Swift: Separate out a FormatString library as well.

2025-12-20 10:46:30 +01:00 · 2022-12-01 17:46:43 +00:00
parent 43596869e7
commit ad05cc3cb1
2 changed files with 75 additions and 69 deletions
--- a/swift/ql/lib/codeql/swift/FormatString.qll
+++ b/swift/ql/lib/codeql/swift/FormatString.qll
@@ -0,0 +1,74 @@
+/**
+ * Provides classes and predicates for reasoning about string formatting.
+ */
+ 
+import swift
+
+/**
+ * A function that takes a `printf` style format argument.
+ */
+abstract class FormattingFunction extends AbstractFunctionDecl {
+  /**
+   * Gets the position of the format argument.
+   */
+  abstract int getFormatParameterIndex();
+}
+
+/**
+ * A call to a function that takes a `printf` style format argument.
+ */
+class FormattingFunctionCall extends CallExpr {
+  FormattingFunction target;
+
+  FormattingFunctionCall() { target = this.getStaticTarget() }
+
+  /**
+   * Gets the format expression used in this call.
+   */
+  Expr getFormat() { result = this.getArgument(target.getFormatParameterIndex()).getExpr() }
+}
+
+/**
+ * An initializer for `String`, `NSString` or `NSMutableString` that takes a
+ * `printf` style format argument.
+ */
+class StringInitWithFormat extends FormattingFunction, MethodDecl {
+  StringInitWithFormat() {
+    exists(string fName |
+      this.hasQualifiedName(["String", "NSString", "NSMutableString"], fName) and
+      fName.matches("init(format:%")
+    )
+  }
+
+  override int getFormatParameterIndex() { result = 0 }
+}
+
+/**
+ * The `localizedStringWithFormat` method of `String`, `NSString` and `NSMutableString`.
+ */
+class LocalizedStringWithFormat extends FormattingFunction, MethodDecl {
+  LocalizedStringWithFormat() {
+    this.hasQualifiedName(["String", "NSString", "NSMutableString"],
+      "localizedStringWithFormat(_:_:)")
+  }
+
+  override int getFormatParameterIndex() { result = 0 }
+}
+
+/**
+ * The functions `NSLog` and `NSLogv`.
+ */
+class NsLog extends FormattingFunction, FreeFunctionDecl {
+  NsLog() { this.getName() = ["NSLog(_:_:)", "NSLogv(_:_:)"] }
+
+  override int getFormatParameterIndex() { result = 0 }
+}
+
+/**
+ * The `NSException.raise` method.
+ */
+class NsExceptionRaise extends FormattingFunction, MethodDecl {
+  NsExceptionRaise() { this.hasQualifiedName("NSException", "raise(_:format:arguments:)") }
+
+  override int getFormatParameterIndex() { result = 1 }
+}
--- a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringQuery.qll
+++ b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringQuery.qll
@@ -4,79 +4,11 @@
 */
 
 import swift
+import codeql.swift.StringFormat
 import codeql.swift.dataflow.DataFlow
 import codeql.swift.dataflow.TaintTracking
 import codeql.swift.dataflow.FlowSources

-/**
- * A function that takes a `printf` style format argument.
- */
-abstract class FormattingFunction extends AbstractFunctionDecl {
-  /**
-   * Gets the position of the format argument.
-   */
-  abstract int getFormatParameterIndex();
-}
-
-/**
- * An initializer for `String`, `NSString` or `NSMutableString` that takes a
- * `printf` style format argument.
- */
-class StringInitWithFormat extends FormattingFunction, MethodDecl {
-  StringInitWithFormat() {
-    exists(string fName |
-      this.hasQualifiedName(["String", "NSString", "NSMutableString"], fName) and
-      fName.matches("init(format:%")
-    )
-  }
-
-  override int getFormatParameterIndex() { result = 0 }
-}
-
-/**
- * The `localizedStringWithFormat` method of `String`, `NSString` and `NSMutableString`.
- */
-class LocalizedStringWithFormat extends FormattingFunction, MethodDecl {
-  LocalizedStringWithFormat() {
-    this.hasQualifiedName(["String", "NSString", "NSMutableString"],
-      "localizedStringWithFormat(_:_:)")
-  }
-
-  override int getFormatParameterIndex() { result = 0 }
-}
-
-/**
- * The functions `NSLog` and `NSLogv`.
- */
-class NsLog extends FormattingFunction, FreeFunctionDecl {
-  NsLog() { this.getName() = ["NSLog(_:_:)", "NSLogv(_:_:)"] }
-
-  override int getFormatParameterIndex() { result = 0 }
-}
-
-/**
- * The `NSException.raise` method.
- */
-class NsExceptionRaise extends FormattingFunction, MethodDecl {
-  NsExceptionRaise() { this.hasQualifiedName("NSException", "raise(_:format:arguments:)") }
-
-  override int getFormatParameterIndex() { result = 1 }
-}
-
-/**
- * A call to a function that takes a `printf` style format argument.
- */
-class FormattingFunctionCall extends CallExpr {
-  FormattingFunction target;
-
-  FormattingFunctionCall() { target = this.getStaticTarget() }
-
-  /**
-   * Gets the format expression used in this call.
-   */
-  Expr getFormat() { result = this.getArgument(target.getFormatParameterIndex()).getExpr() }
-}
-
 /**
 * A taint configuration for tainted data that reaches a format string.
 */