++--- .../frameworks/StandardLibrary/NsString.qll | 29 +++++++++---------- .../frameworks/StandardLibrary/Sequence.qll | 7 +---- .../frameworks/StandardLibrary/String.qll | 22 +++++++------- .../frameworks/StandardLibrary/WebView.qll | 7 +---- .../security/CleartextLoggingExtensions.qll | 7 +---- 6 files changed, 31 insertions(+), 48 deletions(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll index fcbd418f6b9..cf3ff748d48 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll @@ -47,9 +47,8 @@ private class CollectionFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { CollectionFieldsInheritTaint() { - exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = ["Collection", "BidirectionalCollection"] and - f.getName() = ["first", "last"] - ) + this.getField() + .(FieldDecl) + .hasQualifiedName(["Collection", "BidirectionalCollection"], ["first", "last"]) } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll index ce8b959fffe..d9743140c34 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll @@ -132,20 +132,19 @@ private class NsStringFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { NsStringFieldsInheritTaint() { - exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = "NSString" and - f.getName() = - [ - "utf8String", "lowercased", "localizedLowedCase", "uppercased", "localizedUppercase", - "capitalized", "localizedCapitalized", "decomposedStringWithCanonicalMapping", - "decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping", - "precomposedStringWithCompatibilityMapping", "doubleValue", "floatValue", "intValue", - "integerValue", "longLongValue", "boolValue", "description", "pathComponents", - "fileSystemRepresentation", "lastPathComponent", "pathExtension", - "abbreviatingWithTildeInPath", "deletingLastPathComponent", "deletingPathExtension", - "expandingTildeInPath", "resolvingSymlinksInPath", "standardizingPath", - "removingPercentEncoding" - ] - ) + this.getField() + .(FieldDecl) + .hasQualifiedName("NSString", + [ + "utf8String", "lowercased", "localizedLowedCase", "uppercased", "localizedUppercase", + "capitalized", "localizedCapitalized", "decomposedStringWithCanonicalMapping", + "decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping", + "precomposedStringWithCompatibilityMapping", "doubleValue", "floatValue", "intValue", + "integerValue", "longLongValue", "boolValue", "description", "pathComponents", + "fileSystemRepresentation", "lastPathComponent", "pathExtension", + "abbreviatingWithTildeInPath", "deletingLastPathComponent", "deletingPathExtension", + "expandingTildeInPath", "resolvingSymlinksInPath", "standardizingPath", + "removingPercentEncoding" + ]) } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll index 8d4eb9eb39d..b4e68513c1d 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll @@ -36,10 +36,5 @@ private class SequenceSummaries extends SummaryModelCsv { private class SequenceFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { - SequenceFieldsInheritTaint() { - exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = "Sequence" and - f.getName() = "lazy" - ) - } + SequenceFieldsInheritTaint() { this.getField().(FieldDecl).hasQualifiedName("Sequence", "lazy") } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll index 2df33a0f0f4..51424e2d042 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll @@ -124,16 +124,16 @@ private class StringFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { StringFieldsInheritTaint() { - exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = ["String", "StringProtocol"] and - f.getName() = - [ - "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description", - "debugDescription", "dataValue", "identifierValue", "capitalized", "localizedCapitalized", - "localizedLowercase", "localizedUppercase", "decomposedStringWithCanonicalMapping", - "decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping", - "precomposedStringWithCompatibilityMapping", "removingPercentEncoding" - ] - ) + this.getField() + .(FieldDecl) + .hasQualifiedName(["String", "StringProtocol"], + [ + "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description", + "debugDescription", "dataValue", "identifierValue", "capitalized", + "localizedCapitalized", "localizedLowercase", "localizedUppercase", + "decomposedStringWithCanonicalMapping", "decomposedStringWithCompatibilityMapping", + "precomposedStringWithCanonicalMapping", "precomposedStringWithCompatibilityMapping", + "removingPercentEncoding" + ]) } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll index 6dd8321388a..b845ee81104 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll @@ -208,10 +208,5 @@ private class WKUserScriptSummaries extends SummaryModelCsv { private class WKUserScriptInheritsTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { - WKUserScriptInheritsTaint() { - exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = "WKUserScript" and - f.getName() = "source" - ) - } + WKUserScriptInheritsTaint() { this.getField().hasQualifiedName("WKUserScript", "source") } } diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll index 935da6a232e..21bf855d1fc 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll @@ -74,12 +74,7 @@ private class OsLogNonRedactedType extends Type { private class OsLogPrivacyRef extends MemberRefExpr { string optionName; - OsLogPrivacyRef() { - exists(FieldDecl f | this.getMember() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = "OSLogPrivacy" and - optionName = f.getName() - ) - } + OsLogPrivacyRef() { this.getMember().(FieldDecl).hasQualifiedName("OSLogPrivacy", optionName) } /** Holds if this is a safe privacy option (private or sensitive). */ predicate isSafe() { optionName = ["private", "sensitive"] } From 4c8225724b45a85178b9800402a008a69a9cc3e9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 2 Jun 2023 12:21:17 +0100 Subject: [PATCH 3/3] Swift: Fix QL-for-QL warnings. --- .../codeql/swift/frameworks/StandardLibrary/Collection.qll | 4 +--- .../lib/codeql/swift/frameworks/StandardLibrary/NsString.qll | 1 - .../lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll | 2 +- .../ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll | 1 - 4 files changed, 2 insertions(+), 6 deletions(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll index cf3ff748d48..6022d4b767a 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll @@ -47,8 +47,6 @@ private class CollectionFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { CollectionFieldsInheritTaint() { - this.getField() - .(FieldDecl) - .hasQualifiedName(["Collection", "BidirectionalCollection"], ["first", "last"]) + this.getField().hasQualifiedName(["Collection", "BidirectionalCollection"], ["first", "last"]) } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll index d9743140c34..f866ba23a17 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll @@ -133,7 +133,6 @@ private class NsStringFieldsInheritTaint extends TaintInheritingContent, { NsStringFieldsInheritTaint() { this.getField() - .(FieldDecl) .hasQualifiedName("NSString", [ "utf8String", "lowercased", "localizedLowedCase", "uppercased", "localizedUppercase", diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll index b4e68513c1d..e830b6cc1a4 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll @@ -36,5 +36,5 @@ private class SequenceSummaries extends SummaryModelCsv { private class SequenceFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { - SequenceFieldsInheritTaint() { this.getField().(FieldDecl).hasQualifiedName("Sequence", "lazy") } + SequenceFieldsInheritTaint() { this.getField().hasQualifiedName("Sequence", "lazy") } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll index 51424e2d042..4768521322f 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll @@ -125,7 +125,6 @@ private class StringFieldsInheritTaint extends TaintInheritingContent, { StringFieldsInheritTaint() { this.getField() - .(FieldDecl) .hasQualifiedName(["String", "StringProtocol"], [ "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description",