Merge pull request #12094 from geoffw0/string2

Swift: Models for the String class

swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll

@@ -78,12 +78,14 @@ private import internal.FlowSummaryImplSpecific
  * ensuring that they are visible to the taint tracking / data flow library.
  */
 private module Frameworks {
+  private import codeql.swift.frameworks.StandardLibrary.Collection
   private import codeql.swift.frameworks.StandardLibrary.CustomUrlSchemes
   private import codeql.swift.frameworks.StandardLibrary.Data
   private import codeql.swift.frameworks.StandardLibrary.FilePath
   private import codeql.swift.frameworks.StandardLibrary.InputStream
   private import codeql.swift.frameworks.StandardLibrary.NsData
   private import codeql.swift.frameworks.StandardLibrary.NsUrl
+  private import codeql.swift.frameworks.StandardLibrary.Sequence
   private import codeql.swift.frameworks.StandardLibrary.String
   private import codeql.swift.frameworks.StandardLibrary.Url
   private import codeql.swift.frameworks.StandardLibrary.UrlSession

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll

@@ -0,0 +1,34 @@
+/**
+ * Provides models for `Collection` and related Swift classes.
+ */
+
+import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.dataflow.ExternalFlow
+private import codeql.swift.dataflow.FlowSteps
+
+/**
+ * A model for `Collection` members that permit taint flow.
+ */
+private class CollectionSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";Collection;true;prefix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(through:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(upTo:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(while:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;suffix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;suffix(from:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;dropFirst(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;dropLast(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;removeFirst();;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;remove(at:);;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;removeFirst();;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;removeLast();;;Argument[-1];ReturnValue;taint",
+        ";BidirectionalCollection;true;joined(separator:);;;Argument[-1..0];ReturnValue;taint",
+      ]
+  }
+}

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll

@@ -41,8 +41,6 @@ private class DataSummaries extends SummaryModelCsv {
         ";Data;true;replaceSubrange(_:with:count:);;;Argument[1];Argument[-1];taint",
         ";Data;true;replacing(_:with:maxReplacements:);;;Argument[1];Argument[-1];taint",
         ";Data;true;replacing(_:with:subrange:maxReplacements:);;;Argument[1];Argument[-1];taint",
-        // TODO: this should be implemented by a model of BidirectionalCollection
-        // ";Data;true;reversed();;;Argument[-1];ReturnValue;taint",
         ";Data;true;sorted();;;Argument[-1];ReturnValue;taint",
         ";Data;true;sorted(by:);;;Argument[-1];ReturnValue;taint",
         ";Data;true;sorted(using:);;;Argument[-1];ReturnValue;taint",

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll

@@ -0,0 +1,46 @@
+/**
+ * Provides models for the `Sequence` Swift class.
+ */
+
+import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.dataflow.ExternalFlow
+private import codeql.swift.dataflow.FlowSteps
+
+/**
+ * A model for `Sequence` members that permit taint flow.
+ */
+private class SequenceSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";Sequence;true;reversed();;;Argument[-1];ReturnValue;taint",
+        ";Sequence;true;prefix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Sequence;true;prefix(while:);;;Argument[-1];ReturnValue;taint",
+        ";Sequence;true;suffix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Sequence;true;dropFirst(_:);;;Argument[-1];ReturnValue;taint",
+        ";Sequence;true;dropLast(_:);;;Argument[-1];ReturnValue;taint",
+        ";Sequence;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
+        ";Sequence;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint",
+        ";Sequence;true;joined();;;Argument[-1];ReturnValue;taint",
+        ";Sequence;true;joined(separator:);;;Argument[-1..0];ReturnValue;taint",
+      ]
+  }
+}
+
+/**
+ * A content implying that, if a `Sequence` is tainted, certain fields are also
+ * tainted.
+ */
+private class SequenceFieldsInheritTaint extends TaintInheritingContent,
+  DataFlow::Content::FieldContent {
+  SequenceFieldsInheritTaint() {
+    exists(FieldDecl f | this.getField() = f |
+      (
+        f.getEnclosingDecl().(NominalTypeDecl).getName() = "Sequence" or
+        f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getName() = "Sequence"
+      ) and
+      f.getName() = "lazy"
+    )
+  }
+}

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll

@@ -7,6 +7,9 @@ private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.dataflow.ExternalFlow
 private import codeql.swift.dataflow.FlowSteps
 
+/**
+ * A model for `String` members that are sources of remote flow.
+ */
 private class StringSource extends SourceModelCsv {
   override predicate row(string row) {
     row =
@@ -24,13 +27,122 @@ private class StringSource extends SourceModelCsv {
 }
 
 /**
- * A content implying that, if a `String` is tainted, then all its fields are tainted.
+ * A model for `String` and `StringProtocol` members that permit taint flow.
+ */
+private class StringSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";StringProtocol;true;init(cString:);;;Argument[0];ReturnValue;taint",
+        ";StringProtocol;true;init(decoding:as:);;;Argument[0];ReturnValue;taint",
+        ";StringProtocol;true;init(decodingCString:as:);;;Argument[0];ReturnValue;taint",
+        ";StringProtocol;true;addingPercentEncoding(withAllowedCharacter:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;addingPercentEscapes(using:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;appending(_:);;;Argument[-1..0];ReturnValue;taint",
+        ";StringProtocol;true;appendingFormat(_:_:);;;Argument[-1..0];ReturnValue;taint", //-1..
+        ";StringProtocol;true;applyingTransform(_:reverse:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;cString(using:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;capitalized(with:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0];taint",
+        ";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2];taint",
+        ";StringProtocol;true;components(separatedBy:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;data(using:allowLossyConversion:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;folding(options:locale:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;getBytes(_:maxLength:usedLength:encoding:options:range:remaining:);;;Argument[-1];Argument[0];taint",
+        ";StringProtocol;true;getCString(_:maxLength:encoding:);;;Argument[-1];Argument[0];taint",
+        ";StringProtocol;true;lowercased();;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;lowercased(with:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;padding(toLength:withPad:startingAt:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;padding(toLength:withPad:startingAt:);;;Argument[1];ReturnValue;taint",
+        ";StringProtocol;true;propertyList();;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;propertyListFromStringsFileFormat();;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;replacingCharacters(in:with:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;replacingCharacters(in:with:);;;Argument[1];ReturnValue;taint",
+        ";StringProtocol;true;replacingOccurrences(of:with:options:range);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;replacingOccurrences(of:with:options:range);;;Argument[1];ReturnValue;taint",
+        ";StringProtocol;true;replacingPercentEscapes(using:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;substring(from:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;substring(with:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;trimmingCharacters(in:);;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;uppercased();;;Argument[-1];ReturnValue;taint",
+        ";StringProtocol;true;uppercased(with:);;;Argument[-1];ReturnValue;taint",
+        ";String;true;init(decoding:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(_:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(repeating:count:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(data:encoding:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(validatingUTF8:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(utf16CodeUnits:count:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(utf16CodeUnitsNoCopy:count:freeWhenDone:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(format:_:);;;Argument[0];ReturnValue;taint", //0..
+        ";String;true;init(format:arguments:);;;Argument[0..1];ReturnValue;taint",
+        ";String;true;init(format:locale:_:);;;Argument[0];ReturnValue;taint", //0,2..
+        ";String;true;init(format:locale:arguments:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(_:radix:uppercase:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(bytes:encoding:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(bytesNoCopy:length:encoding:freeWhenDone);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(describing:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(contentsOf:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(contentsOf:encoding:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(contendsOf:usedEncoding:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(contentsOfFile:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(contentsOfFile:encoding:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(contentsOfFile:usedEncoding:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(from:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(stringInterpolation:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(stringLiteral:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(unicodeScalarLiteral:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(extendedGraphemeClusterLiteral:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(cString:encoding:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(platformString:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(utf8String:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(validating:);;;Argument[0];ReturnValue;taint",
+        ";String;true;init(validatingPlatformString:);;;Argument[0];ReturnValue;taint",
+        ";String;true;localizedStringWithFormat(_:_:);;;Argument[0..1];ReturnValue;taint",
+        ";String;true;write(_:);;;Argument[0];Argument[-1];taint",
+        ";String;true;write(to:);;;Argument[-1];Argument[0];taint",
+        ";String;true;append(_:);;;Argument[0];Argument[-1];taint",
+        ";String;true;append(contentsOf:);;;Argument[0];Argument[-1];taint",
+        ";String;true;insert(_:at:);;;Argument[0];Argument[-1];taint",
+        ";String;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint",
+        ";String;true;replaceSubrange(_:with::);;;Argument[1];Argument[-1];taint",
+        ";String;true;popLast();;;Argument[-1];ReturnValue;taint",
+        ";String;true;first(where:);;;Argument[-1];ReturnValue;taint",
+        ";String;true;last(where:);;;Argument[-1];ReturnValue;taint",
+        ";String;true;max();;;Argument[-1];ReturnValue;taint",
+        ";String;true;max(by:);;;Argument[-1];ReturnValue;taint",
+        ";String;true;min();;;Argument[-1];ReturnValue;taint",
+        ";String;true;min(by:);;;Argument[-1];ReturnValue;taint",
+        ";String;true;subscript(_:);;;Argument[-1];ReturnValue;taint",
+        ";String;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
+        ";String;true;randomElement();;;Argument[-1];ReturnValue;taint",
+        ";String;true;randomElement(using:);;;Argument[-1];ReturnValue;taint",
+        ";String;true;enumerated();;;Argument[-1];ReturnValue;taint",
+        ";String;true;encode(to:);;;Argument[-1];Argument[0];taint"
+      ]
+  }
+}
+
+/**
+ * A content implying that, if a `String` is tainted, then many of its fields are
+ * tainted. This also includes fields declared in `StringProtocol`.
  */
 private class StringFieldsInheritTaint extends TaintInheritingContent,
   DataFlow::Content::FieldContent {
   StringFieldsInheritTaint() {
-    this.getField().getEnclosingDecl().(ClassOrStructDecl).getFullName() = "String" or
-    this.getField().getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getFullName() =
-      "String"
+    exists(FieldDecl f | this.getField() = f |
+      (
+        f.getEnclosingDecl().(NominalTypeDecl).getName() = ["String", "StringProtocol"] or
+        f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getName() =
+          ["String", "StringProtocol"]
+      ) and
+      f.getName() =
+        [
+          "first", "last", "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description",
+          "debugDescription", "dataValue", "identifierValue", "capitalized", "localizedCapitalized",
+          "localizedLowercase", "localizedUppercase", "decomposedStringWithCanonicalMapping",
+          "decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping",
+          "precomposedStringWithCompatibilityMapping", "removingPercentEncoding"
+        ]
+    )
   }
 }

swift/ql/test/library-tests/dataflow/taint/Taint.expected

@@ -137,6 +137,9 @@ edges
 | data.swift:228:10:228:10 | [post] dataTainted33 :  | data.swift:229:12:229:12 | dataTainted33 |
 | data.swift:228:45:228:52 | call to source() :  | data.swift:57:2:57:236 | [summary param] 1 in replacing(_:with:subrange:maxReplacements:) :  |
 | data.swift:228:45:228:52 | call to source() :  | data.swift:228:10:228:10 | [post] dataTainted33 :  |
+| data.swift:232:22:232:29 | call to source() :  | data.swift:233:12:233:12 | dataTainted34 :  |
+| data.swift:233:12:233:12 | dataTainted34 :  | data.swift:233:12:233:35 | call to reversed() |
+| data.swift:233:12:233:12 | dataTainted34 :  | file://:0:0:0:0 | [summary param] this in reversed() :  |
 | data.swift:236:22:236:29 | call to source() :  | data.swift:237:12:237:12 | dataTainted35 :  |
 | data.swift:237:12:237:12 | dataTainted35 :  | data.swift:58:2:58:39 | [summary param] this in sorted() :  |
 | data.swift:237:12:237:12 | dataTainted35 :  | data.swift:237:12:237:33 | call to sorted() |
@@ -158,6 +161,33 @@ edges
 | data.swift:261:22:261:29 | call to source() :  | data.swift:262:12:262:12 | dataTainted41 :  |
 | data.swift:262:12:262:12 | dataTainted41 :  | data.swift:64:2:64:72 | [summary param] this in trimmingPrefix(while:) :  |
 | data.swift:262:12:262:12 | dataTainted41 :  | data.swift:262:12:262:54 | call to trimmingPrefix(while:) |
+| file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(cString:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(cString:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(describing:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(describing:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(repeating:count:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(repeating:count:) :  |
+| file://:0:0:0:0 | [summary param] 0 in append(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  |
+| file://:0:0:0:0 | [summary param] 0 in append(contentsOf:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(contentsOf:) :  |
+| file://:0:0:0:0 | [summary param] 0 in insert(contentsOf:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in insert(contentsOf:at:) :  |
+| file://:0:0:0:0 | [summary param] 0 in write(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in write(_:) :  |
+| file://:0:0:0:0 | [summary param] this in dropFirst(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in dropFirst(_:) :  |
+| file://:0:0:0:0 | [summary param] this in dropLast(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in dropLast(_:) :  |
+| file://:0:0:0:0 | [summary param] this in lowercased() :  | file://:0:0:0:0 | [summary] to write: return (return) in lowercased() :  |
+| file://:0:0:0:0 | [summary param] this in prefix(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(_:) :  |
+| file://:0:0:0:0 | [summary param] this in prefix(through:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(through:) :  |
+| file://:0:0:0:0 | [summary param] this in prefix(upTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(upTo:) :  |
+| file://:0:0:0:0 | [summary param] this in remove(at:) :  | file://:0:0:0:0 | [summary] to write: return (return) in remove(at:) :  |
+| file://:0:0:0:0 | [summary param] this in removeFirst() :  | file://:0:0:0:0 | [summary] to write: return (return) in removeFirst() :  |
+| file://:0:0:0:0 | [summary param] this in removeLast() :  | file://:0:0:0:0 | [summary] to write: return (return) in removeLast() :  |
+| file://:0:0:0:0 | [summary param] this in reversed() :  | file://:0:0:0:0 | [summary] to write: return (return) in reversed() :  |
+| file://:0:0:0:0 | [summary param] this in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  | file://:0:0:0:0 | [summary] to write: return (return) in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  |
+| file://:0:0:0:0 | [summary param] this in split(separator:maxSplits:omittingEmptySubsequences:) :  | file://:0:0:0:0 | [summary] to write: return (return) in split(separator:maxSplits:omittingEmptySubsequences:) :  |
+| file://:0:0:0:0 | [summary param] this in suffix(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in suffix(_:) :  |
+| file://:0:0:0:0 | [summary param] this in suffix(from:) :  | file://:0:0:0:0 | [summary] to write: return (return) in suffix(from:) :  |
+| file://:0:0:0:0 | [summary param] this in uppercased() :  | file://:0:0:0:0 | [summary] to write: return (return) in uppercased() :  |
 | file://:0:0:0:0 | [summary] to write: argument 0.parameter 0 in enumerateBytes(_:) :  | nsdata.swift:110:9:110:9 | bytes :  |
 | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  | url.swift:154:61:154:61 | data :  |
 | nsdata.swift:22:9:22:9 | self :  | file://:0:0:0:0 | .bytes :  |
@@ -300,21 +330,257 @@ edges
 | nsmutabledata.swift:48:33:48:40 | call to source() :  | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
 | nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 :  | nsmutabledata.swift:13:9:13:9 | self :  |
 | nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 :  | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
-| string.swift:5:11:5:18 | call to source() :  | string.swift:7:13:7:13 | "..." |
-| string.swift:5:11:5:18 | call to source() :  | string.swift:9:13:9:13 | "..." |
-| string.swift:5:11:5:18 | call to source() :  | string.swift:11:13:11:13 | "..." |
-| string.swift:5:11:5:18 | call to source() :  | string.swift:16:13:16:13 | "..." |
-| string.swift:5:11:5:18 | call to source() :  | string.swift:18:13:18:13 | "..." |
-| string.swift:28:17:28:25 | call to source2() :  | string.swift:31:13:31:13 | tainted |
-| string.swift:28:17:28:25 | call to source2() :  | string.swift:34:13:34:21 | ... .+(_:_:) ... |
-| string.swift:28:17:28:25 | call to source2() :  | string.swift:35:13:35:23 | ... .+(_:_:) ... |
-| string.swift:28:17:28:25 | call to source2() :  | string.swift:36:13:36:23 | ... .+(_:_:) ... |
-| string.swift:28:17:28:25 | call to source2() :  | string.swift:39:13:39:29 | ... .+(_:_:) ... |
-| string.swift:74:17:74:25 | call to source2() :  | string.swift:85:13:85:21 | .description |
-| string.swift:74:17:74:25 | call to source2() :  | string.swift:88:13:88:21 | .debugDescription |
-| string.swift:121:17:121:25 | call to source2() :  | string.swift:126:13:126:13 | tainted |
-| string.swift:122:24:122:32 | call to source2() :  | string.swift:127:13:127:13 | taintedCString |
-| string.swift:123:31:123:39 | call to source2() :  | string.swift:128:13:128:13 | taintedUnicodeScalars |
+| string.swift:60:2:60:54 | [summary param] 0 in String.init(data:encoding:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(data:encoding:) :  |
+| string.swift:64:3:64:63 | [summary param] 0 in String.init(format:_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:_:) :  |
+| string.swift:65:3:65:60 | [summary param] 0 in String.init(format:arguments:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:arguments:) :  |
+| string.swift:66:3:66:75 | [summary param] 0 in String.init(format:locale:_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:_:) :  |
+| string.swift:67:3:67:77 | [summary param] 0 in String.init(format:locale:arguments:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:arguments:) :  |
+| string.swift:69:3:69:106 | [summary param] 0 in localizedStringWithFormat(_:_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in localizedStringWithFormat(_:_:) :  |
+| string.swift:71:3:71:102 | [summary param] 0 in String.init(bytes:encoding:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(bytes:encoding:) :  |
+| string.swift:98:3:98:63 | [summary param] this in lowercased(with:) :  | file://:0:0:0:0 | [summary] to write: return (return) in lowercased(with:) :  |
+| string.swift:99:3:99:63 | [summary param] this in uppercased(with:) :  | file://:0:0:0:0 | [summary] to write: return (return) in uppercased(with:) :  |
+| string.swift:100:3:100:64 | [summary param] this in capitalized(with:) :  | file://:0:0:0:0 | [summary] to write: return (return) in capitalized(with:) :  |
+| string.swift:101:3:101:64 | [summary param] this in substring(from:) :  | file://:0:0:0:0 | [summary] to write: return (return) in substring(from:) :  |
+| string.swift:102:3:102:71 | [summary param] this in trimmingCharacters(in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in trimmingCharacters(in:) :  |
+| string.swift:103:3:103:82 | [summary param] 0 in appending(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in appending(_:) :  |
+| string.swift:103:3:103:82 | [summary param] this in appending(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in appending(_:) :  |
+| string.swift:104:3:104:138 | [summary param] this in padding(toLength:withPad:startingAt:) :  | file://:0:0:0:0 | [summary] to write: return (return) in padding(toLength:withPad:startingAt:) :  |
+| string.swift:105:3:105:80 | [summary param] this in components(separatedBy:) :  | file://:0:0:0:0 | [summary] to write: return (return) in components(separatedBy:) :  |
+| string.swift:106:3:106:92 | [summary param] this in folding(options:locale:) :  | file://:0:0:0:0 | [summary] to write: return (return) in folding(options:locale:) :  |
+| string.swift:107:3:107:78 | [summary param] this in propertyListFromStringsFileFormat() :  | file://:0:0:0:0 | [summary] to write: return (return) in propertyListFromStringsFileFormat() :  |
+| string.swift:108:3:108:74 | [summary param] this in cString(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in cString(using:) :  |
+| string.swift:109:8:109:8 | self :  | string.swift:109:3:109:79 | self[return] :  |
+| string.swift:132:11:132:18 | call to source() :  | string.swift:134:13:134:13 | "..." |
+| string.swift:132:11:132:18 | call to source() :  | string.swift:136:13:136:13 | "..." |
+| string.swift:132:11:132:18 | call to source() :  | string.swift:138:13:138:13 | "..." |
+| string.swift:132:11:132:18 | call to source() :  | string.swift:144:13:144:13 | "..." |
+| string.swift:132:11:132:18 | call to source() :  | string.swift:146:13:146:13 | "..." |
+| string.swift:156:17:156:25 | call to source2() :  | string.swift:159:13:159:13 | tainted |
+| string.swift:156:17:156:25 | call to source2() :  | string.swift:162:13:162:21 | ... .+(_:_:) ... |
+| string.swift:156:17:156:25 | call to source2() :  | string.swift:163:13:163:23 | ... .+(_:_:) ... |
+| string.swift:156:17:156:25 | call to source2() :  | string.swift:164:13:164:23 | ... .+(_:_:) ... |
+| string.swift:156:17:156:25 | call to source2() :  | string.swift:167:13:167:29 | ... .+(_:_:) ... |
+| string.swift:156:17:156:25 | call to source2() :  | string.swift:170:29:170:29 | tainted :  |
+| string.swift:156:17:156:25 | call to source2() :  | string.swift:171:13:171:13 | tainted :  |
+| string.swift:156:17:156:25 | call to source2() :  | string.swift:172:13:172:13 | tainted :  |
+| string.swift:156:17:156:25 | call to source2() :  | string.swift:172:31:172:31 | tainted :  |
+| string.swift:170:29:170:29 | tainted :  | string.swift:103:3:103:82 | [summary param] 0 in appending(_:) :  |
+| string.swift:170:29:170:29 | tainted :  | string.swift:170:13:170:36 | call to appending(_:) |
+| string.swift:171:13:171:13 | tainted :  | string.swift:103:3:103:82 | [summary param] this in appending(_:) :  |
+| string.swift:171:13:171:13 | tainted :  | string.swift:171:13:171:36 | call to appending(_:) |
+| string.swift:172:13:172:13 | tainted :  | string.swift:103:3:103:82 | [summary param] this in appending(_:) :  |
+| string.swift:172:13:172:13 | tainted :  | string.swift:172:13:172:38 | call to appending(_:) |
+| string.swift:172:31:172:31 | tainted :  | string.swift:103:3:103:82 | [summary param] 0 in appending(_:) :  |
+| string.swift:172:31:172:31 | tainted :  | string.swift:172:13:172:38 | call to appending(_:) |
+| string.swift:185:3:185:3 | [post] &... :  | string.swift:186:13:186:13 | str2 |
+| string.swift:185:15:185:23 | call to source2() :  | file://:0:0:0:0 | [summary param] 0 in append(_:) :  |
+| string.swift:185:15:185:23 | call to source2() :  | string.swift:185:3:185:3 | [post] &... :  |
+| string.swift:192:3:192:3 | [post] &... :  | string.swift:193:13:193:13 | str3 |
+| string.swift:192:27:192:35 | call to source2() :  | file://:0:0:0:0 | [summary param] 0 in append(contentsOf:) :  |
+| string.swift:192:27:192:35 | call to source2() :  | string.swift:192:3:192:3 | [post] &... :  |
+| string.swift:199:3:199:3 | [post] &... :  | string.swift:200:13:200:13 | str4 |
+| string.swift:199:14:199:22 | call to source2() :  | file://:0:0:0:0 | [summary param] 0 in write(_:) :  |
+| string.swift:199:14:199:22 | call to source2() :  | string.swift:199:3:199:3 | [post] &... :  |
+| string.swift:206:3:206:3 | [post] &... :  | string.swift:207:13:207:13 | str5 |
+| string.swift:206:27:206:35 | call to source2() :  | file://:0:0:0:0 | [summary param] 0 in insert(contentsOf:at:) :  |
+| string.swift:206:27:206:35 | call to source2() :  | string.swift:206:3:206:3 | [post] &... :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:216:20:216:20 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:219:28:219:28 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:220:28:220:28 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:221:28:221:28 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:222:28:222:28 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:223:46:223:46 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:228:31:228:31 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:230:13:230:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:231:13:231:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:232:13:232:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:234:13:234:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:235:13:235:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:236:13:236:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:237:13:237:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:238:13:238:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:239:13:239:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:241:13:241:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:242:13:242:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:245:13:245:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:246:13:246:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:247:13:247:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:248:13:248:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:249:13:249:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:250:13:250:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:251:13:251:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:258:13:258:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:270:13:270:21 | .description |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:272:13:272:21 | .debugDescription |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:274:13:274:21 | .utf8 |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:276:13:276:21 | .utf16 |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:278:13:278:21 | .unicodeScalars |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:280:13:280:21 | .utf8CString |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:282:13:282:21 | .lazy |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:284:13:284:21 | .capitalized |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:286:13:286:21 | .localizedCapitalized |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:288:13:288:21 | .localizedLowercase |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:290:13:290:21 | .localizedUppercase |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:292:13:292:21 | .decomposedStringWithCanonicalMapping |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:294:13:294:21 | .precomposedStringWithCompatibilityMapping |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:296:13:296:44 | ...! |
+| string.swift:213:20:213:27 | call to source() :  | string.swift:217:20:217:20 | taintedInt :  |
+| string.swift:216:20:216:20 | tainted :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:216:20:216:20 | tainted :  | string.swift:216:13:216:27 | call to String.init(_:) |
+| string.swift:217:20:217:20 | taintedInt :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:217:20:217:20 | taintedInt :  | string.swift:217:13:217:30 | call to String.init(_:) |
+| string.swift:219:28:219:28 | tainted :  | string.swift:64:3:64:63 | [summary param] 0 in String.init(format:_:) :  |
+| string.swift:219:28:219:28 | tainted :  | string.swift:219:13:219:44 | call to String.init(format:_:) |
+| string.swift:220:28:220:28 | tainted :  | string.swift:65:3:65:60 | [summary param] 0 in String.init(format:arguments:) :  |
+| string.swift:220:28:220:28 | tainted :  | string.swift:220:13:220:50 | call to String.init(format:arguments:) |
+| string.swift:221:28:221:28 | tainted :  | string.swift:66:3:66:75 | [summary param] 0 in String.init(format:locale:_:) :  |
+| string.swift:221:28:221:28 | tainted :  | string.swift:221:13:221:57 | call to String.init(format:locale:_:) |
+| string.swift:222:28:222:28 | tainted :  | string.swift:67:3:67:77 | [summary param] 0 in String.init(format:locale:arguments:) :  |
+| string.swift:222:28:222:28 | tainted :  | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) |
+| string.swift:223:46:223:46 | tainted :  | string.swift:69:3:69:106 | [summary param] 0 in localizedStringWithFormat(_:_:) :  |
+| string.swift:223:46:223:46 | tainted :  | string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) |
+| string.swift:228:31:228:31 | tainted :  | file://:0:0:0:0 | [summary param] 0 in String.init(repeating:count:) :  |
+| string.swift:228:31:228:31 | tainted :  | string.swift:228:13:228:48 | call to String.init(repeating:count:) |
+| string.swift:230:13:230:13 | tainted :  | file://:0:0:0:0 | [summary param] this in dropFirst(_:) :  |
+| string.swift:230:13:230:13 | tainted :  | string.swift:230:13:230:33 | call to dropFirst(_:) |
+| string.swift:231:13:231:13 | tainted :  | file://:0:0:0:0 | [summary param] this in dropLast(_:) :  |
+| string.swift:231:13:231:13 | tainted :  | string.swift:231:13:231:32 | call to dropLast(_:) |
+| string.swift:232:13:232:13 | tainted :  | string.swift:101:3:101:64 | [summary param] this in substring(from:) :  |
+| string.swift:232:13:232:13 | tainted :  | string.swift:232:13:232:55 | call to substring(from:) |
+| string.swift:234:13:234:13 | tainted :  | file://:0:0:0:0 | [summary param] this in lowercased() :  |
+| string.swift:234:13:234:13 | tainted :  | string.swift:234:13:234:32 | call to lowercased() |
+| string.swift:235:13:235:13 | tainted :  | file://:0:0:0:0 | [summary param] this in uppercased() :  |
+| string.swift:235:13:235:13 | tainted :  | string.swift:235:13:235:32 | call to uppercased() |
+| string.swift:236:13:236:13 | tainted :  | string.swift:98:3:98:63 | [summary param] this in lowercased(with:) :  |
+| string.swift:236:13:236:13 | tainted :  | string.swift:236:13:236:41 | call to lowercased(with:) |
+| string.swift:237:13:237:13 | tainted :  | string.swift:99:3:99:63 | [summary param] this in uppercased(with:) :  |
+| string.swift:237:13:237:13 | tainted :  | string.swift:237:13:237:41 | call to uppercased(with:) |
+| string.swift:238:13:238:13 | tainted :  | string.swift:100:3:100:64 | [summary param] this in capitalized(with:) :  |
+| string.swift:238:13:238:13 | tainted :  | string.swift:238:13:238:42 | call to capitalized(with:) |
+| string.swift:239:13:239:13 | tainted :  | file://:0:0:0:0 | [summary param] this in reversed() :  |
+| string.swift:239:13:239:13 | tainted :  | string.swift:239:13:239:30 | call to reversed() |
+| string.swift:241:13:241:13 | tainted :  | file://:0:0:0:0 | [summary param] this in split(separator:maxSplits:omittingEmptySubsequences:) :  |
+| string.swift:241:13:241:13 | tainted :  | string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) |
+| string.swift:242:13:242:13 | tainted :  | file://:0:0:0:0 | [summary param] this in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  |
+| string.swift:242:13:242:13 | tainted :  | string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) |
+| string.swift:245:13:245:13 | tainted :  | string.swift:102:3:102:71 | [summary param] this in trimmingCharacters(in:) :  |
+| string.swift:245:13:245:13 | tainted :  | string.swift:245:13:245:68 | call to trimmingCharacters(in:) |
+| string.swift:246:13:246:13 | tainted :  | string.swift:104:3:104:138 | [summary param] this in padding(toLength:withPad:startingAt:) :  |
+| string.swift:246:13:246:13 | tainted :  | string.swift:246:13:246:70 | call to padding(toLength:withPad:startingAt:) |
+| string.swift:247:13:247:13 | tainted :  | string.swift:105:3:105:80 | [summary param] this in components(separatedBy:) :  |
+| string.swift:247:13:247:13 | tainted :  | string.swift:247:13:247:69 | call to components(separatedBy:) |
+| string.swift:248:13:248:13 | tainted :  | string.swift:105:3:105:80 | [summary param] this in components(separatedBy:) :  |
+| string.swift:248:13:248:13 | tainted :  | string.swift:248:13:248:69 | call to components(separatedBy:) :  |
+| string.swift:248:13:248:69 | call to components(separatedBy:) :  | string.swift:248:13:248:72 | ...[...] |
+| string.swift:249:13:249:13 | tainted :  | string.swift:106:3:106:92 | [summary param] this in folding(options:locale:) :  |
+| string.swift:249:13:249:13 | tainted :  | string.swift:249:13:249:40 | call to folding(options:locale:) |
+| string.swift:250:13:250:13 | tainted :  | string.swift:107:3:107:78 | [summary param] this in propertyListFromStringsFileFormat() :  |
+| string.swift:250:13:250:13 | tainted :  | string.swift:250:13:250:55 | call to propertyListFromStringsFileFormat() |
+| string.swift:251:13:251:13 | tainted :  | string.swift:107:3:107:78 | [summary param] this in propertyListFromStringsFileFormat() :  |
+| string.swift:251:13:251:13 | tainted :  | string.swift:251:13:251:55 | call to propertyListFromStringsFileFormat() :  |
+| string.swift:251:13:251:55 | call to propertyListFromStringsFileFormat() :  | string.swift:251:13:251:63 | ...! |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:270:13:270:21 | .description |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:272:13:272:21 | .debugDescription |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:274:13:274:21 | .utf8 |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:276:13:276:21 | .utf16 |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:278:13:278:21 | .unicodeScalars |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:280:13:280:21 | .utf8CString |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:282:13:282:21 | .lazy |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:284:13:284:21 | .capitalized |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:286:13:286:21 | .localizedCapitalized |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:288:13:288:21 | .localizedLowercase |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:290:13:290:21 | .localizedUppercase |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:292:13:292:21 | .decomposedStringWithCanonicalMapping |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:294:13:294:21 | .precomposedStringWithCompatibilityMapping |
+| string.swift:258:13:258:13 | [post] tainted :  | string.swift:296:13:296:44 | ...! |
+| string.swift:258:13:258:13 | tainted :  | string.swift:109:8:109:8 | self :  |
+| string.swift:258:13:258:13 | tainted :  | string.swift:258:13:258:13 | [post] tainted :  |
+| string.swift:300:14:300:22 | call to source2() :  | string.swift:301:13:301:13 | str1 |
+| string.swift:300:14:300:22 | call to source2() :  | string.swift:302:13:302:13 | &... :  |
+| string.swift:300:14:300:22 | call to source2() :  | string.swift:303:13:303:13 | str1 |
+| string.swift:302:13:302:13 | &... :  | file://:0:0:0:0 | [summary param] this in remove(at:) :  |
+| string.swift:302:13:302:13 | &... :  | string.swift:302:13:302:44 | call to remove(at:) |
+| string.swift:305:14:305:22 | call to source2() :  | string.swift:306:13:306:13 | str2 |
+| string.swift:305:14:305:22 | call to source2() :  | string.swift:308:13:308:13 | str2 |
+| string.swift:310:14:310:22 | call to source2() :  | string.swift:311:13:311:13 | str3 |
+| string.swift:310:14:310:22 | call to source2() :  | string.swift:313:13:313:13 | str3 |
+| string.swift:315:14:315:22 | call to source2() :  | string.swift:316:13:316:13 | str4 |
+| string.swift:315:14:315:22 | call to source2() :  | string.swift:317:13:317:13 | &... :  |
+| string.swift:315:14:315:22 | call to source2() :  | string.swift:318:13:318:13 | str4 |
+| string.swift:315:14:315:22 | call to source2() :  | string.swift:320:13:320:13 | str4 |
+| string.swift:315:14:315:22 | call to source2() :  | string.swift:321:13:321:13 | &... :  |
+| string.swift:315:14:315:22 | call to source2() :  | string.swift:322:13:322:13 | str4 |
+| string.swift:315:14:315:22 | call to source2() :  | string.swift:324:13:324:13 | str4 |
+| string.swift:317:13:317:13 | &... :  | file://:0:0:0:0 | [summary param] this in removeFirst() :  |
+| string.swift:317:13:317:13 | &... :  | string.swift:317:13:317:30 | call to removeFirst() |
+| string.swift:321:13:321:13 | &... :  | file://:0:0:0:0 | [summary param] this in removeLast() :  |
+| string.swift:321:13:321:13 | &... :  | string.swift:321:13:321:29 | call to removeLast() |
+| string.swift:326:14:326:22 | call to source2() :  | string.swift:327:13:327:13 | str5 |
+| string.swift:326:14:326:22 | call to source2() :  | string.swift:329:13:329:13 | str5 |
+| string.swift:331:14:331:22 | call to source2() :  | string.swift:332:13:332:13 | str6 |
+| string.swift:331:14:331:22 | call to source2() :  | string.swift:334:13:334:13 | str6 |
+| string.swift:341:23:341:77 | call to String.init(data:encoding:) :  | string.swift:344:12:344:25 | ...! |
+| string.swift:341:36:341:44 | call to source3() :  | string.swift:60:2:60:54 | [summary param] 0 in String.init(data:encoding:) :  |
+| string.swift:341:36:341:44 | call to source3() :  | string.swift:341:23:341:77 | call to String.init(data:encoding:) :  |
+| string.swift:347:30:347:38 | call to source3() :  | file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) :  |
+| string.swift:347:30:347:38 | call to source3() :  | string.swift:347:13:347:54 | call to String.init(decoding:as:) |
+| string.swift:352:17:352:25 | call to source2() :  | string.swift:389:22:389:22 | tainted :  |
+| string.swift:389:22:389:22 | tainted :  | string.swift:108:3:108:74 | [summary param] this in cString(using:) :  |
+| string.swift:389:22:389:22 | tainted :  | string.swift:389:22:389:65 | call to cString(using:) :  |
+| string.swift:389:22:389:65 | call to cString(using:) :  | string.swift:390:13:390:13 | arrayString2 |
+| string.swift:436:28:436:36 | call to source4() :  | string.swift:456:27:456:27 | taintedUInt8Values :  |
+| string.swift:436:28:436:36 | call to source4() :  | string.swift:459:29:459:29 | taintedUInt8Values :  |
+| string.swift:456:13:456:77 | call to String.init(bytes:encoding:) :  | string.swift:456:13:456:78 | ...! |
+| string.swift:456:27:456:27 | taintedUInt8Values :  | string.swift:71:3:71:102 | [summary param] 0 in String.init(bytes:encoding:) :  |
+| string.swift:456:27:456:27 | taintedUInt8Values :  | string.swift:456:13:456:77 | call to String.init(bytes:encoding:) :  |
+| string.swift:459:29:459:29 | taintedUInt8Values :  | file://:0:0:0:0 | [summary param] 0 in String.init(cString:) :  |
+| string.swift:459:29:459:29 | taintedUInt8Values :  | string.swift:459:13:459:47 | call to String.init(cString:) |
+| string.swift:492:37:492:45 | call to source5() :  | string.swift:512:29:512:29 | taintedCCharValues :  |
+| string.swift:512:29:512:29 | taintedCCharValues :  | file://:0:0:0:0 | [summary param] 0 in String.init(cString:) :  |
+| string.swift:512:29:512:29 | taintedCCharValues :  | string.swift:512:13:512:47 | call to String.init(cString:) |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:545:13:545:13 | sub1 |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:546:20:546:20 | sub1 :  |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:548:14:548:14 | tainted :  |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:552:14:552:14 | tainted :  |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:556:14:556:14 | tainted :  |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:560:14:560:14 | tainted :  |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:564:14:564:14 | tainted :  |
+| string.swift:546:20:546:20 | sub1 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:546:20:546:20 | sub1 :  | string.swift:546:13:546:24 | call to String.init(_:) |
+| string.swift:548:14:548:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(_:) :  |
+| string.swift:548:14:548:14 | tainted :  | string.swift:548:14:548:31 | call to prefix(_:) :  |
+| string.swift:548:14:548:31 | call to prefix(_:) :  | string.swift:549:13:549:13 | sub2 |
+| string.swift:548:14:548:31 | call to prefix(_:) :  | string.swift:550:20:550:20 | sub2 :  |
+| string.swift:550:20:550:20 | sub2 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:550:20:550:20 | sub2 :  | string.swift:550:13:550:24 | call to String.init(_:) |
+| string.swift:552:14:552:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(through:) :  |
+| string.swift:552:14:552:14 | tainted :  | string.swift:552:14:552:54 | call to prefix(through:) :  |
+| string.swift:552:14:552:54 | call to prefix(through:) :  | string.swift:553:13:553:13 | sub3 |
+| string.swift:552:14:552:54 | call to prefix(through:) :  | string.swift:554:20:554:20 | sub3 :  |
+| string.swift:554:20:554:20 | sub3 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:554:20:554:20 | sub3 :  | string.swift:554:13:554:24 | call to String.init(_:) |
+| string.swift:556:14:556:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(upTo:) :  |
+| string.swift:556:14:556:14 | tainted :  | string.swift:556:14:556:51 | call to prefix(upTo:) :  |
+| string.swift:556:14:556:51 | call to prefix(upTo:) :  | string.swift:557:13:557:13 | sub4 |
+| string.swift:556:14:556:51 | call to prefix(upTo:) :  | string.swift:558:20:558:20 | sub4 :  |
+| string.swift:558:20:558:20 | sub4 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:558:20:558:20 | sub4 :  | string.swift:558:13:558:24 | call to String.init(_:) |
+| string.swift:560:14:560:14 | tainted :  | file://:0:0:0:0 | [summary param] this in suffix(_:) :  |
+| string.swift:560:14:560:14 | tainted :  | string.swift:560:14:560:31 | call to suffix(_:) :  |
+| string.swift:560:14:560:31 | call to suffix(_:) :  | string.swift:561:13:561:13 | sub5 |
+| string.swift:560:14:560:31 | call to suffix(_:) :  | string.swift:562:20:562:20 | sub5 :  |
+| string.swift:562:20:562:20 | sub5 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:562:20:562:20 | sub5 :  | string.swift:562:13:562:24 | call to String.init(_:) |
+| string.swift:564:14:564:14 | tainted :  | file://:0:0:0:0 | [summary param] this in suffix(from:) :  |
+| string.swift:564:14:564:14 | tainted :  | string.swift:564:14:564:53 | call to suffix(from:) :  |
+| string.swift:564:14:564:53 | call to suffix(from:) :  | string.swift:565:13:565:13 | sub6 |
+| string.swift:564:14:564:53 | call to suffix(from:) :  | string.swift:566:20:566:20 | sub6 :  |
+| string.swift:566:20:566:20 | sub6 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:566:20:566:20 | sub6 :  | string.swift:566:13:566:24 | call to String.init(_:) |
+| string.swift:622:20:622:27 | call to source() :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:622:20:622:27 | call to source() :  | string.swift:622:13:622:28 | call to String.init(_:) |
+| string.swift:626:32:626:39 | call to source() :  | file://:0:0:0:0 | [summary param] 0 in String.init(describing:) :  |
+| string.swift:626:32:626:39 | call to source() :  | string.swift:626:13:626:40 | call to String.init(describing:) |
 | subscript.swift:13:15:13:22 | call to source() :  | subscript.swift:13:15:13:25 | ...[...] |
 | subscript.swift:14:15:14:23 | call to source2() :  | subscript.swift:14:15:14:26 | ...[...] |
 | try.swift:9:17:9:24 | call to source() :  | try.swift:9:13:9:24 | try ... |
@@ -742,6 +1008,9 @@ nodes
 | data.swift:228:10:228:10 | [post] dataTainted33 :  | semmle.label | [post] dataTainted33 :  |
 | data.swift:228:45:228:52 | call to source() :  | semmle.label | call to source() :  |
 | data.swift:229:12:229:12 | dataTainted33 | semmle.label | dataTainted33 |
+| data.swift:232:22:232:29 | call to source() :  | semmle.label | call to source() :  |
+| data.swift:233:12:233:12 | dataTainted34 :  | semmle.label | dataTainted34 :  |
+| data.swift:233:12:233:35 | call to reversed() | semmle.label | call to reversed() |
 | data.swift:236:22:236:29 | call to source() :  | semmle.label | call to source() :  |
 | data.swift:237:12:237:12 | dataTainted35 :  | semmle.label | dataTainted35 :  |
 | data.swift:237:12:237:33 | call to sorted() | semmle.label | call to sorted() |
@@ -775,6 +1044,33 @@ nodes
 | file://:0:0:0:0 | .url :  | semmle.label | .url :  |
 | file://:0:0:0:0 | .urlContexts :  | semmle.label | .urlContexts :  |
 | file://:0:0:0:0 | .userActivities :  | semmle.label | .userActivities :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | semmle.label | [summary param] 0 in String.init(_:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | semmle.label | [summary param] 0 in String.init(_:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | semmle.label | [summary param] 0 in String.init(_:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(cString:) :  | semmle.label | [summary param] 0 in String.init(cString:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(cString:) :  | semmle.label | [summary param] 0 in String.init(cString:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) :  | semmle.label | [summary param] 0 in String.init(decoding:as:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(describing:) :  | semmle.label | [summary param] 0 in String.init(describing:) :  |
+| file://:0:0:0:0 | [summary param] 0 in String.init(repeating:count:) :  | semmle.label | [summary param] 0 in String.init(repeating:count:) :  |
+| file://:0:0:0:0 | [summary param] 0 in append(_:) :  | semmle.label | [summary param] 0 in append(_:) :  |
+| file://:0:0:0:0 | [summary param] 0 in append(contentsOf:) :  | semmle.label | [summary param] 0 in append(contentsOf:) :  |
+| file://:0:0:0:0 | [summary param] 0 in insert(contentsOf:at:) :  | semmle.label | [summary param] 0 in insert(contentsOf:at:) :  |
+| file://:0:0:0:0 | [summary param] 0 in write(_:) :  | semmle.label | [summary param] 0 in write(_:) :  |
+| file://:0:0:0:0 | [summary param] this in dropFirst(_:) :  | semmle.label | [summary param] this in dropFirst(_:) :  |
+| file://:0:0:0:0 | [summary param] this in dropLast(_:) :  | semmle.label | [summary param] this in dropLast(_:) :  |
+| file://:0:0:0:0 | [summary param] this in lowercased() :  | semmle.label | [summary param] this in lowercased() :  |
+| file://:0:0:0:0 | [summary param] this in prefix(_:) :  | semmle.label | [summary param] this in prefix(_:) :  |
+| file://:0:0:0:0 | [summary param] this in prefix(through:) :  | semmle.label | [summary param] this in prefix(through:) :  |
+| file://:0:0:0:0 | [summary param] this in prefix(upTo:) :  | semmle.label | [summary param] this in prefix(upTo:) :  |
+| file://:0:0:0:0 | [summary param] this in remove(at:) :  | semmle.label | [summary param] this in remove(at:) :  |
+| file://:0:0:0:0 | [summary param] this in removeFirst() :  | semmle.label | [summary param] this in removeFirst() :  |
+| file://:0:0:0:0 | [summary param] this in removeLast() :  | semmle.label | [summary param] this in removeLast() :  |
+| file://:0:0:0:0 | [summary param] this in reversed() :  | semmle.label | [summary param] this in reversed() :  |
+| file://:0:0:0:0 | [summary param] this in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  | semmle.label | [summary param] this in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  |
+| file://:0:0:0:0 | [summary param] this in split(separator:maxSplits:omittingEmptySubsequences:) :  | semmle.label | [summary param] this in split(separator:maxSplits:omittingEmptySubsequences:) :  |
+| file://:0:0:0:0 | [summary param] this in suffix(_:) :  | semmle.label | [summary param] this in suffix(_:) :  |
+| file://:0:0:0:0 | [summary param] this in suffix(from:) :  | semmle.label | [summary param] this in suffix(from:) :  |
+| file://:0:0:0:0 | [summary param] this in uppercased() :  | semmle.label | [summary param] this in uppercased() :  |
 | file://:0:0:0:0 | [summary] to write: argument 0 in copyBytes(to:) :  | semmle.label | [summary] to write: argument 0 in copyBytes(to:) :  |
 | file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:) :  | semmle.label | [summary] to write: argument 0 in getBytes(_:) :  |
 | file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:length:) :  | semmle.label | [summary] to write: argument 0 in getBytes(_:length:) :  |
@@ -785,12 +1081,15 @@ nodes
 | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | semmle.label | [summary] to write: argument this in append(_:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | semmle.label | [summary] to write: argument this in append(_:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | semmle.label | [summary] to write: argument this in append(_:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | semmle.label | [summary] to write: argument this in append(_:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in append(_:count:) :  | semmle.label | [summary] to write: argument this in append(_:count:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in append(_:length:) :  | semmle.label | [summary] to write: argument this in append(_:length:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in append(contentsOf:) :  | semmle.label | [summary] to write: argument this in append(contentsOf:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in append(contentsOf:) :  | semmle.label | [summary] to write: argument this in append(contentsOf:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in defineProperty(_:descriptor:) :  | semmle.label | [summary] to write: argument this in defineProperty(_:descriptor:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in insert(_:at:) :  | semmle.label | [summary] to write: argument this in insert(_:at:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in insert(contentsOf:at:) :  | semmle.label | [summary] to write: argument this in insert(contentsOf:at:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in insert(contentsOf:at:) :  | semmle.label | [summary] to write: argument this in insert(contentsOf:at:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in replace(_:with:maxReplacements:) :  | semmle.label | [summary] to write: argument this in replace(_:with:maxReplacements:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in replaceBytes(in:withBytes:) :  | semmle.label | [summary] to write: argument this in replaceBytes(in:withBytes:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in replaceBytes(in:withBytes:length:) :  | semmle.label | [summary] to write: argument this in replaceBytes(in:withBytes:length:) :  |
@@ -802,6 +1101,7 @@ nodes
 | file://:0:0:0:0 | [summary] to write: argument this in setData(_:) :  | semmle.label | [summary] to write: argument this in setData(_:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:at:) :  | semmle.label | [summary] to write: argument this in setValue(_:at:) :  |
 | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:forProperty:) :  | semmle.label | [summary] to write: argument this in setValue(_:forProperty:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in write(_:) :  | semmle.label | [summary] to write: argument this in write(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  | semmle.label | [summary] to write: return (return) in Data.init(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(base64Encoded:options:) :  | semmle.label | [summary] to write: return (return) in Data.init(base64Encoded:options:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(buffer:) :  | semmle.label | [summary] to write: return (return) in Data.init(buffer:) :  |
@@ -832,32 +1132,71 @@ nodes
 | file://:0:0:0:0 | [summary] to write: return (return) in NSData.init(contentsOfFile:options:) :  | semmle.label | [summary] to write: return (return) in NSData.init(contentsOfFile:options:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in NSData.init(contentsOfMappedFile:) :  | semmle.label | [summary] to write: return (return) in NSData.init(contentsOfMappedFile:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in NSData.init(data:) :  | semmle.label | [summary] to write: return (return) in NSData.init(data:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | semmle.label | [summary] to write: return (return) in String.init(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | semmle.label | [summary] to write: return (return) in String.init(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | semmle.label | [summary] to write: return (return) in String.init(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(bytes:encoding:) :  | semmle.label | [summary] to write: return (return) in String.init(bytes:encoding:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) :  | semmle.label | [summary] to write: return (return) in String.init(cString:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) :  | semmle.label | [summary] to write: return (return) in String.init(cString:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(data:encoding:) :  | semmle.label | [summary] to write: return (return) in String.init(data:encoding:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) :  | semmle.label | [summary] to write: return (return) in String.init(decoding:as:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(describing:) :  | semmle.label | [summary] to write: return (return) in String.init(describing:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:_:) :  | semmle.label | [summary] to write: return (return) in String.init(format:_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:arguments:) :  | semmle.label | [summary] to write: return (return) in String.init(format:arguments:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:_:) :  | semmle.label | [summary] to write: return (return) in String.init(format:locale:_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:arguments:) :  | semmle.label | [summary] to write: return (return) in String.init(format:locale:arguments:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(repeating:count:) :  | semmle.label | [summary] to write: return (return) in String.init(repeating:count:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:) :  | semmle.label | [summary] to write: return (return) in URL.init(string:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:relativeTo:) :  | semmle.label | [summary] to write: return (return) in URL.init(string:relativeTo:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:relativeTo:) :  | semmle.label | [summary] to write: return (return) in URL.init(string:relativeTo:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) :  | semmle.label | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) :  | semmle.label | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in appending(_:) :  | semmle.label | [summary] to write: return (return) in appending(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in appending(_:) :  | semmle.label | [summary] to write: return (return) in appending(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in atIndex(_:) :  | semmle.label | [summary] to write: return (return) in atIndex(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedData(options:) :  | semmle.label | [summary] to write: return (return) in base64EncodedData(options:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedData(options:) :  | semmle.label | [summary] to write: return (return) in base64EncodedData(options:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedString(options:) :  | semmle.label | [summary] to write: return (return) in base64EncodedString(options:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in base64EncodedString(options:) :  | semmle.label | [summary] to write: return (return) in base64EncodedString(options:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in base64Encoding() :  | semmle.label | [summary] to write: return (return) in base64Encoding() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in cString(using:) :  | semmle.label | [summary] to write: return (return) in cString(using:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in capitalized(with:) :  | semmle.label | [summary] to write: return (return) in capitalized(with:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in compactMap(_:) :  | semmle.label | [summary] to write: return (return) in compactMap(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in components(separatedBy:) :  | semmle.label | [summary] to write: return (return) in components(separatedBy:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in compressed(using:) :  | semmle.label | [summary] to write: return (return) in compressed(using:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in dataWithContentsOfMappedFile(_:) :  | semmle.label | [summary] to write: return (return) in dataWithContentsOfMappedFile(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in decompressed(using:) :  | semmle.label | [summary] to write: return (return) in decompressed(using:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in dropFirst(_:) :  | semmle.label | [summary] to write: return (return) in dropFirst(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in dropLast(_:) :  | semmle.label | [summary] to write: return (return) in dropLast(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in flatMap(_:) :  | semmle.label | [summary] to write: return (return) in flatMap(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in flatMap(_:) :  | semmle.label | [summary] to write: return (return) in flatMap(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in folding(options:locale:) :  | semmle.label | [summary] to write: return (return) in folding(options:locale:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in forProperty(_:) :  | semmle.label | [summary] to write: return (return) in forProperty(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in localizedStringWithFormat(_:_:) :  | semmle.label | [summary] to write: return (return) in localizedStringWithFormat(_:_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in lowercased() :  | semmle.label | [summary] to write: return (return) in lowercased() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in lowercased(with:) :  | semmle.label | [summary] to write: return (return) in lowercased(with:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in map(_:) :  | semmle.label | [summary] to write: return (return) in map(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in padding(toLength:withPad:startingAt:) :  | semmle.label | [summary] to write: return (return) in padding(toLength:withPad:startingAt:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in prefix(_:) :  | semmle.label | [summary] to write: return (return) in prefix(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in prefix(through:) :  | semmle.label | [summary] to write: return (return) in prefix(through:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in prefix(upTo:) :  | semmle.label | [summary] to write: return (return) in prefix(upTo:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in propertyListFromStringsFileFormat() :  | semmle.label | [summary] to write: return (return) in propertyListFromStringsFileFormat() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in reduce(into:_:) :  | semmle.label | [summary] to write: return (return) in reduce(into:_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in remove(at:) :  | semmle.label | [summary] to write: return (return) in remove(at:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in removeFirst() :  | semmle.label | [summary] to write: return (return) in removeFirst() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in removeLast() :  | semmle.label | [summary] to write: return (return) in removeLast() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in reversed() :  | semmle.label | [summary] to write: return (return) in reversed() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in shuffled() :  | semmle.label | [summary] to write: return (return) in shuffled() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in shuffled(using:) :  | semmle.label | [summary] to write: return (return) in shuffled(using:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in sorted() :  | semmle.label | [summary] to write: return (return) in sorted() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in sorted(by:) :  | semmle.label | [summary] to write: return (return) in sorted(by:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in sorted(using:) :  | semmle.label | [summary] to write: return (return) in sorted(using:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  | semmle.label | [summary] to write: return (return) in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in split(separator:maxSplits:omittingEmptySubsequences:) :  | semmle.label | [summary] to write: return (return) in split(separator:maxSplits:omittingEmptySubsequences:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in subdata(with:) :  | semmle.label | [summary] to write: return (return) in subdata(with:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in substring(from:) :  | semmle.label | [summary] to write: return (return) in substring(from:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in suffix(_:) :  | semmle.label | [summary] to write: return (return) in suffix(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in suffix(from:) :  | semmle.label | [summary] to write: return (return) in suffix(from:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toArray() :  | semmle.label | [summary] to write: return (return) in toArray() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toBool() :  | semmle.label | [summary] to write: return (return) in toBool() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toDate() :  | semmle.label | [summary] to write: return (return) in toDate() :  |
@@ -873,8 +1212,11 @@ nodes
 | file://:0:0:0:0 | [summary] to write: return (return) in toSize() :  | semmle.label | [summary] to write: return (return) in toSize() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toString() :  | semmle.label | [summary] to write: return (return) in toString() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toUInt32() :  | semmle.label | [summary] to write: return (return) in toUInt32() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in trimmingCharacters(in:) :  | semmle.label | [summary] to write: return (return) in trimmingCharacters(in:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in trimmingPrefix(_:) :  | semmle.label | [summary] to write: return (return) in trimmingPrefix(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in trimmingPrefix(while:) :  | semmle.label | [summary] to write: return (return) in trimmingPrefix(while:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in uppercased() :  | semmle.label | [summary] to write: return (return) in uppercased() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in uppercased(with:) :  | semmle.label | [summary] to write: return (return) in uppercased(with:) :  |
 | nsdata.swift:22:9:22:9 | self :  | semmle.label | self :  |
 | nsdata.swift:23:9:23:9 | self :  | semmle.label | self :  |
 | nsdata.swift:24:5:24:50 | [summary param] 0 in NSData.init(bytes:length:) :  | semmle.label | [summary param] 0 in NSData.init(bytes:length:) :  |
@@ -1010,27 +1352,209 @@ nodes
 | nsmutabledata.swift:48:33:48:40 | call to source() :  | semmle.label | call to source() :  |
 | nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 :  | semmle.label | nsMutableDataTainted6 :  |
 | nsmutabledata.swift:49:15:49:37 | .mutableBytes | semmle.label | .mutableBytes |
-| string.swift:5:11:5:18 | call to source() :  | semmle.label | call to source() :  |
-| string.swift:7:13:7:13 | "..." | semmle.label | "..." |
-| string.swift:9:13:9:13 | "..." | semmle.label | "..." |
-| string.swift:11:13:11:13 | "..." | semmle.label | "..." |
-| string.swift:16:13:16:13 | "..." | semmle.label | "..." |
-| string.swift:18:13:18:13 | "..." | semmle.label | "..." |
-| string.swift:28:17:28:25 | call to source2() :  | semmle.label | call to source2() :  |
-| string.swift:31:13:31:13 | tainted | semmle.label | tainted |
-| string.swift:34:13:34:21 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
-| string.swift:35:13:35:23 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
-| string.swift:36:13:36:23 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
-| string.swift:39:13:39:29 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
-| string.swift:74:17:74:25 | call to source2() :  | semmle.label | call to source2() :  |
-| string.swift:85:13:85:21 | .description | semmle.label | .description |
-| string.swift:88:13:88:21 | .debugDescription | semmle.label | .debugDescription |
-| string.swift:121:17:121:25 | call to source2() :  | semmle.label | call to source2() :  |
-| string.swift:122:24:122:32 | call to source2() :  | semmle.label | call to source2() :  |
-| string.swift:123:31:123:39 | call to source2() :  | semmle.label | call to source2() :  |
-| string.swift:126:13:126:13 | tainted | semmle.label | tainted |
-| string.swift:127:13:127:13 | taintedCString | semmle.label | taintedCString |
-| string.swift:128:13:128:13 | taintedUnicodeScalars | semmle.label | taintedUnicodeScalars |
+| string.swift:60:2:60:54 | [summary param] 0 in String.init(data:encoding:) :  | semmle.label | [summary param] 0 in String.init(data:encoding:) :  |
+| string.swift:64:3:64:63 | [summary param] 0 in String.init(format:_:) :  | semmle.label | [summary param] 0 in String.init(format:_:) :  |
+| string.swift:65:3:65:60 | [summary param] 0 in String.init(format:arguments:) :  | semmle.label | [summary param] 0 in String.init(format:arguments:) :  |
+| string.swift:66:3:66:75 | [summary param] 0 in String.init(format:locale:_:) :  | semmle.label | [summary param] 0 in String.init(format:locale:_:) :  |
+| string.swift:67:3:67:77 | [summary param] 0 in String.init(format:locale:arguments:) :  | semmle.label | [summary param] 0 in String.init(format:locale:arguments:) :  |
+| string.swift:69:3:69:106 | [summary param] 0 in localizedStringWithFormat(_:_:) :  | semmle.label | [summary param] 0 in localizedStringWithFormat(_:_:) :  |
+| string.swift:71:3:71:102 | [summary param] 0 in String.init(bytes:encoding:) :  | semmle.label | [summary param] 0 in String.init(bytes:encoding:) :  |
+| string.swift:98:3:98:63 | [summary param] this in lowercased(with:) :  | semmle.label | [summary param] this in lowercased(with:) :  |
+| string.swift:99:3:99:63 | [summary param] this in uppercased(with:) :  | semmle.label | [summary param] this in uppercased(with:) :  |
+| string.swift:100:3:100:64 | [summary param] this in capitalized(with:) :  | semmle.label | [summary param] this in capitalized(with:) :  |
+| string.swift:101:3:101:64 | [summary param] this in substring(from:) :  | semmle.label | [summary param] this in substring(from:) :  |
+| string.swift:102:3:102:71 | [summary param] this in trimmingCharacters(in:) :  | semmle.label | [summary param] this in trimmingCharacters(in:) :  |
+| string.swift:103:3:103:82 | [summary param] 0 in appending(_:) :  | semmle.label | [summary param] 0 in appending(_:) :  |
+| string.swift:103:3:103:82 | [summary param] this in appending(_:) :  | semmle.label | [summary param] this in appending(_:) :  |
+| string.swift:104:3:104:138 | [summary param] this in padding(toLength:withPad:startingAt:) :  | semmle.label | [summary param] this in padding(toLength:withPad:startingAt:) :  |
+| string.swift:105:3:105:80 | [summary param] this in components(separatedBy:) :  | semmle.label | [summary param] this in components(separatedBy:) :  |
+| string.swift:106:3:106:92 | [summary param] this in folding(options:locale:) :  | semmle.label | [summary param] this in folding(options:locale:) :  |
+| string.swift:107:3:107:78 | [summary param] this in propertyListFromStringsFileFormat() :  | semmle.label | [summary param] this in propertyListFromStringsFileFormat() :  |
+| string.swift:108:3:108:74 | [summary param] this in cString(using:) :  | semmle.label | [summary param] this in cString(using:) :  |
+| string.swift:109:3:109:79 | self[return] :  | semmle.label | self[return] :  |
+| string.swift:109:8:109:8 | self :  | semmle.label | self :  |
+| string.swift:132:11:132:18 | call to source() :  | semmle.label | call to source() :  |
+| string.swift:134:13:134:13 | "..." | semmle.label | "..." |
+| string.swift:136:13:136:13 | "..." | semmle.label | "..." |
+| string.swift:138:13:138:13 | "..." | semmle.label | "..." |
+| string.swift:144:13:144:13 | "..." | semmle.label | "..." |
+| string.swift:146:13:146:13 | "..." | semmle.label | "..." |
+| string.swift:156:17:156:25 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:159:13:159:13 | tainted | semmle.label | tainted |
+| string.swift:162:13:162:21 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| string.swift:163:13:163:23 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| string.swift:164:13:164:23 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| string.swift:167:13:167:29 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| string.swift:170:13:170:36 | call to appending(_:) | semmle.label | call to appending(_:) |
+| string.swift:170:29:170:29 | tainted :  | semmle.label | tainted :  |
+| string.swift:171:13:171:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:171:13:171:36 | call to appending(_:) | semmle.label | call to appending(_:) |
+| string.swift:172:13:172:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:172:13:172:38 | call to appending(_:) | semmle.label | call to appending(_:) |
+| string.swift:172:31:172:31 | tainted :  | semmle.label | tainted :  |
+| string.swift:185:3:185:3 | [post] &... :  | semmle.label | [post] &... :  |
+| string.swift:185:15:185:23 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:186:13:186:13 | str2 | semmle.label | str2 |
+| string.swift:192:3:192:3 | [post] &... :  | semmle.label | [post] &... :  |
+| string.swift:192:27:192:35 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:193:13:193:13 | str3 | semmle.label | str3 |
+| string.swift:199:3:199:3 | [post] &... :  | semmle.label | [post] &... :  |
+| string.swift:199:14:199:22 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:200:13:200:13 | str4 | semmle.label | str4 |
+| string.swift:206:3:206:3 | [post] &... :  | semmle.label | [post] &... :  |
+| string.swift:206:27:206:35 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:207:13:207:13 | str5 | semmle.label | str5 |
+| string.swift:212:17:212:25 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:213:20:213:27 | call to source() :  | semmle.label | call to source() :  |
+| string.swift:216:13:216:27 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:216:20:216:20 | tainted :  | semmle.label | tainted :  |
+| string.swift:217:13:217:30 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:217:20:217:20 | taintedInt :  | semmle.label | taintedInt :  |
+| string.swift:219:13:219:44 | call to String.init(format:_:) | semmle.label | call to String.init(format:_:) |
+| string.swift:219:28:219:28 | tainted :  | semmle.label | tainted :  |
+| string.swift:220:13:220:50 | call to String.init(format:arguments:) | semmle.label | call to String.init(format:arguments:) |
+| string.swift:220:28:220:28 | tainted :  | semmle.label | tainted :  |
+| string.swift:221:13:221:57 | call to String.init(format:locale:_:) | semmle.label | call to String.init(format:locale:_:) |
+| string.swift:221:28:221:28 | tainted :  | semmle.label | tainted :  |
+| string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) | semmle.label | call to String.init(format:locale:arguments:) |
+| string.swift:222:28:222:28 | tainted :  | semmle.label | tainted :  |
+| string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) | semmle.label | call to localizedStringWithFormat(_:_:) |
+| string.swift:223:46:223:46 | tainted :  | semmle.label | tainted :  |
+| string.swift:228:13:228:48 | call to String.init(repeating:count:) | semmle.label | call to String.init(repeating:count:) |
+| string.swift:228:31:228:31 | tainted :  | semmle.label | tainted :  |
+| string.swift:230:13:230:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:230:13:230:33 | call to dropFirst(_:) | semmle.label | call to dropFirst(_:) |
+| string.swift:231:13:231:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:231:13:231:32 | call to dropLast(_:) | semmle.label | call to dropLast(_:) |
+| string.swift:232:13:232:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:232:13:232:55 | call to substring(from:) | semmle.label | call to substring(from:) |
+| string.swift:234:13:234:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:234:13:234:32 | call to lowercased() | semmle.label | call to lowercased() |
+| string.swift:235:13:235:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:235:13:235:32 | call to uppercased() | semmle.label | call to uppercased() |
+| string.swift:236:13:236:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:236:13:236:41 | call to lowercased(with:) | semmle.label | call to lowercased(with:) |
+| string.swift:237:13:237:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:237:13:237:41 | call to uppercased(with:) | semmle.label | call to uppercased(with:) |
+| string.swift:238:13:238:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:238:13:238:42 | call to capitalized(with:) | semmle.label | call to capitalized(with:) |
+| string.swift:239:13:239:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:239:13:239:30 | call to reversed() | semmle.label | call to reversed() |
+| string.swift:241:13:241:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) | semmle.label | call to split(separator:maxSplits:omittingEmptySubsequences:) |
+| string.swift:242:13:242:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) | semmle.label | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) |
+| string.swift:245:13:245:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:245:13:245:68 | call to trimmingCharacters(in:) | semmle.label | call to trimmingCharacters(in:) |
+| string.swift:246:13:246:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:246:13:246:70 | call to padding(toLength:withPad:startingAt:) | semmle.label | call to padding(toLength:withPad:startingAt:) |
+| string.swift:247:13:247:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:247:13:247:69 | call to components(separatedBy:) | semmle.label | call to components(separatedBy:) |
+| string.swift:248:13:248:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:248:13:248:69 | call to components(separatedBy:) :  | semmle.label | call to components(separatedBy:) :  |
+| string.swift:248:13:248:72 | ...[...] | semmle.label | ...[...] |
+| string.swift:249:13:249:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:249:13:249:40 | call to folding(options:locale:) | semmle.label | call to folding(options:locale:) |
+| string.swift:250:13:250:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:250:13:250:55 | call to propertyListFromStringsFileFormat() | semmle.label | call to propertyListFromStringsFileFormat() |
+| string.swift:251:13:251:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:251:13:251:55 | call to propertyListFromStringsFileFormat() :  | semmle.label | call to propertyListFromStringsFileFormat() :  |
+| string.swift:251:13:251:63 | ...! | semmle.label | ...! |
+| string.swift:258:13:258:13 | [post] tainted :  | semmle.label | [post] tainted :  |
+| string.swift:258:13:258:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:270:13:270:21 | .description | semmle.label | .description |
+| string.swift:272:13:272:21 | .debugDescription | semmle.label | .debugDescription |
+| string.swift:274:13:274:21 | .utf8 | semmle.label | .utf8 |
+| string.swift:276:13:276:21 | .utf16 | semmle.label | .utf16 |
+| string.swift:278:13:278:21 | .unicodeScalars | semmle.label | .unicodeScalars |
+| string.swift:280:13:280:21 | .utf8CString | semmle.label | .utf8CString |
+| string.swift:282:13:282:21 | .lazy | semmle.label | .lazy |
+| string.swift:284:13:284:21 | .capitalized | semmle.label | .capitalized |
+| string.swift:286:13:286:21 | .localizedCapitalized | semmle.label | .localizedCapitalized |
+| string.swift:288:13:288:21 | .localizedLowercase | semmle.label | .localizedLowercase |
+| string.swift:290:13:290:21 | .localizedUppercase | semmle.label | .localizedUppercase |
+| string.swift:292:13:292:21 | .decomposedStringWithCanonicalMapping | semmle.label | .decomposedStringWithCanonicalMapping |
+| string.swift:294:13:294:21 | .precomposedStringWithCompatibilityMapping | semmle.label | .precomposedStringWithCompatibilityMapping |
+| string.swift:296:13:296:44 | ...! | semmle.label | ...! |
+| string.swift:300:14:300:22 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:301:13:301:13 | str1 | semmle.label | str1 |
+| string.swift:302:13:302:13 | &... :  | semmle.label | &... :  |
+| string.swift:302:13:302:44 | call to remove(at:) | semmle.label | call to remove(at:) |
+| string.swift:303:13:303:13 | str1 | semmle.label | str1 |
+| string.swift:305:14:305:22 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:306:13:306:13 | str2 | semmle.label | str2 |
+| string.swift:308:13:308:13 | str2 | semmle.label | str2 |
+| string.swift:310:14:310:22 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:311:13:311:13 | str3 | semmle.label | str3 |
+| string.swift:313:13:313:13 | str3 | semmle.label | str3 |
+| string.swift:315:14:315:22 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:316:13:316:13 | str4 | semmle.label | str4 |
+| string.swift:317:13:317:13 | &... :  | semmle.label | &... :  |
+| string.swift:317:13:317:30 | call to removeFirst() | semmle.label | call to removeFirst() |
+| string.swift:318:13:318:13 | str4 | semmle.label | str4 |
+| string.swift:320:13:320:13 | str4 | semmle.label | str4 |
+| string.swift:321:13:321:13 | &... :  | semmle.label | &... :  |
+| string.swift:321:13:321:29 | call to removeLast() | semmle.label | call to removeLast() |
+| string.swift:322:13:322:13 | str4 | semmle.label | str4 |
+| string.swift:324:13:324:13 | str4 | semmle.label | str4 |
+| string.swift:326:14:326:22 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:327:13:327:13 | str5 | semmle.label | str5 |
+| string.swift:329:13:329:13 | str5 | semmle.label | str5 |
+| string.swift:331:14:331:22 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:332:13:332:13 | str6 | semmle.label | str6 |
+| string.swift:334:13:334:13 | str6 | semmle.label | str6 |
+| string.swift:341:23:341:77 | call to String.init(data:encoding:) :  | semmle.label | call to String.init(data:encoding:) :  |
+| string.swift:341:36:341:44 | call to source3() :  | semmle.label | call to source3() :  |
+| string.swift:344:12:344:25 | ...! | semmle.label | ...! |
+| string.swift:347:13:347:54 | call to String.init(decoding:as:) | semmle.label | call to String.init(decoding:as:) |
+| string.swift:347:30:347:38 | call to source3() :  | semmle.label | call to source3() :  |
+| string.swift:352:17:352:25 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:389:22:389:22 | tainted :  | semmle.label | tainted :  |
+| string.swift:389:22:389:65 | call to cString(using:) :  | semmle.label | call to cString(using:) :  |
+| string.swift:390:13:390:13 | arrayString2 | semmle.label | arrayString2 |
+| string.swift:436:28:436:36 | call to source4() :  | semmle.label | call to source4() :  |
+| string.swift:456:13:456:77 | call to String.init(bytes:encoding:) :  | semmle.label | call to String.init(bytes:encoding:) :  |
+| string.swift:456:13:456:78 | ...! | semmle.label | ...! |
+| string.swift:456:27:456:27 | taintedUInt8Values :  | semmle.label | taintedUInt8Values :  |
+| string.swift:459:13:459:47 | call to String.init(cString:) | semmle.label | call to String.init(cString:) |
+| string.swift:459:29:459:29 | taintedUInt8Values :  | semmle.label | taintedUInt8Values :  |
+| string.swift:492:37:492:45 | call to source5() :  | semmle.label | call to source5() :  |
+| string.swift:512:13:512:47 | call to String.init(cString:) | semmle.label | call to String.init(cString:) |
+| string.swift:512:29:512:29 | taintedCCharValues :  | semmle.label | taintedCCharValues :  |
+| string.swift:540:17:540:25 | call to source2() :  | semmle.label | call to source2() :  |
+| string.swift:542:13:542:21 | call to source7() | semmle.label | call to source7() |
+| string.swift:545:13:545:13 | sub1 | semmle.label | sub1 |
+| string.swift:546:13:546:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:546:20:546:20 | sub1 :  | semmle.label | sub1 :  |
+| string.swift:548:14:548:14 | tainted :  | semmle.label | tainted :  |
+| string.swift:548:14:548:31 | call to prefix(_:) :  | semmle.label | call to prefix(_:) :  |
+| string.swift:549:13:549:13 | sub2 | semmle.label | sub2 |
+| string.swift:550:13:550:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:550:20:550:20 | sub2 :  | semmle.label | sub2 :  |
+| string.swift:552:14:552:14 | tainted :  | semmle.label | tainted :  |
+| string.swift:552:14:552:54 | call to prefix(through:) :  | semmle.label | call to prefix(through:) :  |
+| string.swift:553:13:553:13 | sub3 | semmle.label | sub3 |
+| string.swift:554:13:554:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:554:20:554:20 | sub3 :  | semmle.label | sub3 :  |
+| string.swift:556:14:556:14 | tainted :  | semmle.label | tainted :  |
+| string.swift:556:14:556:51 | call to prefix(upTo:) :  | semmle.label | call to prefix(upTo:) :  |
+| string.swift:557:13:557:13 | sub4 | semmle.label | sub4 |
+| string.swift:558:13:558:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:558:20:558:20 | sub4 :  | semmle.label | sub4 :  |
+| string.swift:560:14:560:14 | tainted :  | semmle.label | tainted :  |
+| string.swift:560:14:560:31 | call to suffix(_:) :  | semmle.label | call to suffix(_:) :  |
+| string.swift:561:13:561:13 | sub5 | semmle.label | sub5 |
+| string.swift:562:13:562:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:562:20:562:20 | sub5 :  | semmle.label | sub5 :  |
+| string.swift:564:14:564:14 | tainted :  | semmle.label | tainted :  |
+| string.swift:564:14:564:53 | call to suffix(from:) :  | semmle.label | call to suffix(from:) :  |
+| string.swift:565:13:565:13 | sub6 | semmle.label | sub6 |
+| string.swift:566:13:566:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:566:20:566:20 | sub6 :  | semmle.label | sub6 :  |
+| string.swift:622:13:622:28 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:622:20:622:27 | call to source() :  | semmle.label | call to source() :  |
+| string.swift:626:13:626:40 | call to String.init(describing:) | semmle.label | call to String.init(describing:) |
+| string.swift:626:32:626:39 | call to source() :  | semmle.label | call to source() :  |
 | subscript.swift:13:15:13:22 | call to source() :  | semmle.label | call to source() :  |
 | subscript.swift:13:15:13:25 | ...[...] | semmle.label | ...[...] |
 | subscript.swift:14:15:14:23 | call to source2() :  | semmle.label | call to source2() :  |
@@ -1296,6 +1820,7 @@ subpaths
 | data.swift:218:45:218:52 | call to source() :  | data.swift:54:2:54:82 | [summary param] 1 in replaceSubrange(_:with:count:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceSubrange(_:with:count:) :  | data.swift:218:2:218:2 | [post] dataTainted31 :  |
 | data.swift:223:45:223:52 | call to source() :  | data.swift:56:2:56:214 | [summary param] 1 in replacing(_:with:maxReplacements:) :  | file://:0:0:0:0 | [summary] to write: argument this in replacing(_:with:maxReplacements:) :  | data.swift:223:10:223:10 | [post] dataTainted32 :  |
 | data.swift:228:45:228:52 | call to source() :  | data.swift:57:2:57:236 | [summary param] 1 in replacing(_:with:subrange:maxReplacements:) :  | file://:0:0:0:0 | [summary] to write: argument this in replacing(_:with:subrange:maxReplacements:) :  | data.swift:228:10:228:10 | [post] dataTainted33 :  |
+| data.swift:233:12:233:12 | dataTainted34 :  | file://:0:0:0:0 | [summary param] this in reversed() :  | file://:0:0:0:0 | [summary] to write: return (return) in reversed() :  | data.swift:233:12:233:35 | call to reversed() |
 | data.swift:237:12:237:12 | dataTainted35 :  | data.swift:58:2:58:39 | [summary param] this in sorted() :  | file://:0:0:0:0 | [summary] to write: return (return) in sorted() :  | data.swift:237:12:237:33 | call to sorted() |
 | data.swift:241:12:241:12 | dataTainted36 :  | data.swift:59:2:59:81 | [summary param] this in sorted(by:) :  | file://:0:0:0:0 | [summary] to write: return (return) in sorted(by:) :  | data.swift:241:12:241:54 | call to sorted(by:) |
 | data.swift:245:12:245:12 | dataTainted37 :  | data.swift:60:2:60:132 | [summary param] this in sorted(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in sorted(using:) :  | data.swift:245:12:245:46 | call to sorted(using:) |
@@ -1336,6 +1861,63 @@ subpaths
 | nsmutabledata.swift:40:66:40:73 | call to source() :  | nsmutabledata.swift:17:5:17:121 | [summary param] 1 in replaceBytes(in:withBytes:length:) :  | file://:0:0:0:0 | [summary] to write: argument this in replaceBytes(in:withBytes:length:) :  | nsmutabledata.swift:40:5:40:5 | [post] nsMutableDataTainted4 :  |
 | nsmutabledata.swift:44:35:44:42 | call to source() :  | nsmutabledata.swift:18:5:18:33 | [summary param] 0 in setData(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in setData(_:) :  | nsmutabledata.swift:44:5:44:5 | [post] nsMutableDataTainted5 :  |
 | nsmutabledata.swift:49:15:49:15 | nsMutableDataTainted6 :  | nsmutabledata.swift:13:9:13:9 | self :  | file://:0:0:0:0 | .mutableBytes :  | nsmutabledata.swift:49:15:49:37 | .mutableBytes |
+| string.swift:170:29:170:29 | tainted :  | string.swift:103:3:103:82 | [summary param] 0 in appending(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in appending(_:) :  | string.swift:170:13:170:36 | call to appending(_:) |
+| string.swift:171:13:171:13 | tainted :  | string.swift:103:3:103:82 | [summary param] this in appending(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in appending(_:) :  | string.swift:171:13:171:36 | call to appending(_:) |
+| string.swift:172:13:172:13 | tainted :  | string.swift:103:3:103:82 | [summary param] this in appending(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in appending(_:) :  | string.swift:172:13:172:38 | call to appending(_:) |
+| string.swift:172:31:172:31 | tainted :  | string.swift:103:3:103:82 | [summary param] 0 in appending(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in appending(_:) :  | string.swift:172:13:172:38 | call to appending(_:) |
+| string.swift:185:15:185:23 | call to source2() :  | file://:0:0:0:0 | [summary param] 0 in append(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(_:) :  | string.swift:185:3:185:3 | [post] &... :  |
+| string.swift:192:27:192:35 | call to source2() :  | file://:0:0:0:0 | [summary param] 0 in append(contentsOf:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(contentsOf:) :  | string.swift:192:3:192:3 | [post] &... :  |
+| string.swift:199:14:199:22 | call to source2() :  | file://:0:0:0:0 | [summary param] 0 in write(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in write(_:) :  | string.swift:199:3:199:3 | [post] &... :  |
+| string.swift:206:27:206:35 | call to source2() :  | file://:0:0:0:0 | [summary param] 0 in insert(contentsOf:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in insert(contentsOf:at:) :  | string.swift:206:3:206:3 | [post] &... :  |
+| string.swift:216:20:216:20 | tainted :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:216:13:216:27 | call to String.init(_:) |
+| string.swift:217:20:217:20 | taintedInt :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:217:13:217:30 | call to String.init(_:) |
+| string.swift:219:28:219:28 | tainted :  | string.swift:64:3:64:63 | [summary param] 0 in String.init(format:_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:_:) :  | string.swift:219:13:219:44 | call to String.init(format:_:) |
+| string.swift:220:28:220:28 | tainted :  | string.swift:65:3:65:60 | [summary param] 0 in String.init(format:arguments:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:arguments:) :  | string.swift:220:13:220:50 | call to String.init(format:arguments:) |
+| string.swift:221:28:221:28 | tainted :  | string.swift:66:3:66:75 | [summary param] 0 in String.init(format:locale:_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:_:) :  | string.swift:221:13:221:57 | call to String.init(format:locale:_:) |
+| string.swift:222:28:222:28 | tainted :  | string.swift:67:3:67:77 | [summary param] 0 in String.init(format:locale:arguments:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:arguments:) :  | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) |
+| string.swift:223:46:223:46 | tainted :  | string.swift:69:3:69:106 | [summary param] 0 in localizedStringWithFormat(_:_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in localizedStringWithFormat(_:_:) :  | string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) |
+| string.swift:228:31:228:31 | tainted :  | file://:0:0:0:0 | [summary param] 0 in String.init(repeating:count:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(repeating:count:) :  | string.swift:228:13:228:48 | call to String.init(repeating:count:) |
+| string.swift:230:13:230:13 | tainted :  | file://:0:0:0:0 | [summary param] this in dropFirst(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in dropFirst(_:) :  | string.swift:230:13:230:33 | call to dropFirst(_:) |
+| string.swift:231:13:231:13 | tainted :  | file://:0:0:0:0 | [summary param] this in dropLast(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in dropLast(_:) :  | string.swift:231:13:231:32 | call to dropLast(_:) |
+| string.swift:232:13:232:13 | tainted :  | string.swift:101:3:101:64 | [summary param] this in substring(from:) :  | file://:0:0:0:0 | [summary] to write: return (return) in substring(from:) :  | string.swift:232:13:232:55 | call to substring(from:) |
+| string.swift:234:13:234:13 | tainted :  | file://:0:0:0:0 | [summary param] this in lowercased() :  | file://:0:0:0:0 | [summary] to write: return (return) in lowercased() :  | string.swift:234:13:234:32 | call to lowercased() |
+| string.swift:235:13:235:13 | tainted :  | file://:0:0:0:0 | [summary param] this in uppercased() :  | file://:0:0:0:0 | [summary] to write: return (return) in uppercased() :  | string.swift:235:13:235:32 | call to uppercased() |
+| string.swift:236:13:236:13 | tainted :  | string.swift:98:3:98:63 | [summary param] this in lowercased(with:) :  | file://:0:0:0:0 | [summary] to write: return (return) in lowercased(with:) :  | string.swift:236:13:236:41 | call to lowercased(with:) |
+| string.swift:237:13:237:13 | tainted :  | string.swift:99:3:99:63 | [summary param] this in uppercased(with:) :  | file://:0:0:0:0 | [summary] to write: return (return) in uppercased(with:) :  | string.swift:237:13:237:41 | call to uppercased(with:) |
+| string.swift:238:13:238:13 | tainted :  | string.swift:100:3:100:64 | [summary param] this in capitalized(with:) :  | file://:0:0:0:0 | [summary] to write: return (return) in capitalized(with:) :  | string.swift:238:13:238:42 | call to capitalized(with:) |
+| string.swift:239:13:239:13 | tainted :  | file://:0:0:0:0 | [summary param] this in reversed() :  | file://:0:0:0:0 | [summary] to write: return (return) in reversed() :  | string.swift:239:13:239:30 | call to reversed() |
+| string.swift:241:13:241:13 | tainted :  | file://:0:0:0:0 | [summary param] this in split(separator:maxSplits:omittingEmptySubsequences:) :  | file://:0:0:0:0 | [summary] to write: return (return) in split(separator:maxSplits:omittingEmptySubsequences:) :  | string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) |
+| string.swift:242:13:242:13 | tainted :  | file://:0:0:0:0 | [summary param] this in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  | file://:0:0:0:0 | [summary] to write: return (return) in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  | string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) |
+| string.swift:245:13:245:13 | tainted :  | string.swift:102:3:102:71 | [summary param] this in trimmingCharacters(in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in trimmingCharacters(in:) :  | string.swift:245:13:245:68 | call to trimmingCharacters(in:) |
+| string.swift:246:13:246:13 | tainted :  | string.swift:104:3:104:138 | [summary param] this in padding(toLength:withPad:startingAt:) :  | file://:0:0:0:0 | [summary] to write: return (return) in padding(toLength:withPad:startingAt:) :  | string.swift:246:13:246:70 | call to padding(toLength:withPad:startingAt:) |
+| string.swift:247:13:247:13 | tainted :  | string.swift:105:3:105:80 | [summary param] this in components(separatedBy:) :  | file://:0:0:0:0 | [summary] to write: return (return) in components(separatedBy:) :  | string.swift:247:13:247:69 | call to components(separatedBy:) |
+| string.swift:248:13:248:13 | tainted :  | string.swift:105:3:105:80 | [summary param] this in components(separatedBy:) :  | file://:0:0:0:0 | [summary] to write: return (return) in components(separatedBy:) :  | string.swift:248:13:248:69 | call to components(separatedBy:) :  |
+| string.swift:249:13:249:13 | tainted :  | string.swift:106:3:106:92 | [summary param] this in folding(options:locale:) :  | file://:0:0:0:0 | [summary] to write: return (return) in folding(options:locale:) :  | string.swift:249:13:249:40 | call to folding(options:locale:) |
+| string.swift:250:13:250:13 | tainted :  | string.swift:107:3:107:78 | [summary param] this in propertyListFromStringsFileFormat() :  | file://:0:0:0:0 | [summary] to write: return (return) in propertyListFromStringsFileFormat() :  | string.swift:250:13:250:55 | call to propertyListFromStringsFileFormat() |
+| string.swift:251:13:251:13 | tainted :  | string.swift:107:3:107:78 | [summary param] this in propertyListFromStringsFileFormat() :  | file://:0:0:0:0 | [summary] to write: return (return) in propertyListFromStringsFileFormat() :  | string.swift:251:13:251:55 | call to propertyListFromStringsFileFormat() :  |
+| string.swift:258:13:258:13 | tainted :  | string.swift:109:8:109:8 | self :  | string.swift:109:3:109:79 | self[return] :  | string.swift:258:13:258:13 | [post] tainted :  |
+| string.swift:302:13:302:13 | &... :  | file://:0:0:0:0 | [summary param] this in remove(at:) :  | file://:0:0:0:0 | [summary] to write: return (return) in remove(at:) :  | string.swift:302:13:302:44 | call to remove(at:) |
+| string.swift:317:13:317:13 | &... :  | file://:0:0:0:0 | [summary param] this in removeFirst() :  | file://:0:0:0:0 | [summary] to write: return (return) in removeFirst() :  | string.swift:317:13:317:30 | call to removeFirst() |
+| string.swift:321:13:321:13 | &... :  | file://:0:0:0:0 | [summary param] this in removeLast() :  | file://:0:0:0:0 | [summary] to write: return (return) in removeLast() :  | string.swift:321:13:321:29 | call to removeLast() |
+| string.swift:341:36:341:44 | call to source3() :  | string.swift:60:2:60:54 | [summary param] 0 in String.init(data:encoding:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(data:encoding:) :  | string.swift:341:23:341:77 | call to String.init(data:encoding:) :  |
+| string.swift:347:30:347:38 | call to source3() :  | file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) :  | string.swift:347:13:347:54 | call to String.init(decoding:as:) |
+| string.swift:389:22:389:22 | tainted :  | string.swift:108:3:108:74 | [summary param] this in cString(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in cString(using:) :  | string.swift:389:22:389:65 | call to cString(using:) :  |
+| string.swift:456:27:456:27 | taintedUInt8Values :  | string.swift:71:3:71:102 | [summary param] 0 in String.init(bytes:encoding:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(bytes:encoding:) :  | string.swift:456:13:456:77 | call to String.init(bytes:encoding:) :  |
+| string.swift:459:29:459:29 | taintedUInt8Values :  | file://:0:0:0:0 | [summary param] 0 in String.init(cString:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) :  | string.swift:459:13:459:47 | call to String.init(cString:) |
+| string.swift:512:29:512:29 | taintedCCharValues :  | file://:0:0:0:0 | [summary param] 0 in String.init(cString:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) :  | string.swift:512:13:512:47 | call to String.init(cString:) |
+| string.swift:546:20:546:20 | sub1 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:546:13:546:24 | call to String.init(_:) |
+| string.swift:548:14:548:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(_:) :  | string.swift:548:14:548:31 | call to prefix(_:) :  |
+| string.swift:550:20:550:20 | sub2 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:550:13:550:24 | call to String.init(_:) |
+| string.swift:552:14:552:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(through:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(through:) :  | string.swift:552:14:552:54 | call to prefix(through:) :  |
+| string.swift:554:20:554:20 | sub3 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:554:13:554:24 | call to String.init(_:) |
+| string.swift:556:14:556:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(upTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(upTo:) :  | string.swift:556:14:556:51 | call to prefix(upTo:) :  |
+| string.swift:558:20:558:20 | sub4 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:558:13:558:24 | call to String.init(_:) |
+| string.swift:560:14:560:14 | tainted :  | file://:0:0:0:0 | [summary param] this in suffix(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in suffix(_:) :  | string.swift:560:14:560:31 | call to suffix(_:) :  |
+| string.swift:562:20:562:20 | sub5 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:562:13:562:24 | call to String.init(_:) |
+| string.swift:564:14:564:14 | tainted :  | file://:0:0:0:0 | [summary param] this in suffix(from:) :  | file://:0:0:0:0 | [summary] to write: return (return) in suffix(from:) :  | string.swift:564:14:564:53 | call to suffix(from:) :  |
+| string.swift:566:20:566:20 | sub6 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:566:13:566:24 | call to String.init(_:) |
+| string.swift:622:20:622:27 | call to source() :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:622:13:622:28 | call to String.init(_:) |
+| string.swift:626:32:626:39 | call to source() :  | file://:0:0:0:0 | [summary param] 0 in String.init(describing:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(describing:) :  | string.swift:626:13:626:40 | call to String.init(describing:) |
 | ui.swift:55:10:55:10 | tainted :  | ui.swift:16:9:16:9 | self :  | file://:0:0:0:0 | .url :  | ui.swift:55:10:55:18 | .url |
 | ui.swift:64:10:64:10 | tainted :  | ui.swift:32:13:32:13 | self :  | file://:0:0:0:0 | .userActivities :  | ui.swift:64:10:64:18 | .userActivities |
 | ui.swift:68:10:68:10 | tainted :  | ui.swift:34:13:34:13 | self :  | file://:0:0:0:0 | .urlContexts :  | ui.swift:68:10:68:18 | .urlContexts |
@@ -1429,6 +2011,7 @@ subpaths
 | data.swift:219:12:219:12 | dataTainted31 | data.swift:218:45:218:52 | call to source() :  | data.swift:219:12:219:12 | dataTainted31 | result |
 | data.swift:224:12:224:12 | dataTainted32 | data.swift:223:45:223:52 | call to source() :  | data.swift:224:12:224:12 | dataTainted32 | result |
 | data.swift:229:12:229:12 | dataTainted33 | data.swift:228:45:228:52 | call to source() :  | data.swift:229:12:229:12 | dataTainted33 | result |
+| data.swift:233:12:233:35 | call to reversed() | data.swift:232:22:232:29 | call to source() :  | data.swift:233:12:233:35 | call to reversed() | result |
 | data.swift:237:12:237:33 | call to sorted() | data.swift:236:22:236:29 | call to source() :  | data.swift:237:12:237:33 | call to sorted() | result |
 | data.swift:241:12:241:54 | call to sorted(by:) | data.swift:240:22:240:29 | call to source() :  | data.swift:241:12:241:54 | call to sorted(by:) | result |
 | data.swift:245:12:245:46 | call to sorted(using:) | data.swift:244:22:244:29 | call to source() :  | data.swift:245:12:245:46 | call to sorted(using:) | result |
@@ -1470,21 +2053,102 @@ subpaths
 | nsmutabledata.swift:41:15:41:15 | nsMutableDataTainted4 | nsmutabledata.swift:40:66:40:73 | call to source() :  | nsmutabledata.swift:41:15:41:15 | nsMutableDataTainted4 | result |
 | nsmutabledata.swift:45:15:45:15 | nsMutableDataTainted5 | nsmutabledata.swift:44:35:44:42 | call to source() :  | nsmutabledata.swift:45:15:45:15 | nsMutableDataTainted5 | result |
 | nsmutabledata.swift:49:15:49:37 | .mutableBytes | nsmutabledata.swift:48:33:48:40 | call to source() :  | nsmutabledata.swift:49:15:49:37 | .mutableBytes | result |
-| string.swift:7:13:7:13 | "..." | string.swift:5:11:5:18 | call to source() :  | string.swift:7:13:7:13 | "..." | result |
-| string.swift:9:13:9:13 | "..." | string.swift:5:11:5:18 | call to source() :  | string.swift:9:13:9:13 | "..." | result |
-| string.swift:11:13:11:13 | "..." | string.swift:5:11:5:18 | call to source() :  | string.swift:11:13:11:13 | "..." | result |
-| string.swift:16:13:16:13 | "..." | string.swift:5:11:5:18 | call to source() :  | string.swift:16:13:16:13 | "..." | result |
-| string.swift:18:13:18:13 | "..." | string.swift:5:11:5:18 | call to source() :  | string.swift:18:13:18:13 | "..." | result |
-| string.swift:31:13:31:13 | tainted | string.swift:28:17:28:25 | call to source2() :  | string.swift:31:13:31:13 | tainted | result |
-| string.swift:34:13:34:21 | ... .+(_:_:) ... | string.swift:28:17:28:25 | call to source2() :  | string.swift:34:13:34:21 | ... .+(_:_:) ... | result |
-| string.swift:35:13:35:23 | ... .+(_:_:) ... | string.swift:28:17:28:25 | call to source2() :  | string.swift:35:13:35:23 | ... .+(_:_:) ... | result |
-| string.swift:36:13:36:23 | ... .+(_:_:) ... | string.swift:28:17:28:25 | call to source2() :  | string.swift:36:13:36:23 | ... .+(_:_:) ... | result |
-| string.swift:39:13:39:29 | ... .+(_:_:) ... | string.swift:28:17:28:25 | call to source2() :  | string.swift:39:13:39:29 | ... .+(_:_:) ... | result |
-| string.swift:85:13:85:21 | .description | string.swift:74:17:74:25 | call to source2() :  | string.swift:85:13:85:21 | .description | result |
-| string.swift:88:13:88:21 | .debugDescription | string.swift:74:17:74:25 | call to source2() :  | string.swift:88:13:88:21 | .debugDescription | result |
-| string.swift:126:13:126:13 | tainted | string.swift:121:17:121:25 | call to source2() :  | string.swift:126:13:126:13 | tainted | result |
-| string.swift:127:13:127:13 | taintedCString | string.swift:122:24:122:32 | call to source2() :  | string.swift:127:13:127:13 | taintedCString | result |
-| string.swift:128:13:128:13 | taintedUnicodeScalars | string.swift:123:31:123:39 | call to source2() :  | string.swift:128:13:128:13 | taintedUnicodeScalars | result |
+| string.swift:134:13:134:13 | "..." | string.swift:132:11:132:18 | call to source() :  | string.swift:134:13:134:13 | "..." | result |
+| string.swift:136:13:136:13 | "..." | string.swift:132:11:132:18 | call to source() :  | string.swift:136:13:136:13 | "..." | result |
+| string.swift:138:13:138:13 | "..." | string.swift:132:11:132:18 | call to source() :  | string.swift:138:13:138:13 | "..." | result |
+| string.swift:144:13:144:13 | "..." | string.swift:132:11:132:18 | call to source() :  | string.swift:144:13:144:13 | "..." | result |
+| string.swift:146:13:146:13 | "..." | string.swift:132:11:132:18 | call to source() :  | string.swift:146:13:146:13 | "..." | result |
+| string.swift:159:13:159:13 | tainted | string.swift:156:17:156:25 | call to source2() :  | string.swift:159:13:159:13 | tainted | result |
+| string.swift:162:13:162:21 | ... .+(_:_:) ... | string.swift:156:17:156:25 | call to source2() :  | string.swift:162:13:162:21 | ... .+(_:_:) ... | result |
+| string.swift:163:13:163:23 | ... .+(_:_:) ... | string.swift:156:17:156:25 | call to source2() :  | string.swift:163:13:163:23 | ... .+(_:_:) ... | result |
+| string.swift:164:13:164:23 | ... .+(_:_:) ... | string.swift:156:17:156:25 | call to source2() :  | string.swift:164:13:164:23 | ... .+(_:_:) ... | result |
+| string.swift:167:13:167:29 | ... .+(_:_:) ... | string.swift:156:17:156:25 | call to source2() :  | string.swift:167:13:167:29 | ... .+(_:_:) ... | result |
+| string.swift:170:13:170:36 | call to appending(_:) | string.swift:156:17:156:25 | call to source2() :  | string.swift:170:13:170:36 | call to appending(_:) | result |
+| string.swift:171:13:171:36 | call to appending(_:) | string.swift:156:17:156:25 | call to source2() :  | string.swift:171:13:171:36 | call to appending(_:) | result |
+| string.swift:172:13:172:38 | call to appending(_:) | string.swift:156:17:156:25 | call to source2() :  | string.swift:172:13:172:38 | call to appending(_:) | result |
+| string.swift:186:13:186:13 | str2 | string.swift:185:15:185:23 | call to source2() :  | string.swift:186:13:186:13 | str2 | result |
+| string.swift:193:13:193:13 | str3 | string.swift:192:27:192:35 | call to source2() :  | string.swift:193:13:193:13 | str3 | result |
+| string.swift:200:13:200:13 | str4 | string.swift:199:14:199:22 | call to source2() :  | string.swift:200:13:200:13 | str4 | result |
+| string.swift:207:13:207:13 | str5 | string.swift:206:27:206:35 | call to source2() :  | string.swift:207:13:207:13 | str5 | result |
+| string.swift:216:13:216:27 | call to String.init(_:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:216:13:216:27 | call to String.init(_:) | result |
+| string.swift:217:13:217:30 | call to String.init(_:) | string.swift:213:20:213:27 | call to source() :  | string.swift:217:13:217:30 | call to String.init(_:) | result |
+| string.swift:219:13:219:44 | call to String.init(format:_:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:219:13:219:44 | call to String.init(format:_:) | result |
+| string.swift:220:13:220:50 | call to String.init(format:arguments:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:220:13:220:50 | call to String.init(format:arguments:) | result |
+| string.swift:221:13:221:57 | call to String.init(format:locale:_:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:221:13:221:57 | call to String.init(format:locale:_:) | result |
+| string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) | result |
+| string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) | result |
+| string.swift:228:13:228:48 | call to String.init(repeating:count:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:228:13:228:48 | call to String.init(repeating:count:) | result |
+| string.swift:230:13:230:33 | call to dropFirst(_:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:230:13:230:33 | call to dropFirst(_:) | result |
+| string.swift:231:13:231:32 | call to dropLast(_:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:231:13:231:32 | call to dropLast(_:) | result |
+| string.swift:232:13:232:55 | call to substring(from:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:232:13:232:55 | call to substring(from:) | result |
+| string.swift:234:13:234:32 | call to lowercased() | string.swift:212:17:212:25 | call to source2() :  | string.swift:234:13:234:32 | call to lowercased() | result |
+| string.swift:235:13:235:32 | call to uppercased() | string.swift:212:17:212:25 | call to source2() :  | string.swift:235:13:235:32 | call to uppercased() | result |
+| string.swift:236:13:236:41 | call to lowercased(with:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:236:13:236:41 | call to lowercased(with:) | result |
+| string.swift:237:13:237:41 | call to uppercased(with:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:237:13:237:41 | call to uppercased(with:) | result |
+| string.swift:238:13:238:42 | call to capitalized(with:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:238:13:238:42 | call to capitalized(with:) | result |
+| string.swift:239:13:239:30 | call to reversed() | string.swift:212:17:212:25 | call to source2() :  | string.swift:239:13:239:30 | call to reversed() | result |
+| string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) | result |
+| string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) | result |
+| string.swift:245:13:245:68 | call to trimmingCharacters(in:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:245:13:245:68 | call to trimmingCharacters(in:) | result |
+| string.swift:246:13:246:70 | call to padding(toLength:withPad:startingAt:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:246:13:246:70 | call to padding(toLength:withPad:startingAt:) | result |
+| string.swift:247:13:247:69 | call to components(separatedBy:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:247:13:247:69 | call to components(separatedBy:) | result |
+| string.swift:248:13:248:72 | ...[...] | string.swift:212:17:212:25 | call to source2() :  | string.swift:248:13:248:72 | ...[...] | result |
+| string.swift:249:13:249:40 | call to folding(options:locale:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:249:13:249:40 | call to folding(options:locale:) | result |
+| string.swift:250:13:250:55 | call to propertyListFromStringsFileFormat() | string.swift:212:17:212:25 | call to source2() :  | string.swift:250:13:250:55 | call to propertyListFromStringsFileFormat() | result |
+| string.swift:251:13:251:63 | ...! | string.swift:212:17:212:25 | call to source2() :  | string.swift:251:13:251:63 | ...! | result |
+| string.swift:270:13:270:21 | .description | string.swift:212:17:212:25 | call to source2() :  | string.swift:270:13:270:21 | .description | result |
+| string.swift:272:13:272:21 | .debugDescription | string.swift:212:17:212:25 | call to source2() :  | string.swift:272:13:272:21 | .debugDescription | result |
+| string.swift:274:13:274:21 | .utf8 | string.swift:212:17:212:25 | call to source2() :  | string.swift:274:13:274:21 | .utf8 | result |
+| string.swift:276:13:276:21 | .utf16 | string.swift:212:17:212:25 | call to source2() :  | string.swift:276:13:276:21 | .utf16 | result |
+| string.swift:278:13:278:21 | .unicodeScalars | string.swift:212:17:212:25 | call to source2() :  | string.swift:278:13:278:21 | .unicodeScalars | result |
+| string.swift:280:13:280:21 | .utf8CString | string.swift:212:17:212:25 | call to source2() :  | string.swift:280:13:280:21 | .utf8CString | result |
+| string.swift:282:13:282:21 | .lazy | string.swift:212:17:212:25 | call to source2() :  | string.swift:282:13:282:21 | .lazy | result |
+| string.swift:284:13:284:21 | .capitalized | string.swift:212:17:212:25 | call to source2() :  | string.swift:284:13:284:21 | .capitalized | result |
+| string.swift:286:13:286:21 | .localizedCapitalized | string.swift:212:17:212:25 | call to source2() :  | string.swift:286:13:286:21 | .localizedCapitalized | result |
+| string.swift:288:13:288:21 | .localizedLowercase | string.swift:212:17:212:25 | call to source2() :  | string.swift:288:13:288:21 | .localizedLowercase | result |
+| string.swift:290:13:290:21 | .localizedUppercase | string.swift:212:17:212:25 | call to source2() :  | string.swift:290:13:290:21 | .localizedUppercase | result |
+| string.swift:292:13:292:21 | .decomposedStringWithCanonicalMapping | string.swift:212:17:212:25 | call to source2() :  | string.swift:292:13:292:21 | .decomposedStringWithCanonicalMapping | result |
+| string.swift:294:13:294:21 | .precomposedStringWithCompatibilityMapping | string.swift:212:17:212:25 | call to source2() :  | string.swift:294:13:294:21 | .precomposedStringWithCompatibilityMapping | result |
+| string.swift:296:13:296:44 | ...! | string.swift:212:17:212:25 | call to source2() :  | string.swift:296:13:296:44 | ...! | result |
+| string.swift:301:13:301:13 | str1 | string.swift:300:14:300:22 | call to source2() :  | string.swift:301:13:301:13 | str1 | result |
+| string.swift:302:13:302:44 | call to remove(at:) | string.swift:300:14:300:22 | call to source2() :  | string.swift:302:13:302:44 | call to remove(at:) | result |
+| string.swift:303:13:303:13 | str1 | string.swift:300:14:300:22 | call to source2() :  | string.swift:303:13:303:13 | str1 | result |
+| string.swift:306:13:306:13 | str2 | string.swift:305:14:305:22 | call to source2() :  | string.swift:306:13:306:13 | str2 | result |
+| string.swift:308:13:308:13 | str2 | string.swift:305:14:305:22 | call to source2() :  | string.swift:308:13:308:13 | str2 | result |
+| string.swift:311:13:311:13 | str3 | string.swift:310:14:310:22 | call to source2() :  | string.swift:311:13:311:13 | str3 | result |
+| string.swift:313:13:313:13 | str3 | string.swift:310:14:310:22 | call to source2() :  | string.swift:313:13:313:13 | str3 | result |
+| string.swift:316:13:316:13 | str4 | string.swift:315:14:315:22 | call to source2() :  | string.swift:316:13:316:13 | str4 | result |
+| string.swift:317:13:317:30 | call to removeFirst() | string.swift:315:14:315:22 | call to source2() :  | string.swift:317:13:317:30 | call to removeFirst() | result |
+| string.swift:318:13:318:13 | str4 | string.swift:315:14:315:22 | call to source2() :  | string.swift:318:13:318:13 | str4 | result |
+| string.swift:320:13:320:13 | str4 | string.swift:315:14:315:22 | call to source2() :  | string.swift:320:13:320:13 | str4 | result |
+| string.swift:321:13:321:29 | call to removeLast() | string.swift:315:14:315:22 | call to source2() :  | string.swift:321:13:321:29 | call to removeLast() | result |
+| string.swift:322:13:322:13 | str4 | string.swift:315:14:315:22 | call to source2() :  | string.swift:322:13:322:13 | str4 | result |
+| string.swift:324:13:324:13 | str4 | string.swift:315:14:315:22 | call to source2() :  | string.swift:324:13:324:13 | str4 | result |
+| string.swift:327:13:327:13 | str5 | string.swift:326:14:326:22 | call to source2() :  | string.swift:327:13:327:13 | str5 | result |
+| string.swift:329:13:329:13 | str5 | string.swift:326:14:326:22 | call to source2() :  | string.swift:329:13:329:13 | str5 | result |
+| string.swift:332:13:332:13 | str6 | string.swift:331:14:331:22 | call to source2() :  | string.swift:332:13:332:13 | str6 | result |
+| string.swift:334:13:334:13 | str6 | string.swift:331:14:331:22 | call to source2() :  | string.swift:334:13:334:13 | str6 | result |
+| string.swift:344:12:344:25 | ...! | string.swift:341:36:341:44 | call to source3() :  | string.swift:344:12:344:25 | ...! | result |
+| string.swift:347:13:347:54 | call to String.init(decoding:as:) | string.swift:347:30:347:38 | call to source3() :  | string.swift:347:13:347:54 | call to String.init(decoding:as:) | result |
+| string.swift:390:13:390:13 | arrayString2 | string.swift:352:17:352:25 | call to source2() :  | string.swift:390:13:390:13 | arrayString2 | result |
+| string.swift:456:13:456:78 | ...! | string.swift:436:28:436:36 | call to source4() :  | string.swift:456:13:456:78 | ...! | result |
+| string.swift:459:13:459:47 | call to String.init(cString:) | string.swift:436:28:436:36 | call to source4() :  | string.swift:459:13:459:47 | call to String.init(cString:) | result |
+| string.swift:512:13:512:47 | call to String.init(cString:) | string.swift:492:37:492:45 | call to source5() :  | string.swift:512:13:512:47 | call to String.init(cString:) | result |
+| string.swift:542:13:542:21 | call to source7() | string.swift:542:13:542:21 | call to source7() | string.swift:542:13:542:21 | call to source7() | result |
+| string.swift:545:13:545:13 | sub1 | string.swift:540:17:540:25 | call to source2() :  | string.swift:545:13:545:13 | sub1 | result |
+| string.swift:546:13:546:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:546:13:546:24 | call to String.init(_:) | result |
+| string.swift:549:13:549:13 | sub2 | string.swift:540:17:540:25 | call to source2() :  | string.swift:549:13:549:13 | sub2 | result |
+| string.swift:550:13:550:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:550:13:550:24 | call to String.init(_:) | result |
+| string.swift:553:13:553:13 | sub3 | string.swift:540:17:540:25 | call to source2() :  | string.swift:553:13:553:13 | sub3 | result |
+| string.swift:554:13:554:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:554:13:554:24 | call to String.init(_:) | result |
+| string.swift:557:13:557:13 | sub4 | string.swift:540:17:540:25 | call to source2() :  | string.swift:557:13:557:13 | sub4 | result |
+| string.swift:558:13:558:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:558:13:558:24 | call to String.init(_:) | result |
+| string.swift:561:13:561:13 | sub5 | string.swift:540:17:540:25 | call to source2() :  | string.swift:561:13:561:13 | sub5 | result |
+| string.swift:562:13:562:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:562:13:562:24 | call to String.init(_:) | result |
+| string.swift:565:13:565:13 | sub6 | string.swift:540:17:540:25 | call to source2() :  | string.swift:565:13:565:13 | sub6 | result |
+| string.swift:566:13:566:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:566:13:566:24 | call to String.init(_:) | result |
+| string.swift:622:13:622:28 | call to String.init(_:) | string.swift:622:20:622:27 | call to source() :  | string.swift:622:13:622:28 | call to String.init(_:) | result |
+| string.swift:626:13:626:40 | call to String.init(describing:) | string.swift:626:32:626:39 | call to source() :  | string.swift:626:13:626:40 | call to String.init(describing:) | result |
 | subscript.swift:13:15:13:25 | ...[...] | subscript.swift:13:15:13:22 | call to source() :  | subscript.swift:13:15:13:25 | ...[...] | result |
 | subscript.swift:14:15:14:26 | ...[...] | subscript.swift:14:15:14:23 | call to source2() :  | subscript.swift:14:15:14:26 | ...[...] | result |
 | try.swift:9:13:9:24 | try ... | try.swift:9:17:9:24 | call to source() :  | try.swift:9:13:9:24 | try ... | result |

swift/ql/test/library-tests/dataflow/taint/data.swift

@@ -230,7 +230,7 @@ func taintThroughData() {
 
 	// ";Data;true;reversed();;;Argument[-1];ReturnValue;taint",
 	let dataTainted34 = source() as! Data
-	sink(arg: dataTainted34.reversed()) // $ MISSING: tainted=232 // Needs models for BidirectionalCollection
+	sink(arg: dataTainted34.reversed()) // $ tainted=232
 
 	// ";Data;true;sorted();;;Argument[-1];ReturnValue;taint",
 	let dataTainted35 = source() as! Data

swift/ql/test/library-tests/dataflow/taint/string.swift

@@ -1,21 +1,149 @@
+
+// --- stubs ---
+
+typealias unichar = UInt16
+
+struct Locale {
+}
+
+struct FilePath {
+  init(_ string: String) {}
+
+  var `extension`: String? { get { "" } set {} }
+  var stem: String? { get { "" } }
+  var string: String { get { "" } }
+  var description: String { get { "" } }
+  var debugDescription: String { get { "" } }
+
+  mutating func append(_ other: String) {}
+  func appending(_ other: String) -> FilePath { return FilePath("") }
+
+  func withCString<Result>(_ body: (UnsafePointer<CChar>) throws -> Result) rethrows -> Result {
+    return 0 as! Result
+  }
+  func withPlatformString<Result>(_ body: (UnsafePointer<CInterop.PlatformChar>) throws -> Result) rethrows -> Result {
+    return 0 as! Result
+  }
+}
+
+enum CInterop {
+  typealias Char = CChar
+  typealias PlatformChar = CInterop.Char
+}
+
+struct CharacterSet {
+  static var whitespaces: CharacterSet { get { return CharacterSet() } }
+}
+
+class NSObject {
+}
+
+class NSString : NSObject {
+  struct CompareOptions : OptionSet {
+    init(rawValue: UInt) { self.rawValue = rawValue }
+
+    var rawValue: UInt
+  }
+}
+
+extension String : CVarArg {
+  typealias CompareOptions = NSString.CompareOptions
+
+  public var _cVarArgEncoding: [Int] { get { return [] } }
+  static var availableStringEncodings: [String.Encoding] { get { [] } }
+  static var defaultCStringEncoding: String.Encoding { get { String.Encoding.utf8 } }
+
+	struct Encoding {
+		static let utf8 = Encoding()
+	}
+
+	init?(data: Data, encoding: Encoding) { self.init() }
+
+  init(decoding path: FilePath) { self.init() }
+
+  init(format: String, _ arguments: CVarArg...) { self.init() }
+  init(format: String, arguments: [CVarArg]) { self.init() }
+  init(format: String, locale: Locale?, _ args: CVarArg...) { self.init() }
+  init(format: String, locale: Locale?, arguments: [CVarArg]) { self.init() }
+
+  static func localizedStringWithFormat(_ format: String, _ arguments: CVarArg...) -> String { return "" }
+
+  init?<S>(bytes: S, encoding: String.Encoding) where S : Sequence, S.Element == UInt8 { self.init() }
+
+  init(cString nullTerminatedUTF8: UnsafePointer<CChar>) { self.init() }
+  init(cString nullTerminatedUTF8: UnsafePointer<UInt8>) { self.init() }
+  init?(bytesNoCopy bytes: UnsafeMutableRawPointer, length: Int, encoding: String.Encoding, freeWhenDone flag: Bool) { self.init() }
+  init?(utf8String bytes: UnsafePointer<CChar>) { self.init() }
+  init(utf16CodeUnits: UnsafePointer<unichar>, count: Int) { self.init() }
+  init(utf16CodeUnitsNoCopy: UnsafePointer<unichar>, count: Int, freeWhenDone flag: Bool) { self.init() }
+
+  init(platformString: UnsafePointer<CInterop.PlatformChar>) { self.init() }
+  init?(validatingPlatformString platformStrinbg: UnsafePointer<CInterop.PlatformChar>) { self.init() }
+  func withPlatformString<Result>(_ body: (UnsafePointer<CInterop.PlatformChar>) throws -> Result) rethrows -> Result { return 0 as! Result }
+
+  init?(validating path: FilePath) { self.init() }
+}
+
+extension StringProtocol {
+  var capitalized: String { get { "" } }
+  var localizedCapitalized: String { get { "" } }
+  var localizedLowercase: String { get { "" } }
+  var localizedUppercase: String { get { "" } }
+  var removingPercentEncoding: String? { get { "" } }
+  var decomposedStringWithCanonicalMapping: String { get { "" } }
+  var decomposedStringWithCompatibilityMapping: String { get { "" } }
+  var precomposedStringWithCanonicalMapping: String { get { "" } }
+  var precomposedStringWithCompatibilityMapping: String { get { "" } }
+
+  func lowercased(with locale: Locale?) -> String { return "" }
+  func uppercased(with locale: Locale?) -> String { return "" }
+  func capitalized(with locale: Locale?) -> String { return "" }
+  func substring(from index: Self.Index) -> String { return "" }
+  func trimmingCharacters(in set: CharacterSet) -> String { return "" }
+  func appending<T>(_ aString: T) -> String where T : StringProtocol { return "" }
+  func padding<T>(toLength newLength: Int, withPad padString: T, startingAt padIndex: Int) -> String where T: StringProtocol { return "" }
+  func components(separatedBy separator: CharacterSet) -> [String] { return [] }
+  func folding(options: String.CompareOptions = [], locale: Locale?) -> String { return "" }
+  func propertyListFromStringsFileFormat() -> [String : String] { return [:] }
+  func cString(using encoding: String.Encoding) -> [CChar]? { return nil }
+  func enumerateLines(invoking body: @escaping (String, inout Bool) -> Void) {}
+}
+
+class Data
+{
+    init<S>(_ elements: S) {}
+}
+
+extension Data : Collection {
+  typealias Index = Int
+
+  var startIndex: Data.Index { get { return 0 } }
+  var endIndex: Data.Index { get { return 0 } }
+  subscript(index: Data.Index) -> UInt8 { get { return 0 } }
+  func index(after i: Data.Index) -> Data.Index { return 0 }
+}
+
+// --- tests ---
+
 func source() -> Int { return 0; }
-func sink(arg: String) {}
+func sink(arg: Any) {}
 
 func taintThroughInterpolatedStrings() {
   var x = source()
 
-  sink(arg: "\(x)") // $ tainted=5
+  sink(arg: "\(x)") // $ tainted=132
 
-  sink(arg: "\(x) \(x)") // $ tainted=5
+  sink(arg: "\(x) \(x)") // $ tainted=132
 
-  sink(arg: "\(x) \(0) \(x)") // $ tainted=5
+  sink(arg: "\(x) \(0) \(x)") // $ tainted=132
+
+  let y = 42
 
-  var y = 42
   sink(arg: "\(y)") // clean
 
-  sink(arg: "\(x) hello \(y)") // $ tainted=5
+  sink(arg: "\(x) hello \(y)") // $ tainted=132
 
-  sink(arg: "\(y) world \(x)") // $ tainted=5
+  sink(arg: "\(y) world \(x)") // $ tainted=132
 
   x = 0
   sink(arg: "\(x)") // clean
@@ -24,84 +152,188 @@ func taintThroughInterpolatedStrings() {
 func source2() -> String { return ""; }
 
 func taintThroughStringConcatenation() {
-  var clean = "abcdef"
-  var tainted = source2()
+  let clean = "abcdef"
+  let tainted = source2()
 
   sink(arg: clean)
-  sink(arg: tainted) // $ tainted=28
+  sink(arg: tainted) // $ tainted=156
 
   sink(arg: clean + clean)
-  sink(arg: clean + tainted) // $ tainted=28
-  sink(arg: tainted + clean) // $ tainted=28
-  sink(arg: tainted + tainted) // $ tainted=28
+  sink(arg: clean + tainted) // $ tainted=156
+  sink(arg: tainted + clean) // $ tainted=156
+  sink(arg: tainted + tainted) // $ tainted=156
 
   sink(arg: ">" + clean + "<")
-  sink(arg: ">" + tainted + "<") // $ tainted=28
+  sink(arg: ">" + tainted + "<") // $ tainted=156
+
+  sink(arg: clean.appending(clean))
+  sink(arg: clean.appending(tainted)) // $ tainted=156
+  sink(arg: tainted.appending(clean)) // $ tainted=156
+  sink(arg: tainted.appending(tainted)) // $ tainted=156
 
   var str = "abc"
-
   sink(arg: str)
-
   str += "def"
   sink(arg: str)
-
   str += source2()
-  sink(arg: str) // $ MISSING: tainted=48
+  sink(arg: str) // $ MISSING: tainted=178
 
   var str2 = "abc"
-
   sink(arg: str2)
-
   str2.append("def")
   sink(arg: str2)
-
   str2.append(source2())
-  sink(arg: str2) // $ MISSING: tainted=58
+  sink(arg: str2) // $ tainted=185
 
   var str3 = "abc"
-
   sink(arg: str3)
-
   str3.append(contentsOf: "def")
   sink(arg: str3)
-
   str3.append(contentsOf: source2())
-  sink(arg: str2) // $ MISSING: tainted=68
+  sink(arg: str3) // $ tainted=192
+
+  var str4 = "abc"
+  sink(arg: str4)
+  str4.write("def")
+  sink(arg: str4)
+  str4.write(source2())
+  sink(arg: str4) // $ tainted=199
+
+  var str5 = "abc"
+  sink(arg: str5)
+  str5.insert(contentsOf: "abc", at: str5.startIndex)
+  sink(arg: str5)
+  str5.insert(contentsOf: source2(), at: str5.startIndex)
+  sink(arg: str5) // $ tainted=206
 }
 
-func taintThroughStringOperations() {
-  var clean = ""
-  var tainted = source2()
-  var taintedInt = source()
+func taintThroughSimpleStringOperations() {
+  let clean = ""
+  let tainted = source2()
+  let taintedInt = source()
 
   sink(arg: String(clean))
-  sink(arg: String(tainted)) // $ MISSING: tainted=74
-  sink(arg: String(taintedInt)) // $ MISSING: tainted=75
+  sink(arg: String(tainted)) // $ tainted=212
+  sink(arg: String(taintedInt)) // $ tainted=213
+
+  sink(arg: String(format: tainted, 1, 2, 3)) // $ tainted=212
+  sink(arg: String(format: tainted, arguments: [])) // $ tainted=212
+  sink(arg: String(format: tainted, locale: nil, 1, 2, 3)) // $ tainted=212
+  sink(arg: String(format: tainted, locale: nil, arguments: [])) // $ tainted=212
+  sink(arg: String.localizedStringWithFormat(tainted, 1, 2, 3)) // $ tainted=212
+  sink(arg: String(format: "%s", tainted)) // $ MISSING: tainted=212
+  sink(arg: String(format: "%i %i %i", 1, 2, taintedInt)) // $ MISSING: tainted=213
 
   sink(arg: String(repeating: clean, count: 2))
-  sink(arg: String(repeating: tainted, count: 2)) // $ MISSING: tainted=74
+  sink(arg: String(repeating: tainted, count: 2)) // $ tainted=212
+
+  sink(arg: tainted.dropFirst(10)) // $ tainted=212
+  sink(arg: tainted.dropLast(10)) // $ tainted=212
+  sink(arg: tainted.substring(from: tainted.startIndex)) // $ tainted=212
+
+  sink(arg: tainted.lowercased()) // $ tainted=212
+  sink(arg: tainted.uppercased()) // $ tainted=212
+  sink(arg: tainted.lowercased(with: nil)) // $ tainted=212
+  sink(arg: tainted.uppercased(with: nil)) // $ tainted=212
+  sink(arg: tainted.capitalized(with: nil)) // $ tainted=212
+  sink(arg: tainted.reversed()) // $ tainted=212
+
+  sink(arg: tainted.split(separator: ",")) // $ tainted=212
+  sink(arg: tainted.split(whereSeparator: { // $ tainted=212
+    c in return (c == ",")
+  }))
+  sink(arg: tainted.trimmingCharacters(in: CharacterSet.whitespaces)) // $ tainted=212
+  sink(arg: tainted.padding(toLength: 20, withPad: " ", startingAt: 0)) // $ tainted=212
+  sink(arg: tainted.components(separatedBy: CharacterSet.whitespaces)) // $ tainted=212
+  sink(arg: tainted.components(separatedBy: CharacterSet.whitespaces)[0]) // $ tainted=212
+  sink(arg: tainted.folding(locale: nil)) // $ tainted=212
+  sink(arg: tainted.propertyListFromStringsFileFormat()) // $ tainted=212
+  sink(arg: tainted.propertyListFromStringsFileFormat()["key"]!) // $ tainted=212
+
+  sink(arg: clean.enumerateLines(invoking: {
+    line, stop in
+    sink(arg: line)
+    sink(arg: stop)
+  }))
+  sink(arg: tainted.enumerateLines(invoking: {
+    line, stop in
+    sink(arg: line) // $ MISSING: tainted=212
+    sink(arg: stop)
+  }))
+
+  sink(arg: [clean, clean].joined())
+  sink(arg: [tainted, clean].joined()) // $ MISSING: tainted=212
+  sink(arg: [clean, tainted].joined()) // $ MISSING: tainted=212
+  sink(arg: [tainted, tainted].joined()) // $ MISSING: tainted=212
 
   sink(arg: clean.description)
-  sink(arg: tainted.description) // $ tainted=74
-
+  sink(arg: tainted.description) // $ tainted=212
   sink(arg: clean.debugDescription)
-  sink(arg: tainted.debugDescription) // $ tainted=74
+  sink(arg: tainted.debugDescription) // $ tainted=212
+  sink(arg: clean.utf8)
+  sink(arg: tainted.utf8) // $ tainted=212
+  sink(arg: clean.utf16)
+  sink(arg: tainted.utf16) // $ tainted=212
+  sink(arg: clean.unicodeScalars)
+  sink(arg: tainted.unicodeScalars) // $ tainted=212
+  sink(arg: clean.utf8CString)
+  sink(arg: tainted.utf8CString) // $ tainted=212
+  sink(arg: clean.lazy)
+  sink(arg: tainted.lazy) // $ tainted=212
+  sink(arg: clean.capitalized)
+  sink(arg: tainted.capitalized) // $ tainted=212
+  sink(arg: clean.localizedCapitalized)
+  sink(arg: tainted.localizedCapitalized) // $ tainted=212
+  sink(arg: clean.localizedLowercase)
+  sink(arg: tainted.localizedLowercase) // $ tainted=212
+  sink(arg: clean.localizedUppercase)
+  sink(arg: tainted.localizedUppercase) // $ tainted=212
+  sink(arg: clean.decomposedStringWithCanonicalMapping)
+  sink(arg: tainted.decomposedStringWithCanonicalMapping) // $ tainted=212
+  sink(arg: clean.precomposedStringWithCompatibilityMapping)
+  sink(arg: tainted.precomposedStringWithCompatibilityMapping) // $ tainted=212
+  sink(arg: clean.removingPercentEncoding!)
+  sink(arg: tainted.removingPercentEncoding!) // $ tainted=212
 }
 
-class Data
-{
-    init<S>(_ elements: S) {}
+func taintThroughMutatingStringOperations() {
+  var str1 = source2()
+  sink(arg: str1) // $ tainted=300
+  sink(arg: str1.remove(at: str1.startIndex)) // $ tainted=300
+  sink(arg: str1) // $ tainted=300
+
+  var str2 = source2()
+  sink(arg: str2) // $ tainted=305
+  str2.removeAll()
+  sink(arg: str2) // $ SPURIOUS: tainted=305
+
+  var str3 = source2()
+  sink(arg: str3) // $ tainted=310
+  str3.removeAll(where: { _ in true } )
+  sink(arg: str3) // $ SPURIOUS: tainted=310
+
+  var str4 = source2()
+  sink(arg: str4) // $ tainted=315
+  sink(arg: str4.removeFirst()) // $ tainted=315
+  sink(arg: str4) // $ tainted=315
+  str4.removeFirst(5)
+  sink(arg: str4) // $ tainted=315
+  sink(arg: str4.removeLast()) // $ tainted=315
+  sink(arg: str4) // $ tainted=315
+  str4.removeLast(5)
+  sink(arg: str4) // $ tainted=315
+
+  var str5 = source2()
+  sink(arg: str5) // $ tainted=326
+  str5.removeSubrange(str5.startIndex ... str5.index(str5.startIndex, offsetBy: 5))
+  sink(arg: str5) // $ tainted=326
+
+  var str6 = source2()
+  sink(arg: str6) // $ tainted=331
+  str6.makeContiguousUTF8()
+  sink(arg: str6) // $ tainted=331
 }
 
-extension String {
-	struct Encoding {
-		static let utf8 = Encoding()
-	}
-
-	init?(data: Data, encoding: Encoding) { self.init() }
-}
-
-
 func source3() -> Data { return Data("") }
 
 func taintThroughData() {
@@ -109,21 +341,298 @@ func taintThroughData() {
   let stringTainted = String(data: source3(), encoding: String.Encoding.utf8)
 
 	sink(arg: stringClean!)
-	sink(arg: stringTainted!) // $ MISSING: tainted=100
+	sink(arg: stringTainted!) // $ tainted=341
+
+  sink(arg: String(decoding: Data(""), as: UTF8.self))
+  sink(arg: String(decoding: source3(), as: UTF8.self)) // $ tainted=347
 }
 
-func sink(arg: String.UTF8View) {}
-func sink(arg: ContiguousArray<CChar>) {}
-func sink(arg: String.UnicodeScalarView) {}
+func taintThroughEncodings() {
+  var clean = ""
+  var tainted = source2()
 
-func taintThroughStringFields() {
-  let clean = ""
-  let tainted = source2().utf8
-  let taintedCString = source2().utf8CString
-  let taintedUnicodeScalars = source2().unicodeScalars
+  clean.withUTF8({
+    buffer in
+    sink(arg: buffer)
+    sink(arg: buffer.baseAddress!)
+  })
+  tainted.withUTF8({
+    buffer in
+    sink(arg: buffer) // $ MISSING: tainted=352
+    sink(arg: buffer.baseAddress!) // $ MISSING: tainted=352
+  })
+
+  clean.withCString({
+    ptr in
+    sink(arg: ptr)
+  })
+  tainted.withCString({
+    ptr in
+    sink(arg: ptr) // $ MISSING: tainted=352
+  })
+  clean.withCString(encodedAs: UTF8.self, {
+    ptr in
+    sink(arg: ptr)
+  })
+  tainted.withCString(encodedAs: UTF8.self, {
+    ptr in
+    sink(arg: ptr) // $ MISSING: tainted=352
+  })
+
+  let arrayString1 = clean.cString(using: String.Encoding.utf8)!
+  sink(arg: arrayString1)
+  arrayString1.withUnsafeBufferPointer({
+    buffer in
+    sink(arg: buffer)
+    sink(arg: String(cString: buffer.baseAddress!))
+  })
+  let arrayString2 = tainted.cString(using: String.Encoding.utf8)!
+  sink(arg: arrayString2) // $ tainted=352
+  arrayString1.withUnsafeBufferPointer({
+    buffer in
+    sink(arg: buffer) // $ MISSING: tainted=352
+    sink(arg: String(cString: buffer.baseAddress!)) // $ MISSING: tainted=352
+  })
+
+  clean.withPlatformString({
+    ptr in
+    sink(arg: ptr)
+    sink(arg: String(platformString: ptr))
+
+    let buffer = UnsafeBufferPointer(start: ptr, count: 10)
+    let arrayString = Array(buffer)
+    sink(arg: buffer)
+    sink(arg: arrayString)
+    sink(arg: String(platformString: arrayString))
+  })
+  tainted.withPlatformString({
+    ptr in
+    sink(arg: ptr) // $ MISSING: tainted=352
+    sink(arg: String(platformString: ptr)) // $ MISSING: tainted=352
+
+    let buffer = UnsafeBufferPointer(start: ptr, count: 10)
+    let arrayString = Array(buffer)
+    sink(arg: buffer) // $ MISSING: tainted=352
+    sink(arg: arrayString) // $ MISSING: tainted=352
+    sink(arg: String(platformString: arrayString)) // $ MISSING: tainted=352
+  })
+
+  clean.withContiguousStorageIfAvailable({
+    ptr in
+    sink(arg: ptr)
+    sink(arg: ptr.baseAddress!)
+  })
+  tainted.withContiguousStorageIfAvailable({
+    ptr in
+    sink(arg: ptr)
+    sink(arg: ptr.baseAddress!) // $ MISSING: tainted=352
+  })
+}
+
+func source4() -> [UInt8] { return [] }
+
+func taintFromUInt8Array() {
+  var cleanUInt8Values: [UInt8] = [0x41, 0x42, 0x43, 0] // "ABC"
+  var taintedUInt8Values = source4()
+
+  sink(arg: String(unsafeUninitializedCapacity: 256, initializingUTF8With: {
+    (buffer: UnsafeMutableBufferPointer<UInt8>) -> Int in
+      sink(arg: buffer)
+      let _ = buffer.initialize(from: cleanUInt8Values)
+      sink(arg: buffer)
+      return 3
+    }
+  ))
+  sink(arg: String(unsafeUninitializedCapacity: 256, initializingUTF8With: { // $ MISSING: tainted=436
+    (buffer: UnsafeMutableBufferPointer<UInt8>) -> Int in
+      sink(arg: buffer)
+      let _ = buffer.initialize(from: taintedUInt8Values)
+      sink(arg: buffer) // $ MISSING: tainted=436
+      return 256
+    }
+  ))
+
+  sink(arg: String(bytes: cleanUInt8Values, encoding: String.Encoding.utf8)!)
+  sink(arg: String(bytes: taintedUInt8Values, encoding: String.Encoding.utf8)!) // $ tainted=436
+
+  sink(arg: String(cString: cleanUInt8Values))
+  sink(arg: String(cString: taintedUInt8Values)) // $ tainted=436
+
+  try! cleanUInt8Values.withUnsafeBufferPointer({
+    (buffer: UnsafeBufferPointer<UInt8>) throws in
+    sink(arg: buffer)
+    sink(arg: buffer.baseAddress!)
+    sink(arg: String(cString: buffer.baseAddress!))
+  })
+  try! taintedUInt8Values.withUnsafeBufferPointer({
+    (buffer: UnsafeBufferPointer<UInt8>) throws in
+    sink(arg: buffer) // $ MISSING: tainted=436
+    sink(arg: buffer.baseAddress!) // $ MISSING: tainted=436
+    sink(arg: String(cString: buffer.baseAddress!)) // $ MISSING: tainted=436
+  })
+
+  try! cleanUInt8Values.withUnsafeMutableBytes({
+    (buffer: UnsafeMutableRawBufferPointer) throws in
+    sink(arg: buffer)
+    sink(arg: buffer.baseAddress!)
+    sink(arg: String(bytesNoCopy: buffer.baseAddress!, length: buffer.count, encoding: String.Encoding.utf8, freeWhenDone: false)!)
+  })
+  try! taintedUInt8Values.withUnsafeMutableBytes({
+    (buffer: UnsafeMutableRawBufferPointer) throws in
+    sink(arg: buffer) // $ MISSING: tainted=436
+    sink(arg: buffer.baseAddress!) // $ MISSING: tainted=436
+    sink(arg: String(bytesNoCopy: buffer.baseAddress!, length: buffer.count, encoding: String.Encoding.utf8, freeWhenDone: false)!) // $ MISSING: tainted=436
+  })
+}
+
+func source5() -> [CChar] { return [] }
+
+func taintThroughCCharArray() {
+  let cleanCCharValues: [CChar] = [0x41, 0x42, 0x43, 0]
+  let taintedCCharValues: [CChar] = source5()
+
+  cleanCCharValues.withUnsafeBufferPointer({
+    ptr in
+    sink(arg: ptr)
+    sink(arg: ptr.baseAddress!)
+    sink(arg: String(utf8String: ptr.baseAddress!)!)
+    sink(arg: String(validatingUTF8: ptr.baseAddress!)!)
+    sink(arg: String(cString: ptr.baseAddress!))
+  })
+  taintedCCharValues.withUnsafeBufferPointer({
+    ptr in
+    sink(arg: ptr) // $ MISSING: tainted=492
+    sink(arg: ptr.baseAddress!) // $ MISSING: tainted=492
+    sink(arg: String(utf8String: ptr.baseAddress!)!) // $ MISSING: tainted=492
+    sink(arg: String(validatingUTF8: ptr.baseAddress!)!) // $ MISSING: tainted=492
+    sink(arg: String(cString: ptr.baseAddress!)) // $ MISSING: tainted=492
+  })
+
+  sink(arg: String(cString: cleanCCharValues))
+  sink(arg: String(cString: taintedCCharValues)) // $ tainted=492
+}
+
+func source6() -> [unichar] { return [] }
+
+func taintThroughUnicharArray() {
+  let cleanUnicharValues: [unichar] = [0x41, 0x42, 0x43, 0]
+  let taintedUnicharValues: [unichar] = source6()
+
+  cleanUnicharValues.withUnsafeBufferPointer({
+    ptr in
+    sink(arg: ptr)
+    sink(arg: ptr.baseAddress!)
+    sink(arg: String(utf16CodeUnits: ptr.baseAddress!, count: ptr.count))
+    sink(arg: String(utf16CodeUnitsNoCopy: ptr.baseAddress!, count: ptr.count, freeWhenDone: false))
+  })
+  taintedUnicharValues.withUnsafeBufferPointer({
+    ptr in
+    sink(arg: ptr) // $ MISSING: tainted=519
+    sink(arg: ptr.baseAddress!) // $ MISSING: tainted=519
+    sink(arg: String(utf16CodeUnits: ptr.baseAddress!, count: ptr.count)) // $ MISSING: tainted=519
+    sink(arg: String(utf16CodeUnitsNoCopy: ptr.baseAddress!, count: ptr.count, freeWhenDone: false)) // $ MISSING: tainted=519
+  })
+}
+
+func source7() -> Substring { return Substring() }
+
+func taintThroughSubstring() {
+  let tainted = source2()
+
+  sink(arg: source7()) // $ tainted=542
+
+  let sub1 = tainted[tainted.startIndex ..< tainted.endIndex]
+  sink(arg: sub1) // $ tainted=540
+  sink(arg: String(sub1)) // $ tainted=540
+
+  let sub2 = tainted.prefix(10)
+  sink(arg: sub2) // $ tainted=540
+  sink(arg: String(sub2)) // $ tainted=540
+
+  let sub3 = tainted.prefix(through: tainted.endIndex)
+  sink(arg: sub3) // $ tainted=540
+  sink(arg: String(sub3)) // $ tainted=540
+
+  let sub4 = tainted.prefix(upTo: tainted.endIndex)
+  sink(arg: sub4) // $ tainted=540
+  sink(arg: String(sub4)) // $ tainted=540
+
+  let sub5 = tainted.suffix(10)
+  sink(arg: sub5) // $ tainted=540
+  sink(arg: String(sub5)) // $ tainted=540
+
+  let sub6 = tainted.suffix(from: tainted.startIndex)
+  sink(arg: sub6) // $ tainted=540
+  sink(arg: String(sub6)) // $ tainted=540
+}
+
+func taintedThroughFilePath() {
+  let clean = FilePath("")
+  let tainted = FilePath(source2())
 
   sink(arg: clean)
-  sink(arg: tainted) // $ tainted=121
-  sink(arg: taintedCString) // $ tainted=122
-  sink(arg: taintedUnicodeScalars) // $ tainted=123
+  sink(arg: tainted) // $ MISSING: tainted=571
+
+  sink(arg: tainted.extension!) // $ MISSING: tainted=571
+  sink(arg: tainted.stem!) // $ MISSING: tainted=571
+  sink(arg: tainted.string) // $ MISSING: tainted=571
+  sink(arg: tainted.description) // $ MISSING: tainted=571
+  sink(arg: tainted.debugDescription) // $ MISSING: tainted=571
+
+  sink(arg: String(decoding: tainted)) // $ MISSING: tainted=571
+  sink(arg: String(validating: tainted)!) // $ MISSING: tainted=571
+
+  let _ = clean.withCString({
+    ptr in
+    sink(arg: ptr)
+  })
+  let _ = tainted.withCString({
+    ptr in
+    sink(arg: ptr) // $ MISSING: tainted=571
+  })
+
+  let _ = clean.withPlatformString({
+    ptr in
+    sink(arg: ptr)
+    sink(arg: String(platformString: ptr))
+    sink(arg: String(validatingPlatformString: ptr)!)
+  })
+  let _ = tainted.withPlatformString({
+    ptr in
+    sink(arg: ptr) // $ MISSING: tainted=571
+    sink(arg: String(platformString: ptr)) // $ MISSING: tainted=571
+    sink(arg: String(validatingPlatformString: ptr)!) // $ MISSING: tainted=571
+  })
+
+  var fp1 = FilePath("")
+  sink(arg: fp1)
+  fp1.append(source2())
+  sink(arg: fp1) // $ MISSING: tainted=609
+  fp1.append("")
+  sink(arg: fp1) // $ MISSING: tainted=609
+
+  sink(arg: clean.appending(""))
+  sink(arg: clean.appending(source2())) // $ MISSING: tainted=615
+  sink(arg: tainted.appending("")) // $ MISSING: tainted=571
+  sink(arg: tainted.appending(source2())) // $ MISSING: tainted=571,617
+}
+
+func taintedThroughConversion() {
+  sink(arg: String(0))
+  sink(arg: String(source())) // $ tainted=622
+  sink(arg: Int(0).description)
+  sink(arg: source().description) // $ MISSING: tainted=624
+  sink(arg: String(describing: 0))
+  sink(arg: String(describing: source())) // $ tainted=626
+
+  sink(arg: Int("123")!)
+  sink(arg: Int(source2())!) // $ MISSING: tainted=629
+}
+
+func untaintedFields() {
+  let tainted = source2()
+
+  sink(arg: String.availableStringEncodings)
+  sink(arg: String.defaultCStringEncoding)
+  sink(arg: tainted.isContiguousUTF8)
 }

swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected

@@ -28,6 +28,7 @@ edges
 | UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... :  | UnsafeJsEval.swift:285:13:285:13 | string :  |
 | UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... :  | UnsafeJsEval.swift:299:13:299:13 | string :  |
 | UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) :  | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) :  |
+| UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) :  | UnsafeJsEval.swift:214:24:214:24 | remoteData :  |
 | UnsafeJsEval.swift:211:24:211:37 | .utf8 :  | UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in Data.init(_:) :  |
 | UnsafeJsEval.swift:211:24:211:37 | .utf8 :  | UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) :  |
 | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) :  | UnsafeJsEval.swift:265:13:265:13 | string :  |
@@ -36,6 +37,8 @@ edges
 | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) :  | UnsafeJsEval.swift:279:13:279:13 | string :  |
 | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) :  | UnsafeJsEval.swift:285:13:285:13 | string :  |
 | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) :  | UnsafeJsEval.swift:299:13:299:13 | string :  |
+| UnsafeJsEval.swift:214:24:214:24 | remoteData :  | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) :  |
+| UnsafeJsEval.swift:214:24:214:24 | remoteData :  | file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) :  |
 | UnsafeJsEval.swift:265:13:265:13 | string :  | UnsafeJsEval.swift:266:43:266:43 | string :  |
 | UnsafeJsEval.swift:266:43:266:43 | string :  | UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:) :  |
 | UnsafeJsEval.swift:266:43:266:43 | string :  | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
@@ -61,6 +64,7 @@ edges
 | UnsafeJsEval.swift:301:31:301:84 | call to JSStringCreateWithUTF8CString(_:) :  | UnsafeJsEval.swift:301:16:301:85 | call to JSStringRetain(_:) :  |
 | UnsafeJsEval.swift:301:31:301:84 | call to JSStringCreateWithUTF8CString(_:) :  | UnsafeJsEval.swift:305:17:305:17 | jsstr |
 | UnsafeJsEval.swift:318:24:318:87 | call to String.init(contentsOf:) :  | UnsafeJsEval.swift:320:44:320:74 | ... .+(_:_:) ... |
+| file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) :  |
 nodes
 | UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:) :  | semmle.label | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:) :  |
 | UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) :  | semmle.label | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) :  |
@@ -77,6 +81,7 @@ nodes
 | UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) :  | semmle.label | call to Data.init(_:) :  |
 | UnsafeJsEval.swift:211:24:211:37 | .utf8 :  | semmle.label | .utf8 :  |
 | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) :  | semmle.label | call to String.init(decoding:as:) :  |
+| UnsafeJsEval.swift:214:24:214:24 | remoteData :  | semmle.label | remoteData :  |
 | UnsafeJsEval.swift:265:13:265:13 | string :  | semmle.label | string :  |
 | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | semmle.label | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
 | UnsafeJsEval.swift:266:43:266:43 | string :  | semmle.label | string :  |
@@ -101,11 +106,14 @@ nodes
 | UnsafeJsEval.swift:305:17:305:17 | jsstr | semmle.label | jsstr |
 | UnsafeJsEval.swift:318:24:318:87 | call to String.init(contentsOf:) :  | semmle.label | call to String.init(contentsOf:) :  |
 | UnsafeJsEval.swift:320:44:320:74 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
+| file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) :  | semmle.label | [summary param] 0 in String.init(decoding:as:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  | semmle.label | [summary] to write: return (return) in Data.init(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) :  | semmle.label | [summary] to write: return (return) in String.init(decoding:as:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) :  | semmle.label | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) :  | semmle.label | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) :  |
 subpaths
 | UnsafeJsEval.swift:211:24:211:37 | .utf8 :  | UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in Data.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  | UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) :  |
+| UnsafeJsEval.swift:214:24:214:24 | remoteData :  | file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) :  | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) :  |
 | UnsafeJsEval.swift:266:43:266:43 | string :  | UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:) :  | file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) :  | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
 | UnsafeJsEval.swift:269:43:269:43 | string :  | UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) :  | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) |
 | UnsafeJsEval.swift:287:31:287:97 | call to JSStringCreateWithCharacters(_:_:) :  | UnsafeJsEval.swift:124:21:124:42 | string :  | UnsafeJsEval.swift:124:70:124:70 | string :  | UnsafeJsEval.swift:287:16:287:98 | call to JSStringRetain(_:) :  |