hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into swiftregex

Browse Source
This commit is contained in:
Geoffrey White
2023-06-22 12:21:58 +01:00
parent 90499c0b17 277dbdf410
commit e6695e3780
1720 changed files with 49523 additions and 24411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
swift/ql/.generated.list generated
View File

@@ -380,10 +380,10 @@ lib/codeql/swift/generated/KeyPathComponent.qll c79c7bc04fc1426992ab472eedc1a20a
lib/codeql/swift/generated/Locatable.qll be20967d48a34cdba126fe298606e0adc11697831f097acba9c52a0b7ce9983e 8aa01bc376614abbc3209e25785c72f86c9b4e94bb5f471a4a0677fedaec4f61
lib/codeql/swift/generated/Location.qll c5793987e77812059a28254dadee29bfe9b38153c0399fbb1bf6a2f5c237fdab 6e6d8802b021e36bbaad81845657769dd48a798ea33080ada05e9818a20b38f7
lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5
lib/codeql/swift/generated/ParentChild.qll 5c5ff9812efbed0adf465d1c8b9108c893c77ff946f6feaaec7223ad38664079 94038dcd8a5e98b959ce9f09b7b54b745b0df49b91339b9396017a209abe8bb7
lib/codeql/swift/generated/ParentChild.qll f8647fba02b9acca7bf2870dfaee5709e2d3e3a12d27b012dd1e17f7df2e56e5 75d3501c2a59d931dd537321475687a73ff517e5caaae4ce2e0c2daec0d94df4
lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0
lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98
lib/codeql/swift/generated/Raw.qll 991f95f30bde82ba43237bd9c1a68d3f450038ef828edb89219fbf583dd1956a e3e6c41caac09d532453c28167622fae7057d846f35750873eacd48cd128b957
lib/codeql/swift/generated/Raw.qll 7904614a526f13c336402c38e8632c8ee32e0ee7a6b5a9c2ace22fab0a5927f8 273f958f5052ae025e7361dbfd6a7a505da5fa6b4f418e83aa2a1d5f8602c54d
lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814
lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4
lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6
@@ -450,7 +450,7 @@ lib/codeql/swift/generated/expr/BridgeFromObjCExpr.qll b9a6520d01613dfb8c7606177
lib/codeql/swift/generated/expr/BridgeToObjCExpr.qll 31ca13762aee9a6a17746f40ec4e1e929811c81fdadb27c48e0e7ce6a3a6222d 31ca13762aee9a6a17746f40ec4e1e929811c81fdadb27c48e0e7ce6a3a6222d
lib/codeql/swift/generated/expr/BuiltinLiteralExpr.qll 052f8d0e9109a0d4496da1ae2b461417951614c88dbc9d80220908734b3f70c6 536fa290bb75deae0517d53528237eab74664958bf7fdbf8041283415dda2142
lib/codeql/swift/generated/expr/CallExpr.qll c7dc105fcb6c0956e20d40f736db35bd7f38f41c3d872858972c2ca120110d36 c7dc105fcb6c0956e20d40f736db35bd7f38f41c3d872858972c2ca120110d36
lib/codeql/swift/generated/expr/CaptureListExpr.qll 671234408ead93c0d6abc453f774a88f0888956e6ad08d5a1c22aec72b2eec46 601e23e0356341fd6287fb9775f0e86bca6a0de46383e0912854e045e501d42c
lib/codeql/swift/generated/expr/CaptureListExpr.qll 300e3e7b60d49c321c9b6209ace7cd4665dc3db1b3f4227af476c3bdaf7da196 3ccc01074fa7cef8df1f2923fb3837af59360f5bd496ccbb5f0f77d02ac9311a
lib/codeql/swift/generated/expr/CheckedCastExpr.qll 146c24e72cda519676321d3bdb89d1953dfe1810d2710f04cfdc4210ace24c40 91093e0ba88ec3621b538d98454573b5eea6d43075a2ab0a08f80f9b9be336d3
lib/codeql/swift/generated/expr/ClassMetatypeToObjectExpr.qll 076c0f7369af3fffc8860429bd8e290962bf7fc8cf53bbba061de534e99cc8bf 076c0f7369af3fffc8860429bd8e290962bf7fc8cf53bbba061de534e99cc8bf
lib/codeql/swift/generated/expr/ClosureExpr.qll f194fc8c5f67fcf0219e8e2de93ee2b820c27a609b2986b68d57a54445f66b61 3cae87f6c6eefb32195f06bc4c95ff6634446ecf346d3a3c94dc05c1539f3de2
@@ -566,7 +566,7 @@ lib/codeql/swift/generated/pattern/ParenPattern.qll 337cb03dcb7384f7ef13e35d843b
lib/codeql/swift/generated/pattern/Pattern.qll 0e96528a8dd87185f4fb23ba33ea418932762127e99739d7e56e5c8988e024d1 ba1e010c9f7f891048fb8c4ff8ea5a6c664c09e43d74b860d559f6459f82554a
lib/codeql/swift/generated/pattern/TuplePattern.qll b3a138b0942f7e3eecb52ad2f095584a6cd5f555e9487c6eaad6a5527ae99f0c d6ff67ecc7395571acef4b82da514cb737c72d97ea557d89da534469feda340c
lib/codeql/swift/generated/pattern/TypedPattern.qll 6a9fd2815755eddc6918d6be8221c7afb90e4fba4fcb8eb54ff42754269bb481 f198c3b09553a5f5f3d97f8088ef82c00552b9635560750c56d801b09dbd9e26
lib/codeql/swift/generated/stmt/BraceStmt.qll eea1a33767c14a3b96aea6bbe10f17c3ecd1d8ac263de07e475e23b46d85a20d a5ee6c19a38e968c245886c28c82513f39ca90a80a9ea11d0e3139a35f682046
lib/codeql/swift/generated/stmt/BraceStmt.qll 5273745afaaf10dc4b6ee159ca304e1251dc11af3c86af812b28294cbbcf2597 dbd4b003b453742e7197b22633ec8c87418e207f7ca409a04e3c6fb2cf2ea5fd
lib/codeql/swift/generated/stmt/BreakStmt.qll 879cf66911cc7f53e7e8f4ae8244681018fb17d6501b269fb7cf9d8481f0b539 c78fc1b0e3e76321fc1653aa8b0aabaaacf082e01a003b78f693b106cc05faa0
lib/codeql/swift/generated/stmt/CaseLabelItem.qll 9536d2909a274c3a969eec25f8e5966adfaa9b0d6451ea6319d9f7bb2fd6fe07 02e25f036db50e9a6e9a7ceab6002dd605b73afb55fa1dee6f22e7af33a40913
lib/codeql/swift/generated/stmt/CaseStmt.qll c180478c6161439bc76bd39edfab343faba7450900ffedcadd3ccea12dc3a08c b537eb517db76113cfbc91c59e6bdfbf16ff83d639dfe6fd6892171f71a97090

13
swift/ql/lib/CHANGELOG.md Normal file
View File

@@ -0,0 +1,13 @@
## 0.1.1
### Major Analysis Improvements
* Incorporated the cross-language `SensitiveDataHeuristics.qll` heuristics library into the Swift `SensitiveExprs.qll` library. This adds a number of new heuristics enhancing detection from the library.
### Minor Analysis Improvements
* Some models for the `Data` class have been generalized to `DataProtocol` so that they apply more widely.
### Bug Fixes
* Fixed a number of inconsistencies in the abstract syntax tree (AST) and in the control-flow graph (CFG). This may lead to more results in queries that use these libraries, or libraries that depend on them (such as dataflow).

4
swift/ql/lib/change-notes/2023-05-25-dataprotocol-models.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Some models for the `Data` class have been generalized to `DataProtocol` so that they apply more widely.

5
swift/ql/lib/change-notes/2023-05-25-fix-ast-and-cfg-inconsistencies.md
View File

@@ -1,5 +0,0 @@
---
category: fix
---
* Fixed a number of inconsistencies in the abstract syntax tree (AST) and in the control-flow graph (CFG). This may lead to more results in queries that use these libraries, or libraries that depend on them (such as dataflow).

4
swift/ql/lib/change-notes/2023-05-30-shared-sensitive.md
View File

@@ -1,4 +0,0 @@
---
category: majorAnalysis
---
* Incorporated the cross-language `SensitiveDataHeuristics.qll` heuristics library into the Swift `SensitiveExprs.qll` library. This adds a number of new heuristics enhancing detection from the library.

4
swift/ql/lib/change-notes/2023-06-06-brace-stmt-variables.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: breaking
---
* The `BraceStmt` AST node's `AstNode getElement(index)` member predicate no longer returns `VarDecl`s after the `PatternBindingDecl` that declares them. Instead, a new `VarDecl getVariable(index)` predicate has been introduced for accessing the variables declared in a `BraceStmt`. This change only affects query writers.

13
swift/ql/lib/change-notes/released/0.1.1.md Normal file
View File

@@ -0,0 +1,13 @@
## 0.1.1
### Major Analysis Improvements
* Incorporated the cross-language `SensitiveDataHeuristics.qll` heuristics library into the Swift `SensitiveExprs.qll` library. This adds a number of new heuristics enhancing detection from the library.
### Minor Analysis Improvements
* Some models for the `Data` class have been generalized to `DataProtocol` so that they apply more widely.
### Bug Fixes
* Fixed a number of inconsistencies in the abstract syntax tree (AST) and in the control-flow graph (CFG). This may lead to more results in queries that use these libraries, or libraries that depend on them (such as dataflow).

2
swift/ql/lib/codeql-pack.release.yml Normal file
View File

@@ -0,0 +1,2 @@
---
lastReleaseVersion: 0.1.1

17
swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
View File

@@ -74,6 +74,7 @@ private import internal.FlowSummaryImpl::Public
private import internal.FlowSummaryImpl::Private::External
private import internal.FlowSummaryImplSpecific
private import FlowSummary as FlowSummary
private import codeql.mad.ModelValidation as SharedModelVal
/**
* A unit class for adding additional source model rows.
@@ -263,14 +264,16 @@ module CsvValidation {
)
}
private string getInvalidModelKind() {
exists(string row, string kind | summaryModel(row) |
kind = row.splitAt(";", 8) and
not kind = ["taint", "value"] and
result = "Invalid kind \"" + kind + "\" in summary model."
)
private module KindValConfig implements SharedModelVal::KindValidationConfigSig {
predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _) }
predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _) }
predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _) }
}
private module KindVal = SharedModelVal::KindValidation<KindValConfig>;
private string getInvalidModelSubtype() {
exists(string pred, string row |
sourceModel(row) and pred = "source"
@@ -335,7 +338,7 @@ module CsvValidation {
msg =
[
getInvalidModelSignature(), getInvalidModelInput(), getInvalidModelOutput(),
getInvalidModelSubtype(), getInvalidModelColumnCount(), getInvalidModelKind()
getInvalidModelSubtype(), getInvalidModelColumnCount(), KindVal::getInvalidModelKind()
]
}
}

8
swift/ql/lib/codeql/swift/dataflow/internal/DataFlowDispatch.qll
View File

@@ -75,7 +75,9 @@ newtype TDataFlowCall =
TPropertySetterCall(PropertySetterCfgNode setter) or
TPropertyObserverCall(PropertyObserverCfgNode observer) or
TKeyPathCall(KeyPathApplicationExprCfgNode keyPathApplication) or
TSummaryCall(FlowSummaryImpl::Public::SummarizedCallable c, Node receiver) {
TSummaryCall(
FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver
) {
FlowSummaryImpl::Private::summaryCallbackRange(c, receiver)
}
@@ -232,12 +234,12 @@ class PropertyObserverCall extends DataFlowCall, TPropertyObserverCall {
class SummaryCall extends DataFlowCall, TSummaryCall {
private FlowSummaryImpl::Public::SummarizedCallable c;
private Node receiver;
private FlowSummaryImpl::Private::SummaryNode receiver;
SummaryCall() { this = TSummaryCall(c, receiver) }
/** Gets the data flow node that this call targets. */
Node getReceiver() { result = receiver }
FlowSummaryImpl::Private::SummaryNode getReceiver() { result = receiver }
override DataFlowCallable getEnclosingCallable() { result = TSummarizedCallable(c) }

155
swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll
View File

@@ -1135,8 +1135,8 @@ module Impl<FullStateConfigSig Config> {
DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow
);
bindingset[node, state, t, ap]
predicate filter(NodeEx node, FlowState state, Typ t, Ap ap);
bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t);
bindingset[typ, contentType]
predicate typecheckStore(Typ typ, DataFlowType contentType);
@@ -1199,17 +1199,21 @@ module Impl<FullStateConfigSig Config> {
NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, TypOption argT,
ApOption argAp, Typ t, Ap ap, ApApprox apa
) {
fwdFlow0(node, state, cc, summaryCtx, argT, argAp, t, ap, apa) and
PrevStage::revFlow(node, state, apa) and
filter(node, state, t, ap)
fwdFlow1(node, state, cc, summaryCtx, argT, argAp, _, t, ap, apa)
}
pragma[inline]
additional predicate fwdFlow(
private predicate fwdFlow1(
NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, TypOption argT,
ApOption argAp, Typ t, Ap ap
ApOption argAp, Typ t0, Typ t, Ap ap, ApApprox apa
) {
fwdFlow(node, state, cc, summaryCtx, argT, argAp, t, ap, _)
fwdFlow0(node, state, cc, summaryCtx, argT, argAp, t0, ap, apa) and
PrevStage::revFlow(node, state, apa) and
filter(node, state, t0, ap, t)
}
pragma[nomagic]
private predicate typeStrengthen(Typ t0, Ap ap, Typ t) {
fwdFlow1(_, _, _, _, _, _, t0, t, ap, _) and t0 != t
}
pragma[assume_small_delta]
@@ -1339,6 +1343,11 @@ module Impl<FullStateConfigSig Config> {
private predicate fwdFlowConsCand(Typ t2, Ap cons, Content c, Typ t1, Ap tail) {
fwdFlowStore(_, t1, tail, c, t2, _, _, _, _, _, _) and
cons = apCons(c, t1, tail)
or
exists(Typ t0 |
typeStrengthen(t0, cons, t2) and
fwdFlowConsCand(t0, cons, c, t1, tail)
)
}
pragma[nomagic]
@@ -1359,7 +1368,7 @@ module Impl<FullStateConfigSig Config> {
ParamNodeOption summaryCtx, TypOption argT, ApOption argAp
) {
exists(ApHeadContent apc |
fwdFlow(node1, state, cc, summaryCtx, argT, argAp, t, ap) and
fwdFlow(node1, state, cc, summaryCtx, argT, argAp, t, ap, _) and
apc = getHeadContent(ap) and
readStepCand0(node1, apc, c, node2)
)
@@ -1520,14 +1529,14 @@ module Impl<FullStateConfigSig Config> {
NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap
) {
revFlow0(node, state, returnCtx, returnAp, ap) and
fwdFlow(node, state, _, _, _, _, _, ap)
fwdFlow(node, state, _, _, _, _, _, ap, _)
}
pragma[nomagic]
private predicate revFlow0(
NodeEx node, FlowState state, ReturnCtx returnCtx, ApOption returnAp, Ap ap
) {
fwdFlow(node, state, _, _, _, _, _, ap) and
fwdFlow(node, state, _, _, _, _, _, ap, _) and
sinkNode(node, state) and
(
if hasSinkCallCtx()
@@ -1780,13 +1789,13 @@ module Impl<FullStateConfigSig Config> {
boolean fwd, int nodes, int fields, int conscand, int states, int tuples
) {
fwd = true and
nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, _, _)) and
nodes = count(NodeEx node | fwdFlow(node, _, _, _, _, _, _, _, _)) and
fields = count(Content f0 | fwdConsCand(f0, _, _)) and
conscand = count(Content f0, Typ t, Ap ap | fwdConsCand(f0, t, ap)) and
states = count(FlowState state | fwdFlow(_, state, _, _, _, _, _, _)) and
states = count(FlowState state | fwdFlow(_, state, _, _, _, _, _, _, _)) and
tuples =
count(NodeEx n, FlowState state, Cc cc, ParamNodeOption summaryCtx, TypOption argT,
ApOption argAp, Typ t, Ap ap | fwdFlow(n, state, cc, summaryCtx, argT, argAp, t, ap))
ApOption argAp, Typ t, Ap ap | fwdFlow(n, state, cc, summaryCtx, argT, argAp, t, ap, _))
or
fwd = false and
nodes = count(NodeEx node | revFlow(node, _, _, _, _)) and
@@ -1963,10 +1972,10 @@ module Impl<FullStateConfigSig Config> {
)
}
bindingset[node, state, t, ap]
predicate filter(NodeEx node, FlowState state, Typ t, Ap ap) {
bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t) {
PrevStage::revFlowState(state) and
exists(t) and
t0 = t and
exists(ap) and
not stateBarrier(node, state) and
(
@@ -2012,7 +2021,8 @@ module Impl<FullStateConfigSig Config> {
FlowCheckNode() {
castNode(this.asNode()) or
clearsContentCached(this.asNode(), _) or
expectsContentCached(this.asNode(), _)
expectsContentCached(this.asNode(), _) or
neverSkipInPathGraph(this.asNode())
}
}
@@ -2197,8 +2207,8 @@ module Impl<FullStateConfigSig Config> {
import BooleanCallContext
predicate localStep(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
DataFlowType t, LocalCc lcc
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue, Typ t,
LocalCc lcc
) {
localFlowBigStep(node1, state1, node2, state2, preservesValue, t, _) and
exists(lcc)
@@ -2218,10 +2228,16 @@ module Impl<FullStateConfigSig Config> {
)
}
bindingset[node, state, t, ap]
predicate filter(NodeEx node, FlowState state, Typ t, Ap ap) {
bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t) {
exists(state) and
(if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), t) else any()) and
// We can get away with not using type strengthening here, since we aren't
// going to use the tracked types in the construction of Stage 4 access
// paths. For Stage 4 and onwards, the tracked types must be consistent as
// the cons candidates including types are used to construct subsequent
// access path approximations.
t0 = t and
(if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), t0) else any()) and
(
notExpectsContent(node)
or
@@ -2241,6 +2257,16 @@ module Impl<FullStateConfigSig Config> {
import MkStage<Stage2>::Stage<Stage3Param>
}
bindingset[node, t0]
private predicate strengthenType(NodeEx node, DataFlowType t0, DataFlowType t) {
if castingNodeEx(node)
then
exists(DataFlowType nt | nt = node.getDataFlowType() |
if typeStrongerThan(nt, t0) then t = nt else (compatibleTypes(nt, t0) and t = t0)
)
else t = t0
}
private module Stage4Param implements MkStage<Stage3>::StageParam {
private module PrevStage = Stage3;
@@ -2274,8 +2300,8 @@ module Impl<FullStateConfigSig Config> {
pragma[nomagic]
predicate localStep(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
DataFlowType t, LocalCc lcc
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue, Typ t,
LocalCc lcc
) {
localFlowBigStep(node1, state1, node2, state2, preservesValue, t, _) and
PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and
@@ -2333,11 +2359,11 @@ module Impl<FullStateConfigSig Config> {
)
}
bindingset[node, state, t, ap]
predicate filter(NodeEx node, FlowState state, Typ t, Ap ap) {
bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t) {
exists(state) and
not clear(node, ap) and
(if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), t) else any()) and
strengthenType(node, t0, t) and
(
notExpectsContent(node)
or
@@ -2365,7 +2391,7 @@ module Impl<FullStateConfigSig Config> {
exists(AccessPathFront apf |
Stage4::revFlow(node, state, TReturnCtxMaybeFlowThrough(_), _, apf) and
Stage4::fwdFlow(node, state, any(Stage4::CcCall ccc), _, _, TAccessPathFrontSome(argApf), _,
apf)
apf, _)
)
}
@@ -2579,8 +2605,8 @@ module Impl<FullStateConfigSig Config> {
import LocalCallContext
predicate localStep(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
DataFlowType t, LocalCc lcc
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue, Typ t,
LocalCc lcc
) {
localFlowBigStep(node1, state1, node2, state2, preservesValue, t, lcc) and
PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and
@@ -2609,9 +2635,9 @@ module Impl<FullStateConfigSig Config> {
)
}
bindingset[node, state, t, ap]
predicate filter(NodeEx node, FlowState state, Typ t, Ap ap) {
(if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), t) else any()) and
bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t) {
strengthenType(node, t0, t) and
exists(state) and
exists(ap)
}
@@ -2632,7 +2658,7 @@ module Impl<FullStateConfigSig Config> {
Stage5::parameterMayFlowThrough(p, _) and
Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0) and
Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()), _,
TAccessPathApproxSome(apa), _, apa0)
TAccessPathApproxSome(apa), _, apa0, _)
)
}
@@ -2649,7 +2675,7 @@ module Impl<FullStateConfigSig Config> {
TSummaryCtxSome(ParamNodeEx p, FlowState state, DataFlowType t, AccessPath ap) {
exists(AccessPathApprox apa | ap.getApprox() = apa |
Stage5::parameterMayFlowThrough(p, apa) and
Stage5::fwdFlow(p, state, _, _, _, _, t, apa) and
Stage5::fwdFlow(p, state, _, _, Option<DataFlowType>::some(t), _, _, apa, _) and
Stage5::revFlow(p, state, _)
)
}
@@ -2820,9 +2846,7 @@ module Impl<FullStateConfigSig Config> {
ap = TAccessPathNil()
or
// ... or a step from an existing PathNode to another node.
pathStep(_, node, state, cc, sc, t, ap) and
Stage5::revFlow(node, state, ap.getApprox()) and
(if castingNodeEx(node) then compatibleTypes(node.getDataFlowType(), t) else any())
pathStep(_, node, state, cc, sc, t, ap)
} or
TPathNodeSink(NodeEx node, FlowState state) {
exists(PathNodeMid sink |
@@ -3340,13 +3364,24 @@ module Impl<FullStateConfigSig Config> {
ap = mid.getAp()
}
private predicate pathStep(
PathNodeMid mid, NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, DataFlowType t,
AccessPath ap
) {
exists(DataFlowType t0 |
pathStep0(mid, node, state, cc, sc, t0, ap) and
Stage5::revFlow(node, state, ap.getApprox()) and
strengthenType(node, t0, t)
)
}
/**
* Holds if data may flow from `mid` to `node`. The last step in or out of
* a callable is recorded by `cc`.
*/
pragma[assume_small_delta]
pragma[nomagic]
private predicate pathStep(
private predicate pathStep0(
PathNodeMid mid, NodeEx node, FlowState state, CallContext cc, SummaryCtx sc, DataFlowType t,
AccessPath ap
) {
@@ -3964,7 +3999,7 @@ module Impl<FullStateConfigSig Config> {
ap = TPartialNil() and
exists(explorationLimit())
or
partialPathNodeMk0(node, state, cc, sc1, sc2, sc3, sc4, t, ap) and
partialPathStep(_, node, state, cc, sc1, sc2, sc3, sc4, t, ap) and
distSrc(node.getEnclosingCallable()) <= explorationLimit()
} or
TPartialPathNodeRev(
@@ -3990,11 +4025,20 @@ module Impl<FullStateConfigSig Config> {
}
pragma[nomagic]
private predicate partialPathNodeMk0(
NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1, TSummaryCtx2 sc2,
TSummaryCtx3 sc3, TSummaryCtx4 sc4, DataFlowType t, PartialAccessPath ap
private predicate partialPathStep(
PartialPathNodeFwd mid, NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1,
TSummaryCtx2 sc2, TSummaryCtx3 sc3, TSummaryCtx4 sc4, DataFlowType t, PartialAccessPath ap
) {
partialPathStep(_, node, state, cc, sc1, sc2, sc3, sc4, t, ap) and
partialPathStep1(mid, node, state, cc, sc1, sc2, sc3, sc4, _, t, ap)
}
pragma[nomagic]
private predicate partialPathStep1(
PartialPathNodeFwd mid, NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1,
TSummaryCtx2 sc2, TSummaryCtx3 sc3, TSummaryCtx4 sc4, DataFlowType t0, DataFlowType t,
PartialAccessPath ap
) {
partialPathStep0(mid, node, state, cc, sc1, sc2, sc3, sc4, t0, ap) and
not fullBarrier(node) and
not stateBarrier(node, state) and
not clearsContentEx(node, ap.getHead()) and
@@ -4002,9 +4046,14 @@ module Impl<FullStateConfigSig Config> {
notExpectsContent(node) or
expectsContentEx(node, ap.getHead())
) and
if node.asNode() instanceof CastingNode
then compatibleTypes(node.getDataFlowType(), t)
else any()
strengthenType(node, t0, t)
}
pragma[nomagic]
private predicate partialPathTypeStrengthen(
DataFlowType t0, PartialAccessPath ap, DataFlowType t
) {
partialPathStep1(_, _, _, _, _, _, _, _, t0, t, ap) and t0 != t
}
/**
@@ -4183,7 +4232,8 @@ module Impl<FullStateConfigSig Config> {
}
}
private predicate partialPathStep(
pragma[nomagic]
private predicate partialPathStep0(
PartialPathNodeFwd mid, NodeEx node, FlowState state, CallContext cc, TSummaryCtx1 sc1,
TSummaryCtx2 sc2, TSummaryCtx3 sc3, TSummaryCtx4 sc4, DataFlowType t, PartialAccessPath ap
) {
@@ -4309,6 +4359,11 @@ module Impl<FullStateConfigSig Config> {
DataFlowType t1, PartialAccessPath ap1, Content c, DataFlowType t2, PartialAccessPath ap2
) {
partialPathStoreStep(_, t1, ap1, c, _, t2, ap2)
or
exists(DataFlowType t0 |
partialPathTypeStrengthen(t0, ap2, t2) and
apConsFwd(t1, ap1, c, t0, ap2)
)
}
pragma[nomagic]

93
swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
View File

@@ -90,16 +90,11 @@ private module Cached {
TPatternNode(CfgNode n, Pattern p) { hasPatternNode(n, p) } or
TSsaDefinitionNode(Ssa::Definition def) or
TInoutReturnNode(ParamDecl param) { modifiableParam(param) } or
TSummaryNode(FlowSummary::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNodeState state) {
FlowSummaryImpl::Private::summaryNodeRange(c, state)
} or
TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or
TSourceParameterNode(ParamDecl param) or
TKeyPathParameterNode(EntryNode entry) { entry.getScope() instanceof KeyPathExpr } or
TKeyPathReturnNode(ExitNode exit) { exit.getScope() instanceof KeyPathExpr } or
TKeyPathComponentNode(KeyPathComponent component) or
TSummaryParameterNode(FlowSummary::SummarizedCallable c, ParameterPosition pos) {
FlowSummaryImpl::Private::summaryParameterNodeRange(c, pos)
} or
TExprPostUpdateNode(CfgNode n) {
// Obviously, the base of setters needs a post-update node
n = any(PropertySetterCfgNode setter).getBase()
@@ -223,7 +218,8 @@ private module Cached {
nodeFrom.(KeyPathParameterNode).getComponent(0)
or
// flow through a flow summary (extension of `SummaryModelCsv`)
FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, true)
FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(),
nodeTo.(FlowSummaryNode).getSummaryNode(), true)
}
/**
@@ -318,22 +314,19 @@ private module ParameterNodes {
override ParamDecl getParameter() { result = param }
}
class SummaryParameterNode extends ParameterNodeImpl, TSummaryParameterNode {
FlowSummary::SummarizedCallable sc;
ParameterPosition pos;
SummaryParameterNode() { this = TSummaryParameterNode(sc, pos) }
override predicate isParameterOf(DataFlowCallable c, ParameterPosition p) {
c.getUnderlyingCallable() = sc and
p = pos
class SummaryParameterNode extends ParameterNodeImpl, FlowSummaryNode {
SummaryParameterNode() {
FlowSummaryImpl::Private::summaryParameterNode(this.getSummaryNode(), _)
}
override Location getLocationImpl() { result = sc.getLocation() }
private ParameterPosition getPosition() {
FlowSummaryImpl::Private::summaryParameterNode(this.getSummaryNode(), result)
}
override string toStringImpl() { result = "[summary param] " + pos + " in " + sc }
override DataFlowCallable getEnclosingCallable() { this.isParameterOf(result, _) }
override predicate isParameterOf(DataFlowCallable c, ParameterPosition p) {
c.getUnderlyingCallable() = this.getSummarizedCallable() and
p = this.getPosition()
}
}
class KeyPathParameterNode extends ParameterNodeImpl, TKeyPathParameterNode {
@@ -362,17 +355,20 @@ private module ParameterNodes {
import ParameterNodes
/** A data-flow node used to model flow summaries. */
class SummaryNode extends NodeImpl, TSummaryNode {
private FlowSummaryImpl::Public::SummarizedCallable c;
private FlowSummaryImpl::Private::SummaryNodeState state;
class FlowSummaryNode extends NodeImpl, TFlowSummaryNode {
FlowSummaryImpl::Private::SummaryNode getSummaryNode() { this = TFlowSummaryNode(result) }
SummaryNode() { this = TSummaryNode(c, state) }
FlowSummary::SummarizedCallable getSummarizedCallable() {
result = this.getSummaryNode().getSummarizedCallable()
}
override DataFlowCallable getEnclosingCallable() { result.asSummarizedCallable() = c }
override DataFlowCallable getEnclosingCallable() {
result.asSummarizedCallable() = this.getSummarizedCallable()
}
override UnknownLocation getLocationImpl() { any() }
override Location getLocationImpl() { result = this.getSummarizedCallable().getLocation() }
override string toStringImpl() { result = "[summary] " + state + " in " + c }
override string toStringImpl() { result = this.getSummaryNode().toString() }
}
/** A data-flow node that represents a call argument. */
@@ -448,11 +444,13 @@ private module ArgumentNodes {
}
}
class SummaryArgumentNode extends SummaryNode, ArgumentNode {
SummaryArgumentNode() { FlowSummaryImpl::Private::summaryArgumentNode(_, this, _) }
class SummaryArgumentNode extends FlowSummaryNode, ArgumentNode {
SummaryArgumentNode() {
FlowSummaryImpl::Private::summaryArgumentNode(_, this.getSummaryNode(), _)
}
override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {
FlowSummaryImpl::Private::summaryArgumentNode(call, this, pos)
FlowSummaryImpl::Private::summaryArgumentNode(call, this.getSummaryNode(), pos)
}
}
@@ -521,10 +519,10 @@ private module ReturnNodes {
override string toStringImpl() { result = param.toString() + "[return]" }
}
private class SummaryReturnNode extends SummaryNode, ReturnNode {
private class SummaryReturnNode extends FlowSummaryNode, ReturnNode {
private ReturnKind rk;
SummaryReturnNode() { FlowSummaryImpl::Private::summaryReturnNode(this, rk) }
SummaryReturnNode() { FlowSummaryImpl::Private::summaryReturnNode(this.getSummaryNode(), rk) }
override ReturnKind getKind() { result = rk }
}
@@ -577,11 +575,11 @@ private module OutNodes {
}
}
class SummaryOutNode extends OutNode, SummaryNode {
SummaryOutNode() { FlowSummaryImpl::Private::summaryOutNode(_, this, _) }
class SummaryOutNode extends OutNode, FlowSummaryNode {
SummaryOutNode() { FlowSummaryImpl::Private::summaryOutNode(_, this.getSummaryNode(), _) }
override DataFlowCall getCall(ReturnKind kind) {
FlowSummaryImpl::Private::summaryOutNode(result, this, kind)
FlowSummaryImpl::Private::summaryOutNode(result, this.getSummaryNode(), kind)
}
}
@@ -642,7 +640,8 @@ private module OutNodes {
import OutNodes
predicate jumpStep(Node pred, Node succ) {
FlowSummaryImpl::Private::Steps::summaryJumpStep(pred, succ)
FlowSummaryImpl::Private::Steps::summaryJumpStep(pred.(FlowSummaryNode).getSummaryNode(),
succ.(FlowSummaryNode).getSummaryNode())
}
predicate storeStep(Node node1, ContentSet c, Node node2) {
@@ -692,7 +691,8 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
init.isFailable()
)
or
FlowSummaryImpl::Private::Steps::summaryStoreStep(node1, c, node2)
FlowSummaryImpl::Private::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), c,
node2.(FlowSummaryNode).getSummaryNode())
}
predicate isLValue(Expr e) { any(AssignExpr assign).getDest() = e }
@@ -793,6 +793,8 @@ class DataFlowType extends TDataFlowType {
string toString() { result = "" }
}
predicate typeStrongerThan(DataFlowType t1, DataFlowType t2) { none() }
/** Gets the type of `n` used for type pruning. */
DataFlowType getNodeType(NodeImpl n) {
any() // return the singleton DataFlowType until we support type pruning for Swift
@@ -828,11 +830,14 @@ private module PostUpdateNodes {
override DataFlowCallable getEnclosingCallable() { result = TDataFlowFunc(n.getScope()) }
}
class SummaryPostUpdateNode extends SummaryNode, PostUpdateNodeImpl {
SummaryPostUpdateNode() { FlowSummaryImpl::Private::summaryPostUpdateNode(this, _) }
class SummaryPostUpdateNode extends FlowSummaryNode, PostUpdateNodeImpl {
SummaryPostUpdateNode() {
FlowSummaryImpl::Private::summaryPostUpdateNode(this.getSummaryNode(), _)
}
override Node getPreUpdateNode() {
FlowSummaryImpl::Private::summaryPostUpdateNode(this, result)
FlowSummaryImpl::Private::summaryPostUpdateNode(this.getSummaryNode(),
result.(FlowSummaryNode).getSummaryNode())
}
}
}
@@ -844,6 +849,12 @@ class CastNode extends Node {
CastNode() { none() }
}
/**
* Holds if `n` should never be skipped over in the `PathGraph` and in path
* explanations.
*/
predicate neverSkipInPathGraph(Node n) { none() }
class DataFlowExpr = Expr;
class DataFlowParameter = ParamDecl;
@@ -881,7 +892,7 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) {
receiver.asExpr() = call.asCall().getExpr().(ApplyExpr).getFunction()
or
kind = TLambdaCallKind() and
receiver = call.(SummaryCall).getReceiver()
receiver.(FlowSummaryNode).getSummaryNode() = call.(SummaryCall).getReceiver()
or
kind = TLambdaCallKind() and
receiver.asExpr() = call.asKeyPath().getExpr().(KeyPathApplicationExpr).getKeyPath()

196
swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -180,6 +180,11 @@ module Public {
result = "Argument[" + getParameterPosition(pos) + "]"
)
or
exists(string synthetic |
sc = TSyntheticGlobalSummaryComponent(synthetic) and
result = "SyntheticGlobal[" + synthetic + "]"
)
or
sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue"
}
@@ -505,6 +510,9 @@ module Private {
or
// Add the post-update node corresponding to the requested argument node
outputState(c, s) and isCallbackParameter(s)
or
// Add the parameter node for parameter side-effects
outputState(c, s) and s = SummaryComponentStack::argument(_)
}
private newtype TSummaryNodeState =
@@ -530,7 +538,7 @@ module Private {
* this state represents that the components in `s` _remain to be written_ to
* the output.
*/
class SummaryNodeState extends TSummaryNodeState {
private class SummaryNodeState extends TSummaryNodeState {
/** Holds if this state is a valid input state for `c`. */
pragma[nomagic]
predicate isInputState(SummarizedCallable c, SummaryComponentStack s) {
@@ -559,6 +567,42 @@ module Private {
}
}
private newtype TSummaryNode =
TSummaryInternalNode(SummarizedCallable c, SummaryNodeState state) {
summaryNodeRange(c, state)
} or
TSummaryParameterNode(SummarizedCallable c, ParameterPosition pos) {
summaryParameterNodeRange(c, pos)
}
abstract class SummaryNode extends TSummaryNode {
abstract string toString();
abstract SummarizedCallable getSummarizedCallable();
}
private class SummaryInternalNode extends SummaryNode, TSummaryInternalNode {
private SummarizedCallable c;
private SummaryNodeState state;
SummaryInternalNode() { this = TSummaryInternalNode(c, state) }
override string toString() { result = "[summary] " + state + " in " + c }
override SummarizedCallable getSummarizedCallable() { result = c }
}
private class SummaryParamNode extends SummaryNode, TSummaryParameterNode {
private SummarizedCallable c;
private ParameterPosition pos;
SummaryParamNode() { this = TSummaryParameterNode(c, pos) }
override string toString() { result = "[summary param] " + pos + " in " + c }
override SummarizedCallable getSummarizedCallable() { result = c }
}
/**
* Holds if `state` represents having read from a parameter at position
* `pos` in `c`. In this case we are not synthesizing a data-flow node,
@@ -574,7 +618,7 @@ module Private {
* Holds if a synthesized summary node is needed for the state `state` in summarized
* callable `c`.
*/
predicate summaryNodeRange(SummarizedCallable c, SummaryNodeState state) {
private predicate summaryNodeRange(SummarizedCallable c, SummaryNodeState state) {
state.isInputState(c, _) and
not parameterReadState(c, state, _)
or
@@ -582,22 +626,22 @@ module Private {
}
pragma[noinline]
private Node summaryNodeInputState(SummarizedCallable c, SummaryComponentStack s) {
private SummaryNode summaryNodeInputState(SummarizedCallable c, SummaryComponentStack s) {
exists(SummaryNodeState state | state.isInputState(c, s) |
result = summaryNode(c, state)
result = TSummaryInternalNode(c, state)
or
exists(ParameterPosition pos |
parameterReadState(c, state, pos) and
result.(ParamNode).isParameterOf(inject(c), pos)
result = TSummaryParameterNode(c, pos)
)
)
}
pragma[noinline]
private Node summaryNodeOutputState(SummarizedCallable c, SummaryComponentStack s) {
private SummaryNode summaryNodeOutputState(SummarizedCallable c, SummaryComponentStack s) {
exists(SummaryNodeState state |
state.isOutputState(c, s) and
result = summaryNode(c, state)
result = TSummaryInternalNode(c, state)
)
}
@@ -605,12 +649,14 @@ module Private {
* Holds if a write targets `post`, which is a post-update node for a
* parameter at position `pos` in `c`.
*/
private predicate isParameterPostUpdate(Node post, SummarizedCallable c, ParameterPosition pos) {
private predicate isParameterPostUpdate(
SummaryNode post, SummarizedCallable c, ParameterPosition pos
) {
post = summaryNodeOutputState(c, SummaryComponentStack::argument(pos))
}
/** Holds if a parameter node at position `pos` is required for `c`. */
predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
private predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
parameterReadState(c, _, pos)
or
// Same as `isParameterPostUpdate(_, c, pos)`, but can be used in a negative context
@@ -618,7 +664,7 @@ module Private {
}
private predicate callbackOutput(
SummarizedCallable c, SummaryComponentStack s, Node receiver, ReturnKind rk
SummarizedCallable c, SummaryComponentStack s, SummaryNode receiver, ReturnKind rk
) {
any(SummaryNodeState state).isInputState(c, s) and
s.head() = TReturnSummaryComponent(rk) and
@@ -626,7 +672,7 @@ module Private {
}
private predicate callbackInput(
SummarizedCallable c, SummaryComponentStack s, Node receiver, ArgumentPosition pos
SummarizedCallable c, SummaryComponentStack s, SummaryNode receiver, ArgumentPosition pos
) {
any(SummaryNodeState state).isOutputState(c, s) and
s.head() = TParameterSummaryComponent(pos) and
@@ -634,7 +680,7 @@ module Private {
}
/** Holds if a call targeting `receiver` should be synthesized inside `c`. */
predicate summaryCallbackRange(SummarizedCallable c, Node receiver) {
predicate summaryCallbackRange(SummarizedCallable c, SummaryNode receiver) {
callbackOutput(c, _, receiver, _)
or
callbackInput(c, _, receiver, _)
@@ -647,10 +693,10 @@ module Private {
* `getContentType()`, `getReturnType()`, `getCallbackParameterType()`, and
* `getCallbackReturnType()`.
*/
DataFlowType summaryNodeType(Node n) {
exists(Node pre |
DataFlowType summaryNodeType(SummaryNode n) {
exists(SummaryNode pre |
summaryPostUpdateNode(n, pre) and
result = getNodeType(pre)
result = summaryNodeType(pre)
)
or
exists(SummarizedCallable c, SummaryComponentStack s, SummaryComponent head | head = s.head() |
@@ -662,12 +708,12 @@ module Private {
)
or
head = TWithoutContentSummaryComponent(_) and
result = getNodeType(summaryNodeInputState(c, s.tail()))
result = summaryNodeType(summaryNodeInputState(c, s.tail()))
or
exists(ReturnKind rk |
head = TReturnSummaryComponent(rk) and
result =
getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c),
getCallbackReturnType(summaryNodeType(summaryNodeInputState(pragma[only_bind_out](c),
s.tail())), rk)
)
or
@@ -675,6 +721,11 @@ module Private {
head = TSyntheticGlobalSummaryComponent(sg) and
result = getSyntheticGlobalType(sg)
)
or
exists(ParameterPosition pos |
head = TArgumentSummaryComponent(pos) and
result = getParameterType(c, pos)
)
)
or
n = summaryNodeOutputState(c, s) and
@@ -691,7 +742,7 @@ module Private {
or
exists(ArgumentPosition pos | head = TParameterSummaryComponent(pos) |
result =
getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c),
getCallbackParameterType(summaryNodeType(summaryNodeInputState(pragma[only_bind_out](c),
s.tail())), pos)
)
or
@@ -703,9 +754,14 @@ module Private {
)
}
/** Holds if summary node `p` is a parameter with position `pos`. */
predicate summaryParameterNode(SummaryNode p, ParameterPosition pos) {
p = TSummaryParameterNode(_, pos)
}
/** Holds if summary node `out` contains output of kind `rk` from call `c`. */
predicate summaryOutNode(DataFlowCall c, Node out, ReturnKind rk) {
exists(SummarizedCallable callable, SummaryComponentStack s, Node receiver |
predicate summaryOutNode(DataFlowCall c, SummaryNode out, ReturnKind rk) {
exists(SummarizedCallable callable, SummaryComponentStack s, SummaryNode receiver |
callbackOutput(callable, s, receiver, rk) and
out = summaryNodeInputState(callable, s) and
c = summaryDataFlowCall(receiver)
@@ -713,8 +769,8 @@ module Private {
}
/** Holds if summary node `arg` is at position `pos` in the call `c`. */
predicate summaryArgumentNode(DataFlowCall c, Node arg, ArgumentPosition pos) {
exists(SummarizedCallable callable, SummaryComponentStack s, Node receiver |
predicate summaryArgumentNode(DataFlowCall c, SummaryNode arg, ArgumentPosition pos) {
exists(SummarizedCallable callable, SummaryComponentStack s, SummaryNode receiver |
callbackInput(callable, s, receiver, pos) and
arg = summaryNodeOutputState(callable, s) and
c = summaryDataFlowCall(receiver)
@@ -722,10 +778,10 @@ module Private {
}
/** Holds if summary node `post` is a post-update node with pre-update node `pre`. */
predicate summaryPostUpdateNode(Node post, Node pre) {
predicate summaryPostUpdateNode(SummaryNode post, SummaryNode pre) {
exists(SummarizedCallable c, ParameterPosition pos |
isParameterPostUpdate(post, c, pos) and
pre.(ParamNode).isParameterOf(inject(c), pos)
pre = TSummaryParameterNode(c, pos)
)
or
exists(SummarizedCallable callable, SummaryComponentStack s |
@@ -736,7 +792,7 @@ module Private {
}
/** Holds if summary node `ret` is a return node of kind `rk`. */
predicate summaryReturnNode(Node ret, ReturnKind rk) {
predicate summaryReturnNode(SummaryNode ret, ReturnKind rk) {
exists(SummaryComponentStack s |
ret = summaryNodeOutputState(_, s) and
s = TSingletonSummaryComponentStack(TReturnSummaryComponent(rk))
@@ -748,7 +804,9 @@ module Private {
* node, and back out to `p`.
*/
predicate summaryAllowParameterReturnInSelf(ParamNode p) {
exists(SummarizedCallable c, ParameterPosition ppos | p.isParameterOf(inject(c), ppos) |
exists(SummarizedCallable c, ParameterPosition ppos |
p.isParameterOf(inject(c), pragma[only_bind_into](ppos))
|
exists(SummaryComponentStack inputContents, SummaryComponentStack outputContents |
summary(c, inputContents, outputContents, _) and
inputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) and
@@ -763,7 +821,7 @@ module Private {
* Holds if there is a local step from `pred` to `succ`, which is synthesized
* from a flow summary.
*/
predicate summaryLocalStep(Node pred, Node succ, boolean preservesValue) {
predicate summaryLocalStep(SummaryNode pred, SummaryNode succ, boolean preservesValue) {
exists(
SummarizedCallable c, SummaryComponentStack inputContents,
SummaryComponentStack outputContents
@@ -789,7 +847,7 @@ module Private {
* Holds if there is a read step of content `c` from `pred` to `succ`, which
* is synthesized from a flow summary.
*/
predicate summaryReadStep(Node pred, ContentSet c, Node succ) {
predicate summaryReadStep(SummaryNode pred, ContentSet c, SummaryNode succ) {
exists(SummarizedCallable sc, SummaryComponentStack s |
pred = summaryNodeInputState(sc, s.tail()) and
succ = summaryNodeInputState(sc, s) and
@@ -801,7 +859,7 @@ module Private {
* Holds if there is a store step of content `c` from `pred` to `succ`, which
* is synthesized from a flow summary.
*/
predicate summaryStoreStep(Node pred, ContentSet c, Node succ) {
predicate summaryStoreStep(SummaryNode pred, ContentSet c, SummaryNode succ) {
exists(SummarizedCallable sc, SummaryComponentStack s |
pred = summaryNodeOutputState(sc, s) and
succ = summaryNodeOutputState(sc, s.tail()) and
@@ -813,7 +871,7 @@ module Private {
* Holds if there is a jump step from `pred` to `succ`, which is synthesized
* from a flow summary.
*/
predicate summaryJumpStep(Node pred, Node succ) {
predicate summaryJumpStep(SummaryNode pred, SummaryNode succ) {
exists(SummaryComponentStack s |
s = SummaryComponentStack::singleton(SummaryComponent::syntheticGlobal(_)) and
pred = summaryNodeOutputState(_, s) and
@@ -840,9 +898,9 @@ module Private {
* `a` on line 2 to the post-update node for `a` on that line (via an intermediate
* node where field `b` is cleared).
*/
predicate summaryClearsContent(Node n, ContentSet c) {
predicate summaryClearsContent(SummaryNode n, ContentSet c) {
exists(SummarizedCallable sc, SummaryNodeState state, SummaryComponentStack stack |
n = summaryNode(sc, state) and
n = TSummaryInternalNode(sc, state) and
state.isInputState(sc, stack) and
stack.head() = SummaryComponent::withoutContent(c)
)
@@ -852,9 +910,9 @@ module Private {
* Holds if the value that is being tracked is expected to be stored inside
* content `c` at `n`.
*/
predicate summaryExpectsContent(Node n, ContentSet c) {
predicate summaryExpectsContent(SummaryNode n, ContentSet c) {
exists(SummarizedCallable sc, SummaryNodeState state, SummaryComponentStack stack |
n = summaryNode(sc, state) and
n = TSummaryInternalNode(sc, state) and
state.isInputState(sc, stack) and
stack.head() = SummaryComponent::withContent(c)
)
@@ -862,17 +920,17 @@ module Private {
pragma[noinline]
private predicate viableParam(
DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos, ParamNode p
DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos, SummaryParamNode p
) {
exists(DataFlowCallable c |
c = inject(sc) and
p.isParameterOf(c, ppos) and
p = TSummaryParameterNode(sc, ppos) and
c = viableCallable(call)
)
}
pragma[nomagic]
private ParamNode summaryArgParam0(DataFlowCall call, ArgNode arg, SummarizedCallable sc) {
private SummaryParamNode summaryArgParam(DataFlowCall call, ArgNode arg, SummarizedCallable sc) {
exists(ParameterPosition ppos |
argumentPositionMatch(call, arg, ppos) and
viableParam(call, sc, ppos, result)
@@ -884,12 +942,12 @@ module Private {
* local steps. `clearsOrExpects` records whether any node on the path from `p` to
* `n` either clears or expects contents.
*/
private predicate paramReachesLocal(ParamNode p, Node n, boolean clearsOrExpects) {
private predicate paramReachesLocal(SummaryParamNode p, SummaryNode n, boolean clearsOrExpects) {
viableParam(_, _, _, p) and
n = p and
clearsOrExpects = false
or
exists(Node mid, boolean clearsOrExpectsMid |
exists(SummaryNode mid, boolean clearsOrExpectsMid |
paramReachesLocal(p, mid, clearsOrExpectsMid) and
summaryLocalStep(mid, n, true) and
if
@@ -909,21 +967,33 @@ module Private {
*/
pragma[nomagic]
predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) {
exists(ParamNode p, ParameterPosition ppos, Node ret |
exists(SummaryParamNode p, ParameterPosition ppos, SummaryNode ret |
paramReachesLocal(p, ret, true) and
p = summaryArgParam0(_, arg, sc) and
p.isParameterOf(_, pragma[only_bind_into](ppos)) and
p = summaryArgParam(_, arg, sc) and
p = TSummaryParameterNode(_, pragma[only_bind_into](ppos)) and
isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos))
)
}
pragma[nomagic]
private predicate summaryReturnNodeExt(SummaryNode ret, ReturnKindExt rk) {
summaryReturnNode(ret, rk.(ValueReturnKind).getKind())
or
exists(SummaryParamNode p, SummaryNode pre, ParameterPosition pos |
paramReachesLocal(p, pre, _) and
summaryPostUpdateNode(ret, pre) and
p = TSummaryParameterNode(_, pos) and
rk.(ParamUpdateReturnKind).getPosition() = pos
)
}
bindingset[ret]
private ParamNode summaryArgParam(
ArgNode arg, ReturnNodeExt ret, OutNodeExt out, SummarizedCallable sc
private SummaryParamNode summaryArgParamRetOut(
ArgNode arg, SummaryNode ret, OutNodeExt out, SummarizedCallable sc
) {
exists(DataFlowCall call, ReturnKindExt rk |
result = summaryArgParam0(call, arg, sc) and
ret.getKind() = pragma[only_bind_into](rk) and
result = summaryArgParam(call, arg, sc) and
summaryReturnNodeExt(ret, pragma[only_bind_into](rk)) and
out = pragma[only_bind_into](rk).getAnOutNode(call)
)
}
@@ -936,9 +1006,9 @@ module Private {
* be useful to include in the exposed local data-flow/taint-tracking relations.
*/
predicate summaryThroughStepValue(ArgNode arg, Node out, SummarizedCallable sc) {
exists(ReturnKind rk, ReturnNode ret, DataFlowCall call |
summaryLocalStep(summaryArgParam0(call, arg, sc), ret, true) and
ret.getKind() = pragma[only_bind_into](rk) and
exists(ReturnKind rk, SummaryNode ret, DataFlowCall call |
summaryLocalStep(summaryArgParam(call, arg, sc), ret, true) and
summaryReturnNode(ret, pragma[only_bind_into](rk)) and
out = getAnOutNode(call, pragma[only_bind_into](rk))
)
}
@@ -951,7 +1021,9 @@ module Private {
* be useful to include in the exposed local data-flow/taint-tracking relations.
*/
predicate summaryThroughStepTaint(ArgNode arg, Node out, SummarizedCallable sc) {
exists(ReturnNodeExt ret | summaryLocalStep(summaryArgParam(arg, ret, out, sc), ret, false))
exists(SummaryNode ret |
summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), ret, false)
)
}
/**
@@ -962,8 +1034,8 @@ module Private {
* be useful to include in the exposed local data-flow/taint-tracking relations.
*/
predicate summaryGetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) {
exists(Node mid, ReturnNodeExt ret |
summaryReadStep(summaryArgParam(arg, ret, out, sc), c, mid) and
exists(SummaryNode mid, SummaryNode ret |
summaryReadStep(summaryArgParamRetOut(arg, ret, out, sc), c, mid) and
summaryLocalStep(mid, ret, _)
)
}
@@ -976,8 +1048,8 @@ module Private {
* be useful to include in the exposed local data-flow/taint-tracking relations.
*/
predicate summarySetterStep(ArgNode arg, ContentSet c, Node out, SummarizedCallable sc) {
exists(Node mid, ReturnNodeExt ret |
summaryLocalStep(summaryArgParam(arg, ret, out, sc), mid, _) and
exists(SummaryNode mid, SummaryNode ret |
summaryLocalStep(summaryArgParamRetOut(arg, ret, out, sc), mid, _) and
summaryStoreStep(mid, c, ret)
)
}
@@ -1344,11 +1416,11 @@ module Private {
}
private newtype TNodeOrCall =
MkNode(Node n) {
MkNode(SummaryNode n) {
exists(RelevantSummarizedCallable c |
n = summaryNode(c, _)
n = TSummaryInternalNode(c, _)
or
n.(ParamNode).isParameterOf(inject(c), _)
n = TSummaryParameterNode(c, _)
)
} or
MkCall(DataFlowCall call) {
@@ -1357,7 +1429,7 @@ module Private {
}
private class NodeOrCall extends TNodeOrCall {
Node asNode() { this = MkNode(result) }
SummaryNode asNode() { this = MkNode(result) }
DataFlowCall asCall() { this = MkCall(result) }
@@ -1377,9 +1449,11 @@ module Private {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.asNode().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
or
this.asCall().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
filepath = "" and
startline = 0 and
startcolumn = 0 and
endline = 0 and
endcolumn = 0
}
}

8
swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll
View File

@@ -20,15 +20,15 @@ DataFlowCallable inject(SummarizedCallable c) { result.getUnderlyingCallable() =
/** Gets the parameter position of the instance parameter. */
ArgumentPosition callbackSelfParameterPosition() { result instanceof ThisArgumentPosition }
/** Gets the synthesized summary data-flow node for the given values. */
Node summaryNode(SummarizedCallable c, SummaryNodeState state) { result = TSummaryNode(c, state) }
/** Gets the synthesized data-flow call for `receiver`. */
SummaryCall summaryDataFlowCall(Node receiver) { receiver = result.getReceiver() }
SummaryCall summaryDataFlowCall(SummaryNode receiver) { receiver = result.getReceiver() }
/** Gets the type of content `c`. */
DataFlowType getContentType(ContentSet c) { any() }
/** Gets the type of the parameter at the given position. */
DataFlowType getParameterType(SummarizedCallable c, ParameterPosition pos) { any() }
/** Gets the return type of kind `rk` for callable `c`. */
bindingset[c]
DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) { any() }

3
swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
View File

@@ -68,7 +68,8 @@ private module Cached {
)
or
// flow through a flow summary (extension of `SummaryModelCsv`)
FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)
FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(),
nodeTo.(FlowSummaryNode).getSummaryNode(), false)
or
any(AdditionalTaintStep a).step(nodeFrom, nodeTo)
}

18
swift/ql/lib/codeql/swift/elements/Diagnostics.qll
View File

@@ -1,8 +1,14 @@
private import codeql.swift.generated.Diagnostics
/**
* A compiler-generated error, warning, note or remark.
*/
class Diagnostics extends Generated::Diagnostics {
override string toString() { result = this.getSeverity() + ": " + this.getText() }
/**
* Gets a string representing the severity of this compiler diagnostic.
*/
string getSeverity() {
this.getKind() = 1 and result = "error"
or
@@ -14,18 +20,30 @@ class Diagnostics extends Generated::Diagnostics {
}
}
/**
* A compiler error message.
*/
class CompilerError extends Diagnostics {
CompilerError() { this.getSeverity() = "error" }
}
/**
* A compiler-generated warning.
*/
class CompilerWarning extends Diagnostics {
CompilerWarning() { this.getSeverity() = "warning" }
}
/**
* A compiler-generated note (typically attached to an error or warning).
*/
class CompilerNote extends Diagnostics {
CompilerNote() { this.getSeverity() = "note" }
}
/**
* A compiler-generated remark (milder than a warning, this does not indicate an issue).
*/
class CompilerRemark extends Diagnostics {
CompilerRemark() { this.getSeverity() = "remark" }
}

15
swift/ql/lib/codeql/swift/elements/File.qll
View File

@@ -1,4 +1,6 @@
private import codeql.swift.generated.File
private import codeql.swift.elements.Location
private import codeql.swift.elements.UnknownLocation
class File extends Generated::File {
/** toString */
@@ -17,4 +19,17 @@ class File extends Generated::File {
string getBaseName() {
result = this.getAbsolutePath().regexpCapture(".*/(([^/]*?)(?:\\.([^.]*))?)", 1)
}
/**
* Gets the number of lines containing code in this file. This value
* is approximate.
*/
int getNumberOfLinesOfCode() {
result =
count(int line |
exists(Location loc |
not loc instanceof UnknownLocation and loc.getFile() = this and loc.getStartLine() = line
)
)
}
}

26
swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll
View File

@@ -9,8 +9,32 @@ class VarDecl extends Generated::VarDecl {
}
/**
* A field declaration.
* A field declaration. That is, a variable declaration that is a member of a
* class, struct, enum or protocol.
*/
class FieldDecl extends VarDecl {
FieldDecl() { this = any(Decl ctx).getAMember() }
/**
* Holds if this field is called `fieldName` and is a member of a
* class, struct, extension, enum or protocol called `typeName`.
*/
cached
predicate hasQualifiedName(string typeName, string fieldName) {
this.getName() = fieldName and
exists(Decl d |
d.asNominalTypeDecl().getFullName() = typeName and
d.getAMember() = this
)
}
/**
* Holds if this field is called `fieldName` and is a member of a
* class, struct, extension, enum or protocol called `typeName` in a module
* called `moduleName`.
*/
predicate hasQualifiedName(string moduleName, string typeName, string fieldName) {
this.hasQualifiedName(typeName, fieldName) and
this.getModule().getFullName() = moduleName
}
}

4
swift/ql/lib/codeql/swift/elements/pattern/NamedPattern.qll
View File

@@ -19,8 +19,8 @@ class NamedPattern extends Generated::NamedPattern {
* This will be the case as long as the variable is subsequently used.
*/
VarDecl getVarDecl() {
this.getImmediateEnclosingPattern*() = result.getParentPattern().getFullyUnresolved() and
result.getName() = this.getName()
this.getImmediateEnclosingPattern*() = result.getImmediateParentPattern() and
pragma[only_bind_out](result.getName()) = pragma[only_bind_out](this.getName())
}
override string toString() { result = this.getName() }

19
swift/ql/lib/codeql/swift/elements/stmt/BraceStmt.qll
View File

@@ -11,4 +11,23 @@ class BraceStmt extends Generated::BraceStmt {
}
override string toString() { result = "{ ... }" }
override AstNode getImmediateElement(int index) {
result =
rank[index + 1](AstNode element, int i |
element = super.getImmediateElement(i) and
not element instanceof VarDecl
|
element order by i
)
}
override VarDecl getVariable(int index) {
result =
rank[index + 1](VarDecl variable, int i |
variable = super.getImmediateElement(i)
|
variable order by i
)
}
}

5
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll
View File

@@ -47,9 +47,6 @@ private class CollectionFieldsInheritTaint extends TaintInheritingContent,
DataFlow::Content::FieldContent
{
CollectionFieldsInheritTaint() {
exists(FieldDecl f | this.getField() = f |
f.getEnclosingDecl().asNominalTypeDecl().getName() = ["Collection", "BidirectionalCollection"] and
f.getName() = ["first", "last"]
)
this.getField().hasQualifiedName(["Collection", "BidirectionalCollection"], ["first", "last"])
}
}

28
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll
View File

@@ -132,20 +132,18 @@ private class NsStringFieldsInheritTaint extends TaintInheritingContent,
DataFlow::Content::FieldContent
{
NsStringFieldsInheritTaint() {
exists(FieldDecl f | this.getField() = f |
f.getEnclosingDecl().asNominalTypeDecl().getName() = "NSString" and
f.getName() =
[
"utf8String", "lowercased", "localizedLowedCase", "uppercased", "localizedUppercase",
"capitalized", "localizedCapitalized", "decomposedStringWithCanonicalMapping",
"decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping",
"precomposedStringWithCompatibilityMapping", "doubleValue", "floatValue", "intValue",
"integerValue", "longLongValue", "boolValue", "description", "pathComponents",
"fileSystemRepresentation", "lastPathComponent", "pathExtension",
"abbreviatingWithTildeInPath", "deletingLastPathComponent", "deletingPathExtension",
"expandingTildeInPath", "resolvingSymlinksInPath", "standardizingPath",
"removingPercentEncoding"
]
)
this.getField()
.hasQualifiedName("NSString",
[
"utf8String", "lowercased", "localizedLowedCase", "uppercased", "localizedUppercase",
"capitalized", "localizedCapitalized", "decomposedStringWithCanonicalMapping",
"decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping",
"precomposedStringWithCompatibilityMapping", "doubleValue", "floatValue", "intValue",
"integerValue", "longLongValue", "boolValue", "description", "pathComponents",
"fileSystemRepresentation", "lastPathComponent", "pathExtension",
"abbreviatingWithTildeInPath", "deletingLastPathComponent", "deletingPathExtension",
"expandingTildeInPath", "resolvingSymlinksInPath", "standardizingPath",
"removingPercentEncoding"
])
}
}

7
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll
View File

@@ -36,10 +36,5 @@ private class SequenceSummaries extends SummaryModelCsv {
private class SequenceFieldsInheritTaint extends TaintInheritingContent,
DataFlow::Content::FieldContent
{
SequenceFieldsInheritTaint() {
exists(FieldDecl f | this.getField() = f |
f.getEnclosingDecl().asNominalTypeDecl().getName() = "Sequence" and
f.getName() = "lazy"
)
}
SequenceFieldsInheritTaint() { this.getField().hasQualifiedName("Sequence", "lazy") }
}

21
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll
View File

@@ -124,16 +124,15 @@ private class StringFieldsInheritTaint extends TaintInheritingContent,
DataFlow::Content::FieldContent
{
StringFieldsInheritTaint() {
exists(FieldDecl f | this.getField() = f |
f.getEnclosingDecl().asNominalTypeDecl().getName() = ["String", "StringProtocol"] and
f.getName() =
[
"unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description",
"debugDescription", "dataValue", "identifierValue", "capitalized", "localizedCapitalized",
"localizedLowercase", "localizedUppercase", "decomposedStringWithCanonicalMapping",
"decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping",
"precomposedStringWithCompatibilityMapping", "removingPercentEncoding"
]
)
this.getField()
.hasQualifiedName(["String", "StringProtocol"],
[
"unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description",
"debugDescription", "dataValue", "identifierValue", "capitalized",
"localizedCapitalized", "localizedLowercase", "localizedUppercase",
"decomposedStringWithCanonicalMapping", "decomposedStringWithCompatibilityMapping",
"precomposedStringWithCanonicalMapping", "precomposedStringWithCompatibilityMapping",
"removingPercentEncoding"
])
}
}

7
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll
View File

@@ -208,10 +208,5 @@ private class WKUserScriptSummaries extends SummaryModelCsv {
private class WKUserScriptInheritsTaint extends TaintInheritingContent,
DataFlow::Content::FieldContent
{
WKUserScriptInheritsTaint() {
exists(FieldDecl f | this.getField() = f |
f.getEnclosingDecl().asNominalTypeDecl().getName() = "WKUserScript" and
f.getName() = "source"
)
}
WKUserScriptInheritsTaint() { this.getField().hasQualifiedName("WKUserScript", "source") }
}

12
swift/ql/lib/codeql/swift/generated/ParentChild.qll generated
View File

@@ -3434,18 +3434,22 @@ private module Impl {
}
private Element getImmediateChildOfBraceStmt(BraceStmt e, int index, string partialPredicateCall) {
exists(int b, int bStmt, int n, int nElement |
exists(int b, int bStmt, int n, int nVariable, int nElement |
b = 0 and
bStmt = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfStmt(e, i, _)) | i) and
n = bStmt and
nElement = n + 1 + max(int i | i = -1 or exists(e.getImmediateElement(i)) | i) and
nVariable = n + 1 + max(int i | i = -1 or exists(e.getVariable(i)) | i) and
nElement = nVariable + 1 + max(int i | i = -1 or exists(e.getImmediateElement(i)) | i) and
(
none()
or
result = getImmediateChildOfStmt(e, index - b, partialPredicateCall)
or
result = e.getImmediateElement(index - n) and
partialPredicateCall = "Element(" + (index - n).toString() + ")"
result = e.getVariable(index - n) and
partialPredicateCall = "Variable(" + (index - n).toString() + ")"
or
result = e.getImmediateElement(index - nVariable) and
partialPredicateCall = "Element(" + (index - nVariable).toString() + ")"
)
)
}

2
swift/ql/lib/codeql/swift/generated/Raw.qll generated
View File

@@ -1096,7 +1096,7 @@ module Raw {
/**
* Gets the closure body of this capture list expression.
*/
ExplicitClosureExpr getClosureBody() { capture_list_exprs(this, result) }
ClosureExpr getClosureBody() { capture_list_exprs(this, result) }
}
/**

10
swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll generated
View File

@@ -1,7 +1,7 @@
// generated by codegen/codegen.py
private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.expr.ExplicitClosureExpr
import codeql.swift.elements.expr.ClosureExpr
import codeql.swift.elements.expr.Expr
import codeql.swift.elements.decl.PatternBindingDecl
@@ -35,9 +35,9 @@ module Generated {
* This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
* behavior of both the `Immediate` and non-`Immediate` versions.
*/
ExplicitClosureExpr getImmediateClosureBody() {
ClosureExpr getImmediateClosureBody() {
result =
Synth::convertExplicitClosureExprFromRaw(Synth::convertCaptureListExprToRaw(this)
Synth::convertClosureExprFromRaw(Synth::convertCaptureListExprToRaw(this)
.(Raw::CaptureListExpr)
.getClosureBody())
}
@@ -45,8 +45,8 @@ module Generated {
/**
* Gets the closure body of this capture list expression.
*/
final ExplicitClosureExpr getClosureBody() {
exists(ExplicitClosureExpr immediate |
final ClosureExpr getClosureBody() {
exists(ClosureExpr immediate |
immediate = this.getImmediateClosureBody() and
if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve()
)

16
swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll generated
View File

@@ -3,11 +3,27 @@ private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.AstNode
import codeql.swift.elements.stmt.Stmt
import codeql.swift.elements.decl.VarDecl
module Generated {
class BraceStmt extends Synth::TBraceStmt, Stmt {
override string getAPrimaryQlClass() { result = "BraceStmt" }
/**
* Gets the `index`th variable declared in the scope of this brace statement (0-based).
*/
VarDecl getVariable(int index) { none() }
/**
* Gets any of the variables declared in the scope of this brace statement.
*/
final VarDecl getAVariable() { result = this.getVariable(_) }
/**
* Gets the number of variables declared in the scope of this brace statement.
*/
final int getNumberOfVariables() { result = count(int i | exists(this.getVariable(i))) }
/**
* Gets the `index`th element of this brace statement (0-based).
*

7
swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
View File

@@ -74,12 +74,7 @@ private class OsLogNonRedactedType extends Type {
private class OsLogPrivacyRef extends MemberRefExpr {
string optionName;
OsLogPrivacyRef() {
exists(FieldDecl f | this.getMember() = f |
f.getEnclosingDecl().asNominalTypeDecl().getName() = "OSLogPrivacy" and
optionName = f.getName()
)
}
OsLogPrivacyRef() { this.getMember().(FieldDecl).hasQualifiedName("OSLogPrivacy", optionName) }
/** Holds if this is a safe privacy option (private or sensitive). */
predicate isSafe() { optionName = ["private", "sensitive"] }

3
swift/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/swift-all
version: 0.1.0
version: 0.1.2-dev
groups: swift
extractor: swift
dbscheme: swift.dbscheme
@@ -7,6 +7,7 @@ upgrades: upgrades
library: true
dependencies:
codeql/regex: ${workspace}
codeql/mad: ${workspace}
codeql/ssa: ${workspace}
codeql/tutorial: ${workspace}
codeql/util: ${workspace}

12
swift/ql/lib/swift.dbscheme generated
View File

@@ -829,7 +829,7 @@ bind_optional_exprs( //dir=expr
capture_list_exprs( //dir=expr
unique int id: @capture_list_expr,
int closure_body: @explicit_closure_expr_or_none ref
int closure_body: @closure_expr_or_none ref
);
#keyset[id, index]
@@ -2457,6 +2457,11 @@ variadic_sequence_types( //dir=type
| @unspecified_element
;
@closure_expr_or_none =
@closure_expr
| @unspecified_element
;
@condition_element_or_none =
@condition_element
| @unspecified_element
@@ -2472,11 +2477,6 @@ variadic_sequence_types( //dir=type
| @unspecified_element
;
@explicit_closure_expr_or_none =
@explicit_closure_expr
| @unspecified_element
;
@expr_or_none =
@expr
| @unspecified_element

2618
swift/ql/lib/upgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2618
swift/ql/lib/upgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/swift.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
swift/ql/lib/upgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: New entities added
compatibility: full

7
swift/ql/src/change-notes/2023-05-25-string-length-conflation-fp.md → swift/ql/src/CHANGELOG.md
View File

@@ -1,4 +1,5 @@
---
category: minorAnalysis
---
## 0.1.1
### Minor Analysis Improvements
* Fixed some false positive results from the `swift/string-length-conflation` query, caused by imprecise sinks.

5
swift/ql/src/change-notes/released/0.1.1.md Normal file
View File

@@ -0,0 +1,5 @@
## 0.1.1
### Minor Analysis Improvements
* Fixed some false positive results from the `swift/string-length-conflation` query, caused by imprecise sinks.

2
swift/ql/src/codeql-pack.release.yml Normal file
View File

@@ -0,0 +1,2 @@
---
lastReleaseVersion: 0.1.1

6
swift/ql/src/diagnostics/SuccessfullyExtractedLines.ql
View File

@@ -8,8 +8,4 @@
import swift
select count(File f, int line |
exists(Location loc |
not loc instanceof UnknownLocation and loc.getFile() = f and loc.getStartLine() = line
)
)
select sum(File f | | f.getNumberOfLinesOfCode())

2
swift/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/swift-queries
version: 0.1.0
version: 0.1.2-dev
groups:
- swift
- queries

6
swift/ql/src/queries/Summary/SummaryStats.ql
View File

@@ -38,6 +38,12 @@ float taintReach() { result = (taintedNodesCount() * 1000000.0) / count(DataFlow
predicate statistic(string what, string value) {
what = "Files" and value = count(File f).toString()
or
what = "Lines of code" and value = sum(File f | | f.getNumberOfLinesOfCode()).toString()
or
what = "Compiler errors" and value = count(CompilerError d).toString()
or
what = "Compiler warnings" and value = count(CompilerWarning d).toString()
or
what = "Expressions" and value = count(Expr e | not e.getFile() instanceof UnknownFile).toString()
or
what = "Local flow sources" and value = count(LocalFlowSource s).toString()

3
swift/ql/test/extractor-tests/errors/Errors.ql
View File

@@ -1,5 +1,6 @@
import swift
import TestUtils
from Locatable e
where e instanceof ErrorElement
where e instanceof ErrorElement and toBeTested(e)
select e, e.getPrimaryQlClasses()

236
swift/ql/test/extractor-tests/generated/decl/CapturedDecl/PrintAst.expected
View File

@@ -7,12 +7,12 @@ closures.swift:
# 5| [NamedFunction] captureList()
# 5| InterfaceType = () -> ()
# 5| getBody(): [BraceStmt] { ... }
# 6| getVariable(0): [ConcreteVarDecl] y
# 6| Type = Int
# 6| getElement(0): [PatternBindingDecl] var ... = ...
# 6| getInit(0): [IntegerLiteralExpr] 123
# 6| getPattern(0): [NamedPattern] y
# 6| getElement(1): [ConcreteVarDecl] y
# 6| Type = Int
# 7| getElement(2): [CallExpr] call to ...
# 7| getElement(1): [CallExpr] call to ...
# 7| getFunction(): [CaptureListExpr] { ... }
# 7| getBindingDecl(0): [PatternBindingDecl] var ... = ...
# 7| getInit(0): [CallExpr] call to hello()
@@ -58,12 +58,12 @@ closures.swift:
# 14| [NamedFunction] setEscape()
# 14| InterfaceType = () -> ()
# 14| getBody(): [BraceStmt] { ... }
# 15| getVariable(0): [ConcreteVarDecl] x
# 15| Type = Int
# 15| getElement(0): [PatternBindingDecl] var ... = ...
# 15| getInit(0): [IntegerLiteralExpr] 0
# 15| getPattern(0): [NamedPattern] x
# 15| getElement(1): [ConcreteVarDecl] x
# 15| Type = Int
# 16| getElement(2): [AssignExpr] ... = ...
# 16| getElement(1): [AssignExpr] ... = ...
# 16| getDest(): [DeclRefExpr] escape
# 16| getSource(): [ExplicitClosureExpr] { ... }
# 16| getBody(): [BraceStmt] { ... }
@@ -107,6 +107,10 @@ closures.swift:
# 27| [NamedFunction] logical()
# 27| InterfaceType = () -> Bool
# 27| getBody(): [BraceStmt] { ... }
# 28| getVariable(0): [ConcreteVarDecl] f
# 28| Type = ((Int) -> Int)?
# 29| getVariable(1): [ConcreteVarDecl] x
# 29| Type = Int?
# 28| getElement(0): [PatternBindingDecl] var ... = ...
# 28| getInit(0): [ExplicitClosureExpr] { ... }
# 28| getParam(0): [ParamDecl] x
@@ -126,17 +130,13 @@ closures.swift:
# 28| getPattern(0): [TypedPattern] ... as ...
# 28| getSubPattern(): [NamedPattern] f
# 28| getTypeRepr(): [TypeRepr] ((Int) -> Int)?
# 28| getElement(1): [ConcreteVarDecl] f
# 28| Type = ((Int) -> Int)?
# 29| getElement(2): [PatternBindingDecl] var ... = ...
# 29| getElement(1): [PatternBindingDecl] var ... = ...
# 29| getInit(0): [IntegerLiteralExpr] 42
# 29| getInit(0).getFullyConverted(): [InjectIntoOptionalExpr] (Int?) ...
# 29| getPattern(0): [TypedPattern] ... as ...
# 29| getSubPattern(): [NamedPattern] x
# 29| getTypeRepr(): [TypeRepr] Int?
# 29| getElement(3): [ConcreteVarDecl] x
# 29| Type = Int?
# 30| getElement(4): [ReturnStmt] return ...
# 30| getElement(2): [ReturnStmt] return ...
# 30| getResult(): [BinaryExpr] ... .&&(_:_:) ...
# 31| getFunction(): [MethodLookupExpr] .&&(_:_:)
# 31| getBase(): [TypeExpr] Bool.Type
@@ -272,12 +272,16 @@ closures.swift:
# 50| [NamedFunction] foo()
# 50| InterfaceType = () -> Int
# 50| getBody(): [BraceStmt] { ... }
# 51| getVariable(0): [ConcreteVarDecl] x
# 51| Type = Int
# 52| getVariable(1): [ConcreteVarDecl] f
# 52| Type = (Int) -> ()
# 54| getVariable(2): [ConcreteVarDecl] r
# 54| Type = () -> Int
# 51| getElement(0): [PatternBindingDecl] var ... = ...
# 51| getInit(0): [IntegerLiteralExpr] 1
# 51| getPattern(0): [NamedPattern] x
# 51| getElement(1): [ConcreteVarDecl] x
# 51| Type = Int
# 52| getElement(2): [PatternBindingDecl] var ... = ...
# 52| getElement(1): [PatternBindingDecl] var ... = ...
# 52| getInit(0): [ExplicitClosureExpr] { ... }
# 52| getParam(0): [ParamDecl] y
# 52| Type = Int
@@ -295,9 +299,7 @@ closures.swift:
# 52| getExpr(): [DeclRefExpr] y
# 52| getCapture(0): [CapturedDecl] x
# 52| getPattern(0): [NamedPattern] f
# 52| getElement(3): [ConcreteVarDecl] f
# 52| Type = (Int) -> ()
# 53| getElement(4): [BinaryExpr] ... .+=(_:_:) ...
# 53| getElement(2): [BinaryExpr] ... .+=(_:_:) ...
# 53| getFunction(): [MethodLookupExpr] .+=(_:_:)
# 53| getBase(): [TypeExpr] Int.Type
# 53| getTypeRepr(): [TypeRepr] Int
@@ -307,7 +309,7 @@ closures.swift:
# 53| getSubExpr(): [DeclRefExpr] x
# 53| getArgument(1): [Argument] : 40
# 53| getExpr(): [IntegerLiteralExpr] 40
# 54| getElement(5): [PatternBindingDecl] var ... = ...
# 54| getElement(3): [PatternBindingDecl] var ... = ...
# 54| getInit(0): [ExplicitClosureExpr] { ... }
# 54| getBody(): [BraceStmt] { ... }
# 54| getElement(0): [ReturnStmt] return ...
@@ -315,13 +317,11 @@ closures.swift:
# 54| getResult().getFullyConverted(): [LoadExpr] (Int) ...
# 54| getCapture(0): [CapturedDecl] x
# 54| getPattern(0): [NamedPattern] r
# 54| getElement(6): [ConcreteVarDecl] r
# 54| Type = () -> Int
# 55| getElement(7): [CallExpr] call to ...
# 55| getElement(4): [CallExpr] call to ...
# 55| getFunction(): [DeclRefExpr] f
# 55| getArgument(0): [Argument] : 1
# 55| getExpr(): [IntegerLiteralExpr] 1
# 56| getElement(8): [ReturnStmt] return ...
# 56| getElement(5): [ReturnStmt] return ...
# 56| getResult(): [CallExpr] call to ...
# 56| getFunction(): [DeclRefExpr] r
# 51| [Comment] // x is a non-escaping capture of f and r
@@ -331,12 +331,16 @@ closures.swift:
# 59| [NamedFunction] bar()
# 59| InterfaceType = () -> () -> Int
# 59| getBody(): [BraceStmt] { ... }
# 60| getVariable(0): [ConcreteVarDecl] x
# 60| Type = Int
# 61| getVariable(1): [ConcreteVarDecl] f
# 61| Type = (Int) -> ()
# 63| getVariable(2): [ConcreteVarDecl] r
# 63| Type = () -> Int
# 60| getElement(0): [PatternBindingDecl] var ... = ...
# 60| getInit(0): [IntegerLiteralExpr] 1
# 60| getPattern(0): [NamedPattern] x
# 60| getElement(1): [ConcreteVarDecl] x
# 60| Type = Int
# 61| getElement(2): [PatternBindingDecl] var ... = ...
# 61| getElement(1): [PatternBindingDecl] var ... = ...
# 61| getInit(0): [ExplicitClosureExpr] { ... }
# 61| getParam(0): [ParamDecl] y
# 61| Type = Int
@@ -354,9 +358,7 @@ closures.swift:
# 61| getExpr(): [DeclRefExpr] y
# 61| getCapture(0): [CapturedDecl] x
# 61| getPattern(0): [NamedPattern] f
# 61| getElement(3): [ConcreteVarDecl] f
# 61| Type = (Int) -> ()
# 62| getElement(4): [BinaryExpr] ... .+=(_:_:) ...
# 62| getElement(2): [BinaryExpr] ... .+=(_:_:) ...
# 62| getFunction(): [MethodLookupExpr] .+=(_:_:)
# 62| getBase(): [TypeExpr] Int.Type
# 62| getTypeRepr(): [TypeRepr] Int
@@ -366,7 +368,7 @@ closures.swift:
# 62| getSubExpr(): [DeclRefExpr] x
# 62| getArgument(1): [Argument] : 40
# 62| getExpr(): [IntegerLiteralExpr] 40
# 63| getElement(5): [PatternBindingDecl] var ... = ...
# 63| getElement(3): [PatternBindingDecl] var ... = ...
# 63| getInit(0): [ExplicitClosureExpr] { ... }
# 63| getBody(): [BraceStmt] { ... }
# 63| getElement(0): [ReturnStmt] return ...
@@ -374,13 +376,11 @@ closures.swift:
# 63| getResult().getFullyConverted(): [LoadExpr] (Int) ...
# 63| getCapture(0): [CapturedDecl] x
# 63| getPattern(0): [NamedPattern] r
# 63| getElement(6): [ConcreteVarDecl] r
# 63| Type = () -> Int
# 64| getElement(7): [CallExpr] call to ...
# 64| getElement(4): [CallExpr] call to ...
# 64| getFunction(): [DeclRefExpr] f
# 64| getArgument(0): [Argument] : 1
# 64| getExpr(): [IntegerLiteralExpr] 1
# 65| getElement(8): [ReturnStmt] return ...
# 65| getElement(5): [ReturnStmt] return ...
# 65| getResult(): [DeclRefExpr] r
# 60| [Comment] // x is a non-escaping capture of f, escaping capture of r
# 60|
@@ -398,12 +398,14 @@ closures.swift:
# 69| [NamedFunction] baz()
# 69| InterfaceType = () -> () -> Int
# 69| getBody(): [BraceStmt] { ... }
# 70| getVariable(0): [ConcreteVarDecl] x
# 70| Type = Int
# 73| getVariable(1): [ConcreteVarDecl] r
# 73| Type = () -> Int
# 70| getElement(0): [PatternBindingDecl] var ... = ...
# 70| getInit(0): [IntegerLiteralExpr] 1
# 70| getPattern(0): [NamedPattern] x
# 70| getElement(1): [ConcreteVarDecl] x
# 70| Type = Int
# 71| getElement(2): [AssignExpr] ... = ...
# 71| getElement(1): [AssignExpr] ... = ...
# 71| getDest(): [DeclRefExpr] g
# 71| getSource(): [ExplicitClosureExpr] { ... }
# 71| getParam(0): [ParamDecl] y
@@ -422,7 +424,7 @@ closures.swift:
# 71| getExpr(): [DeclRefExpr] y
# 71| getCapture(0): [CapturedDecl] x
# 71| getSource().getFullyConverted(): [InjectIntoOptionalExpr] (((Int) -> Void)?) ...
# 72| getElement(3): [BinaryExpr] ... .+=(_:_:) ...
# 72| getElement(2): [BinaryExpr] ... .+=(_:_:) ...
# 72| getFunction(): [MethodLookupExpr] .+=(_:_:)
# 72| getBase(): [TypeExpr] Int.Type
# 72| getTypeRepr(): [TypeRepr] Int
@@ -432,7 +434,7 @@ closures.swift:
# 72| getSubExpr(): [DeclRefExpr] x
# 72| getArgument(1): [Argument] : 40
# 72| getExpr(): [IntegerLiteralExpr] 40
# 73| getElement(4): [PatternBindingDecl] var ... = ...
# 73| getElement(3): [PatternBindingDecl] var ... = ...
# 73| getInit(0): [ExplicitClosureExpr] { ... }
# 73| getBody(): [BraceStmt] { ... }
# 73| getElement(0): [ReturnStmt] return ...
@@ -440,15 +442,13 @@ closures.swift:
# 73| getResult().getFullyConverted(): [LoadExpr] (Int) ...
# 73| getCapture(0): [CapturedDecl] x
# 73| getPattern(0): [NamedPattern] r
# 73| getElement(5): [ConcreteVarDecl] r
# 73| Type = () -> Int
# 74| getElement(6): [CallExpr] call to ...
# 74| getElement(4): [CallExpr] call to ...
# 74| getFunction(): [ForceValueExpr] ...!
# 74| getSubExpr(): [DeclRefExpr] g
# 74| getSubExpr().getFullyConverted(): [LoadExpr] (((Int) -> Void)?) ...
# 74| getArgument(0): [Argument] : 1
# 74| getExpr(): [IntegerLiteralExpr] 1
# 75| getElement(7): [ReturnStmt] return ...
# 75| getElement(5): [ReturnStmt] return ...
# 75| getResult(): [DeclRefExpr] r
# 71| getCapture(0): [CapturedDecl] g
# 70| [Comment] // x is an escaping capture of g and r
@@ -458,20 +458,22 @@ closures.swift:
# 78| [NamedFunction] quux()
# 78| InterfaceType = () -> Int
# 78| getBody(): [BraceStmt] { ... }
# 79| getVariable(0): [ConcreteVarDecl] y
# 79| Type = Int
# 103| getVariable(1): [ConcreteVarDecl] a
# 103| Type = () -> Void
# 79| getElement(0): [PatternBindingDecl] var ... = ...
# 79| getInit(0): [IntegerLiteralExpr] 0
# 79| getPattern(0): [NamedPattern] y
# 79| getElement(1): [ConcreteVarDecl] y
# 79| Type = Int
# 81| getElement(2): [NamedFunction] f()
# 81| getElement(1): [NamedFunction] f()
# 81| InterfaceType = () -> () -> Void
# 81| getBody(): [BraceStmt] { ... }
# 82| getVariable(0): [ConcreteVarDecl] x
# 82| Type = Int
# 82| getElement(0): [PatternBindingDecl] var ... = ...
# 82| getInit(0): [IntegerLiteralExpr] 5
# 82| getPattern(0): [NamedPattern] x
# 82| getElement(1): [ConcreteVarDecl] x
# 82| Type = Int
# 84| getElement(2): [NamedFunction] a()
# 84| getElement(1): [NamedFunction] a()
# 84| InterfaceType = () -> ()
# 84| getBody(): [BraceStmt] { ... }
# 85| getElement(0): [AssignExpr] ... = ...
@@ -524,7 +526,7 @@ closures.swift:
# 85| getCapture(0): [CapturedDecl] y
# 85| getCapture(1): [CapturedDecl] x
# 88| getCapture(2): [CapturedDecl] b()
# 92| getElement(3): [NamedFunction] b()
# 92| getElement(2): [NamedFunction] b()
# 92| InterfaceType = () -> ()
# 92| getBody(): [BraceStmt] { ... }
# 93| getElement(0): [AssignExpr] ... = ...
@@ -585,18 +587,16 @@ closures.swift:
# 93| getCapture(0): [CapturedDecl] y
# 93| getCapture(1): [CapturedDecl] x
# 96| getCapture(2): [CapturedDecl] a()
# 100| getElement(4): [ReturnStmt] return ...
# 100| getElement(3): [ReturnStmt] return ...
# 100| getResult(): [DeclRefExpr] a()
# 85| getCapture(0): [CapturedDecl] y
# 103| getElement(3): [PatternBindingDecl] var ... = ...
# 103| getElement(2): [PatternBindingDecl] var ... = ...
# 103| getInit(0): [CallExpr] call to f()
# 103| getFunction(): [DeclRefExpr] f()
# 103| getPattern(0): [NamedPattern] a
# 103| getElement(4): [ConcreteVarDecl] a
# 103| Type = () -> Void
# 104| getElement(5): [CallExpr] call to ...
# 104| getElement(3): [CallExpr] call to ...
# 104| getFunction(): [DeclRefExpr] a
# 105| getElement(6): [ReturnStmt] return ...
# 105| getElement(4): [ReturnStmt] return ...
# 105| getResult(): [DeclRefExpr] y
# 105| getResult().getFullyConverted(): [LoadExpr] (Int) ...
# 105| [Comment] // 58341
@@ -604,16 +604,22 @@ closures.swift:
# 108| [NamedFunction] sharedCapture()
# 108| InterfaceType = () -> Int
# 108| getBody(): [BraceStmt] { ... }
# 109| getVariable(0): [ConcreteVarDecl] incrX
# 109| Type = () -> ()
# 109| getVariable(1): [ConcreteVarDecl] getX
# 109| Type = () -> Int
# 114| getVariable(2): [ConcreteVarDecl] doubleIncrX
# 114| Type = () -> ()
# 109| getElement(0): [PatternBindingDecl] var ... = ...
# 109| getInit(0): [CallExpr] call to ...
# 109| getFunction(): [ExplicitClosureExpr] { ... }
# 109| getBody(): [BraceStmt] { ... }
# 110| getVariable(0): [ConcreteVarDecl] x
# 110| Type = Int
# 110| getElement(0): [PatternBindingDecl] var ... = ...
# 110| getInit(0): [IntegerLiteralExpr] 0
# 110| getPattern(0): [NamedPattern] x
# 110| getElement(1): [ConcreteVarDecl] x
# 110| Type = Int
# 111| getElement(2): [ReturnStmt] return ...
# 111| getElement(1): [ReturnStmt] return ...
# 111| getResult(): [TupleExpr] (...)
# 111| getElement(0): [ExplicitClosureExpr] { ... }
# 111| getBody(): [BraceStmt] { ... }
@@ -638,11 +644,7 @@ closures.swift:
# 109| getPattern(0): [TuplePattern] (...)
# 109| getElement(0): [NamedPattern] incrX
# 109| getElement(1): [NamedPattern] getX
# 109| getElement(1): [ConcreteVarDecl] incrX
# 109| Type = () -> ()
# 109| getElement(2): [ConcreteVarDecl] getX
# 109| Type = () -> Int
# 114| getElement(3): [PatternBindingDecl] var ... = ...
# 114| getElement(1): [PatternBindingDecl] var ... = ...
# 114| getInit(0): [ExplicitClosureExpr] { ... }
# 114| getBody(): [BraceStmt] { ... }
# 115| getElement(0): [CallExpr] call to ...
@@ -651,13 +653,11 @@ closures.swift:
# 116| getFunction(): [DeclRefExpr] incrX
# 115| getCapture(0): [CapturedDecl] incrX
# 114| getPattern(0): [NamedPattern] doubleIncrX
# 114| getElement(4): [ConcreteVarDecl] doubleIncrX
# 114| Type = () -> ()
# 119| getElement(5): [CallExpr] call to ...
# 119| getElement(2): [CallExpr] call to ...
# 119| getFunction(): [DeclRefExpr] doubleIncrX
# 120| getElement(6): [CallExpr] call to ...
# 120| getElement(3): [CallExpr] call to ...
# 120| getFunction(): [DeclRefExpr] doubleIncrX
# 121| getElement(7): [ReturnStmt] return ...
# 121| getElement(4): [ReturnStmt] return ...
# 121| getResult(): [CallExpr] call to ...
# 121| getFunction(): [DeclRefExpr] getX
# 121| [Comment] // 4
@@ -688,12 +688,20 @@ closures.swift:
# 127| [NamedFunction] sharedCaptureMultipleWriters()
# 127| InterfaceType = () -> ()
# 127| getBody(): [BraceStmt] { ... }
# 128| getVariable(0): [ConcreteVarDecl] x
# 128| Type = Int
# 130| getVariable(1): [ConcreteVarDecl] callSink
# 130| Type = () -> ()
# 132| getVariable(2): [ConcreteVarDecl] makeSetter
# 132| Type = (Int) -> () -> ()
# 137| getVariable(3): [ConcreteVarDecl] goodSetter
# 137| Type = () -> ()
# 138| getVariable(4): [ConcreteVarDecl] badSetter
# 138| Type = () -> ()
# 128| getElement(0): [PatternBindingDecl] var ... = ...
# 128| getInit(0): [IntegerLiteralExpr] 123
# 128| getPattern(0): [NamedPattern] x
# 128| getElement(1): [ConcreteVarDecl] x
# 128| Type = Int
# 130| getElement(2): [PatternBindingDecl] var ... = ...
# 130| getElement(1): [PatternBindingDecl] var ... = ...
# 130| getInit(0): [ExplicitClosureExpr] { ... }
# 130| getBody(): [BraceStmt] { ... }
# 130| getElement(0): [ReturnStmt] return ...
@@ -704,13 +712,13 @@ closures.swift:
# 130| getExpr().getFullyConverted(): [LoadExpr] (Int) ...
# 130| getCapture(0): [CapturedDecl] x
# 130| getPattern(0): [NamedPattern] callSink
# 130| getElement(3): [ConcreteVarDecl] callSink
# 130| Type = () -> ()
# 132| getElement(4): [PatternBindingDecl] var ... = ...
# 132| getElement(2): [PatternBindingDecl] var ... = ...
# 132| getInit(0): [ExplicitClosureExpr] { ... }
# 132| getParam(0): [ParamDecl] y
# 132| Type = Int
# 132| getBody(): [BraceStmt] { ... }
# 133| getVariable(0): [ConcreteVarDecl] setter
# 133| Type = () -> ()
# 133| getElement(0): [PatternBindingDecl] var ... = ...
# 133| getInit(0): [ExplicitClosureExpr] { ... }
# 133| getBody(): [BraceStmt] { ... }
@@ -721,47 +729,45 @@ closures.swift:
# 133| getCapture(0): [CapturedDecl] x
# 133| getCapture(1): [CapturedDecl] y
# 133| getPattern(0): [NamedPattern] setter
# 133| getElement(1): [ConcreteVarDecl] setter
# 133| Type = () -> ()
# 134| getElement(2): [ReturnStmt] return ...
# 134| getElement(1): [ReturnStmt] return ...
# 134| getResult(): [DeclRefExpr] setter
# 133| getCapture(0): [CapturedDecl] x
# 132| getPattern(0): [NamedPattern] makeSetter
# 132| getElement(5): [ConcreteVarDecl] makeSetter
# 132| Type = (Int) -> () -> ()
# 137| getElement(6): [PatternBindingDecl] var ... = ...
# 137| getElement(3): [PatternBindingDecl] var ... = ...
# 137| getInit(0): [CallExpr] call to ...
# 137| getFunction(): [DeclRefExpr] makeSetter
# 137| getArgument(0): [Argument] : 42
# 137| getExpr(): [IntegerLiteralExpr] 42
# 137| getPattern(0): [NamedPattern] goodSetter
# 137| getElement(7): [ConcreteVarDecl] goodSetter
# 137| Type = () -> ()
# 138| getElement(8): [PatternBindingDecl] var ... = ...
# 138| getElement(4): [PatternBindingDecl] var ... = ...
# 138| getInit(0): [CallExpr] call to ...
# 138| getFunction(): [DeclRefExpr] makeSetter
# 138| getArgument(0): [Argument] : call to source()
# 138| getExpr(): [CallExpr] call to source()
# 138| getFunction(): [DeclRefExpr] source()
# 138| getPattern(0): [NamedPattern] badSetter
# 138| getElement(9): [ConcreteVarDecl] badSetter
# 138| Type = () -> ()
# 140| getElement(10): [CallExpr] call to ...
# 140| getElement(5): [CallExpr] call to ...
# 140| getFunction(): [DeclRefExpr] goodSetter
# 141| getElement(11): [CallExpr] call to ...
# 141| getElement(6): [CallExpr] call to ...
# 141| getFunction(): [DeclRefExpr] callSink
# 143| getElement(12): [CallExpr] call to ...
# 143| getElement(7): [CallExpr] call to ...
# 143| getFunction(): [DeclRefExpr] badSetter
# 144| getElement(13): [CallExpr] call to ...
# 144| getElement(8): [CallExpr] call to ...
# 144| getFunction(): [DeclRefExpr] callSink
# 147| [NamedFunction] reentrant()
# 147| InterfaceType = () -> Int
# 147| getBody(): [BraceStmt] { ... }
# 167| getVariable(0): [ConcreteVarDecl] h
# 167| Type = (Int) -> Int
# 169| getVariable(1): [ConcreteVarDecl] y
# 169| Type = Int
# 149| getElement(0): [NamedFunction] f(_:)
# 149| InterfaceType = (Int) -> (Int) -> Int
# 149| getParam(0): [ParamDecl] x
# 149| Type = Int
# 149| getBody(): [BraceStmt] { ... }
# 154| getVariable(0): [ConcreteVarDecl] next
# 154| Type = (Int) -> Int
# 150| getElement(0): [IfStmt] if ... then { ... }
# 150| getCondition(): [StmtCondition] StmtCondition
# 150| getElement(0): [ConditionElement] ... .==(_:_:) ...
@@ -797,9 +803,7 @@ closures.swift:
# 154| getArgument(1): [Argument] : 1
# 154| getExpr(): [IntegerLiteralExpr] 1
# 154| getPattern(0): [NamedPattern] next
# 154| getElement(2): [ConcreteVarDecl] next
# 154| Type = (Int) -> Int
# 155| getElement(3): [ReturnStmt] return ...
# 155| getElement(2): [ReturnStmt] return ...
# 155| getResult(): [ExplicitClosureExpr] { ... }
# 155| getParam(0): [ParamDecl] k
# 155| Type = Int
@@ -841,6 +845,8 @@ closures.swift:
# 158| getParam(0): [ParamDecl] x
# 158| Type = Int
# 158| getBody(): [BraceStmt] { ... }
# 163| getVariable(0): [ConcreteVarDecl] next
# 163| Type = (Int) -> Int
# 159| getElement(0): [IfStmt] if ... then { ... }
# 159| getCondition(): [StmtCondition] StmtCondition
# 159| getElement(0): [ConditionElement] ... .==(_:_:) ...
@@ -876,9 +882,7 @@ closures.swift:
# 163| getArgument(1): [Argument] : 1
# 163| getExpr(): [IntegerLiteralExpr] 1
# 163| getPattern(0): [NamedPattern] next
# 163| getElement(2): [ConcreteVarDecl] next
# 163| Type = (Int) -> Int
# 164| getElement(3): [ReturnStmt] return ...
# 164| getElement(2): [ReturnStmt] return ...
# 164| getResult(): [ExplicitClosureExpr] { ... }
# 164| getParam(0): [ParamDecl] k
# 164| Type = Int
@@ -929,23 +933,23 @@ closures.swift:
# 167| getArgument(0): [Argument] : 5
# 167| getExpr(): [IntegerLiteralExpr] 5
# 167| getPattern(0): [NamedPattern] h
# 167| getElement(3): [ConcreteVarDecl] h
# 167| Type = (Int) -> Int
# 169| getElement(4): [PatternBindingDecl] var ... = ...
# 169| getElement(3): [PatternBindingDecl] var ... = ...
# 169| getInit(0): [CallExpr] call to ...
# 169| getFunction(): [DeclRefExpr] h
# 169| getArgument(0): [Argument] : 10
# 169| getExpr(): [IntegerLiteralExpr] 10
# 169| getPattern(0): [NamedPattern] y
# 169| getElement(5): [ConcreteVarDecl] y
# 169| Type = Int
# 171| getElement(6): [ReturnStmt] return ...
# 171| getElement(4): [ReturnStmt] return ...
# 171| getResult(): [DeclRefExpr] y
# 171| [Comment] // 10004003085
# 171|
# 174| [NamedFunction] main()
# 174| InterfaceType = () -> ()
# 174| getBody(): [BraceStmt] { ... }
# 188| getVariable(0): [ConcreteVarDecl] a
# 188| Type = () -> Int
# 189| getVariable(1): [ConcreteVarDecl] b
# 189| Type = () -> Int
# 175| getElement(0): [CallExpr] call to print(_:separator:terminator:)
# 175| getFunction(): [DeclRefExpr] print(_:separator:terminator:)
# 175| getArgument(0): [Argument] : [...]
@@ -1017,15 +1021,11 @@ closures.swift:
# 188| getInit(0): [CallExpr] call to bar()
# 188| getFunction(): [DeclRefExpr] bar()
# 188| getPattern(0): [NamedPattern] a
# 188| getElement(9): [ConcreteVarDecl] a
# 188| Type = () -> Int
# 189| getElement(10): [PatternBindingDecl] var ... = ...
# 189| getElement(9): [PatternBindingDecl] var ... = ...
# 189| getInit(0): [CallExpr] call to baz()
# 189| getFunction(): [DeclRefExpr] baz()
# 189| getPattern(0): [NamedPattern] b
# 189| getElement(11): [ConcreteVarDecl] b
# 189| Type = () -> Int
# 191| getElement(12): [CallExpr] call to print(_:separator:terminator:)
# 191| getElement(10): [CallExpr] call to print(_:separator:terminator:)
# 191| getFunction(): [DeclRefExpr] print(_:separator:terminator:)
# 191| getArgument(0): [Argument] : [...]
# 191| getExpr(): [VarargExpansionExpr] [...]
@@ -1042,7 +1042,7 @@ closures.swift:
# 191| getExpr(): [DefaultArgumentExpr] default separator
# 191| getArgument(2): [Argument] terminator: default terminator
# 191| getExpr(): [DefaultArgumentExpr] default terminator
# 193| getElement(13): [CallExpr] call to print(_:separator:terminator:)
# 193| getElement(11): [CallExpr] call to print(_:separator:terminator:)
# 193| getFunction(): [DeclRefExpr] print(_:separator:terminator:)
# 193| getArgument(0): [Argument] : [...]
# 193| getExpr(): [VarargExpansionExpr] [...]
@@ -1059,13 +1059,13 @@ closures.swift:
# 193| getExpr(): [DefaultArgumentExpr] default separator
# 193| getArgument(2): [Argument] terminator: default terminator
# 193| getExpr(): [DefaultArgumentExpr] default terminator
# 195| getElement(14): [CallExpr] call to ...
# 195| getElement(12): [CallExpr] call to ...
# 195| getFunction(): [ForceValueExpr] ...!
# 195| getSubExpr(): [DeclRefExpr] g
# 195| getSubExpr().getFullyConverted(): [LoadExpr] (((Int) -> Void)?) ...
# 195| getArgument(0): [Argument] : 1
# 195| getExpr(): [IntegerLiteralExpr] 1
# 196| getElement(15): [CallExpr] call to print(_:separator:terminator:)
# 196| getElement(13): [CallExpr] call to print(_:separator:terminator:)
# 196| getFunction(): [DeclRefExpr] print(_:separator:terminator:)
# 196| getArgument(0): [Argument] : [...]
# 196| getExpr(): [VarargExpansionExpr] [...]
@@ -1082,13 +1082,13 @@ closures.swift:
# 196| getExpr(): [DefaultArgumentExpr] default separator
# 196| getArgument(2): [Argument] terminator: default terminator
# 196| getExpr(): [DefaultArgumentExpr] default terminator
# 198| getElement(16): [CallExpr] call to ...
# 198| getElement(14): [CallExpr] call to ...
# 198| getFunction(): [ForceValueExpr] ...!
# 198| getSubExpr(): [DeclRefExpr] g
# 198| getSubExpr().getFullyConverted(): [LoadExpr] (((Int) -> Void)?) ...
# 198| getArgument(0): [Argument] : 1
# 198| getExpr(): [IntegerLiteralExpr] 1
# 199| getElement(17): [CallExpr] call to print(_:separator:terminator:)
# 199| getElement(15): [CallExpr] call to print(_:separator:terminator:)
# 199| getFunction(): [DeclRefExpr] print(_:separator:terminator:)
# 199| getArgument(0): [Argument] : [...]
# 199| getExpr(): [VarargExpansionExpr] [...]
@@ -1105,7 +1105,7 @@ closures.swift:
# 199| getExpr(): [DefaultArgumentExpr] default separator
# 199| getArgument(2): [Argument] terminator: default terminator
# 199| getExpr(): [DefaultArgumentExpr] default terminator
# 201| getElement(18): [CallExpr] call to print(_:separator:terminator:)
# 201| getElement(16): [CallExpr] call to print(_:separator:terminator:)
# 201| getFunction(): [DeclRefExpr] print(_:separator:terminator:)
# 201| getArgument(0): [Argument] : [...]
# 201| getExpr(): [VarargExpansionExpr] [...]
@@ -1119,7 +1119,7 @@ closures.swift:
# 201| getExpr(): [DefaultArgumentExpr] default separator
# 201| getArgument(2): [Argument] terminator: default terminator
# 201| getExpr(): [DefaultArgumentExpr] default terminator
# 203| getElement(19): [CallExpr] call to print(_:separator:terminator:)
# 203| getElement(17): [CallExpr] call to print(_:separator:terminator:)
# 203| getFunction(): [DeclRefExpr] print(_:separator:terminator:)
# 203| getArgument(0): [Argument] : [...]
# 203| getExpr(): [VarargExpansionExpr] [...]
@@ -1133,7 +1133,7 @@ closures.swift:
# 203| getExpr(): [DefaultArgumentExpr] default separator
# 203| getArgument(2): [Argument] terminator: default terminator
# 203| getExpr(): [DefaultArgumentExpr] default terminator
# 205| getElement(20): [CallExpr] call to print(_:separator:terminator:)
# 205| getElement(18): [CallExpr] call to print(_:separator:terminator:)
# 205| getFunction(): [DeclRefExpr] print(_:separator:terminator:)
# 205| getArgument(0): [Argument] : [...]
# 205| getExpr(): [VarargExpansionExpr] [...]
@@ -1144,9 +1144,9 @@ closures.swift:
# 205| getExpr(): [DefaultArgumentExpr] default separator
# 205| getArgument(2): [Argument] terminator: default terminator
# 205| getExpr(): [DefaultArgumentExpr] default terminator
# 206| getElement(21): [CallExpr] call to sharedCaptureMultipleWriters()
# 206| getElement(19): [CallExpr] call to sharedCaptureMultipleWriters()
# 206| getFunction(): [DeclRefExpr] sharedCaptureMultipleWriters()
# 208| getElement(22): [CallExpr] call to print(_:separator:terminator:)
# 208| getElement(20): [CallExpr] call to print(_:separator:terminator:)
# 208| getFunction(): [DeclRefExpr] print(_:separator:terminator:)
# 208| getArgument(0): [Argument] : [...]
# 208| getExpr(): [VarargExpansionExpr] [...]

2
swift/ql/test/extractor-tests/generated/decl/NamedFunction/NamedFunction_getParam.expected
View File

@@ -1,6 +1,6 @@
| functions.swift:5:1:7:1 | bar(_:d:) | 0 | functions.swift:5:10:5:15 | x |
| functions.swift:5:1:7:1 | bar(_:d:) | 1 | functions.swift:5:20:5:25 | y |
| functions.swift:10:5:10:28 | noBody(x:) | 0 | functions.swift:10:17:10:20 | x |
| functions.swift:13:1:15:1 | variadic(_:) | 0 | functions.swift:13:15:13:23 | ints |
| functions.swift:13:1:15:1 | variadic(_:) | 0 | functions.swift:13:15:13:26 | ints |
| functions.swift:17:1:19:1 | generic(x:y:) | 0 | functions.swift:17:20:17:23 | x |
| functions.swift:17:1:19:1 | generic(x:y:) | 1 | functions.swift:17:26:17:29 | y |

4
swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/CONSISTENCY/PrintAstConsistency.expected
View File

@@ -1,3 +1,3 @@
doubleIndexes
| method_lookups.swift:44:13:44:13 | [AutoClosureExpr] { ... } | 2 | getParam(0) | 4 | getParam(1) | file://:0:0:0:0 | [ParamDecl] argument |
| method_lookups.swift:44:13:44:13 | [AutoClosureExpr] { ... } | 4 | getParam(1) | 2 | getParam(0) | file://:0:0:0:0 | [ParamDecl] argument |
| method_lookups.swift:44:11:44:13 | [AutoClosureExpr] { ... } | 2 | getParam(0) | 4 | getParam(1) | file://:0:0:0:0 | [ParamDecl] argument |
| method_lookups.swift:44:11:44:13 | [AutoClosureExpr] { ... } | 4 | getParam(1) | 2 | getParam(0) | file://:0:0:0:0 | [ParamDecl] argument |

9
swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/MethodLookupExpr.expected
View File

@@ -9,8 +9,7 @@
| method_lookups.swift:33:3:33:5 | .bar() | hasType: | yes | getBase: | method_lookups.swift:33:3:33:3 | X.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:33:5:33:5 | bar() |
| method_lookups.swift:34:3:34:3 | X.init() | hasType: | yes | getBase: | method_lookups.swift:34:3:34:3 | X.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:34:3:34:3 | X.init() |
| method_lookups.swift:34:3:34:7 | .baz(_:) | hasType: | yes | getBase: | method_lookups.swift:34:3:34:5 | call to X.init() | hasMember: | yes | getMethodRef: | method_lookups.swift:34:7:34:7 | baz(_:) |
| method_lookups.swift:36:11:36:13 | (no string representation) | hasType: | yes | getBase: | method_lookups.swift:36:11:36:11 | X.Type | hasMember: | no | getMethodRef: | method_lookups.swift:36:13:36:13 | { ... } |
| method_lookups.swift:36:13:36:13 | .bar() | hasType: | yes | getBase: | file://:0:0:0:0 | self | hasMember: | yes | getMethodRef: | method_lookups.swift:36:13:36:13 | bar() |
| method_lookups.swift:36:11:36:13 | .bar() | hasType: | yes | getBase: | method_lookups.swift:36:11:36:11 | X.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:36:13:36:13 | bar() |
| method_lookups.swift:37:11:37:11 | X.init() | hasType: | yes | getBase: | method_lookups.swift:37:11:37:11 | X.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:37:11:37:11 | X.init() |
| method_lookups.swift:37:11:37:15 | (no string representation) | hasType: | yes | getBase: | method_lookups.swift:37:11:37:13 | call to X.init() | hasMember: | no | getMethodRef: | method_lookups.swift:37:15:37:15 | { ... } |
| method_lookups.swift:37:15:37:15 | .baz(_:) | hasType: | yes | getBase: | file://:0:0:0:0 | self | hasMember: | yes | getMethodRef: | method_lookups.swift:37:15:37:15 | baz(_:) |
@@ -18,15 +17,13 @@
| method_lookups.swift:41:3:41:5 | .foo(_:_:) | hasType: | yes | getBase: | method_lookups.swift:41:3:41:3 | Y.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:41:5:41:5 | foo(_:_:) |
| method_lookups.swift:42:9:42:9 | Y.init() | hasType: | yes | getBase: | method_lookups.swift:42:9:42:9 | Y.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:42:9:42:9 | Y.init() |
| method_lookups.swift:42:9:42:13 | .baz(_:) | hasType: | yes | getBase: | method_lookups.swift:42:9:42:11 | call to Y.init() | hasMember: | yes | getMethodRef: | method_lookups.swift:42:13:42:13 | baz(_:) |
| method_lookups.swift:44:11:44:13 | (no string representation) | hasType: | yes | getBase: | method_lookups.swift:44:11:44:11 | Y.Type | hasMember: | no | getMethodRef: | method_lookups.swift:44:13:44:13 | { ... } |
| method_lookups.swift:44:13:44:13 | .foo(_:_:) | hasType: | yes | getBase: | file://:0:0:0:0 | self | hasMember: | yes | getMethodRef: | method_lookups.swift:44:13:44:13 | foo(_:_:) |
| method_lookups.swift:44:11:44:13 | .foo(_:_:) | hasType: | yes | getBase: | method_lookups.swift:44:11:44:11 | Y.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:44:13:44:13 | foo(_:_:) |
| method_lookups.swift:47:1:47:1 | Task<Success, Never>.init(priority:operation:) | hasType: | yes | getBase: | method_lookups.swift:47:1:47:1 | Task<(), Never>.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:47:1:47:1 | Task<Success, Never>.init(priority:operation:) |
| method_lookups.swift:48:9:48:11 | .foo(_:_:) | hasType: | yes | getBase: | method_lookups.swift:48:9:48:9 | Z.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:48:11:48:11 | foo(_:_:) |
| method_lookups.swift:49:9:49:11 | .bar() | hasType: | yes | getBase: | method_lookups.swift:49:9:49:9 | Z.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:49:11:49:11 | bar() |
| method_lookups.swift:50:9:50:9 | Z.init() | hasType: | yes | getBase: | method_lookups.swift:50:9:50:9 | Z.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:50:9:50:9 | Z.init() |
| method_lookups.swift:50:9:50:13 | .baz(_:) | hasType: | yes | getBase: | method_lookups.swift:50:9:50:11 | call to Z.init() | hasMember: | yes | getMethodRef: | method_lookups.swift:50:13:50:13 | baz(_:) |
| method_lookups.swift:52:11:52:13 | (no string representation) | hasType: | yes | getBase: | method_lookups.swift:52:11:52:11 | Z.Type | hasMember: | no | getMethodRef: | method_lookups.swift:52:13:52:13 | { ... } |
| method_lookups.swift:52:13:52:13 | .bar() | hasType: | yes | getBase: | file://:0:0:0:0 | self | hasMember: | yes | getMethodRef: | method_lookups.swift:52:13:52:13 | bar() |
| method_lookups.swift:52:11:52:13 | .bar() | hasType: | yes | getBase: | method_lookups.swift:52:11:52:11 | Z.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:52:13:52:13 | bar() |
| method_lookups.swift:53:11:53:23 | (no string representation) | hasType: | yes | getBase: | method_lookups.swift:53:18:53:20 | call to Z.init() | hasMember: | no | getMethodRef: | method_lookups.swift:53:23:53:23 | { ... } |
| method_lookups.swift:53:18:53:18 | Z.init() | hasType: | yes | getBase: | method_lookups.swift:53:18:53:18 | Z.Type | hasMember: | yes | getMethodRef: | method_lookups.swift:53:18:53:18 | Z.init() |
| method_lookups.swift:53:23:53:23 | .baz(_:) | hasType: | yes | getBase: | file://:0:0:0:0 | self | hasMember: | yes | getMethodRef: | method_lookups.swift:53:23:53:23 | baz(_:) |

6
swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/MethodLookupExpr_getMember.expected
View File

@@ -6,19 +6,19 @@
| method_lookups.swift:33:3:33:5 | .bar() | method_lookups.swift:3:3:3:21 | bar() |
| method_lookups.swift:34:3:34:3 | X.init() | method_lookups.swift:6:3:8:3 | X.init() |
| method_lookups.swift:34:3:34:7 | .baz(_:) | method_lookups.swift:4:3:4:21 | baz(_:) |
| method_lookups.swift:36:13:36:13 | .bar() | method_lookups.swift:3:3:3:21 | bar() |
| method_lookups.swift:36:11:36:13 | .bar() | method_lookups.swift:3:3:3:21 | bar() |
| method_lookups.swift:37:11:37:11 | X.init() | method_lookups.swift:6:3:8:3 | X.init() |
| method_lookups.swift:37:15:37:15 | .baz(_:) | method_lookups.swift:4:3:4:21 | baz(_:) |
| method_lookups.swift:40:1:40:1 | Task<Success, Never>.init(priority:operation:) | file://:0:0:0:0 | Task<Success, Never>.init(priority:operation:) |
| method_lookups.swift:41:3:41:5 | .foo(_:_:) | method_lookups.swift:12:3:12:35 | foo(_:_:) |
| method_lookups.swift:42:9:42:9 | Y.init() | method_lookups.swift:15:3:17:3 | Y.init() |
| method_lookups.swift:42:9:42:13 | .baz(_:) | method_lookups.swift:13:3:13:21 | baz(_:) |
| method_lookups.swift:44:13:44:13 | .foo(_:_:) | method_lookups.swift:12:3:12:35 | foo(_:_:) |
| method_lookups.swift:44:11:44:13 | .foo(_:_:) | method_lookups.swift:12:3:12:35 | foo(_:_:) |
| method_lookups.swift:47:1:47:1 | Task<Success, Never>.init(priority:operation:) | file://:0:0:0:0 | Task<Success, Never>.init(priority:operation:) |
| method_lookups.swift:48:9:48:11 | .foo(_:_:) | method_lookups.swift:22:3:22:35 | foo(_:_:) |
| method_lookups.swift:49:9:49:11 | .bar() | method_lookups.swift:23:3:23:21 | bar() |
| method_lookups.swift:50:9:50:9 | Z.init() | method_lookups.swift:26:3:28:3 | Z.init() |
| method_lookups.swift:50:9:50:13 | .baz(_:) | method_lookups.swift:24:3:24:21 | baz(_:) |
| method_lookups.swift:52:13:52:13 | .bar() | method_lookups.swift:23:3:23:21 | bar() |
| method_lookups.swift:52:11:52:13 | .bar() | method_lookups.swift:23:3:23:21 | bar() |
| method_lookups.swift:53:18:53:18 | Z.init() | method_lookups.swift:26:3:28:3 | Z.init() |
| method_lookups.swift:53:23:53:23 | .baz(_:) | method_lookups.swift:24:3:24:21 | baz(_:) |

9
swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/MethodLookupExpr_getType.expected
View File

@@ -9,8 +9,7 @@
| method_lookups.swift:33:3:33:5 | .bar() | () -> () |
| method_lookups.swift:34:3:34:3 | X.init() | () -> X |
| method_lookups.swift:34:3:34:7 | .baz(_:) | (Int) -> () |
| method_lookups.swift:36:11:36:13 | (no string representation) | () -> () |
| method_lookups.swift:36:13:36:13 | .bar() | () -> () |
| method_lookups.swift:36:11:36:13 | .bar() | () -> () |
| method_lookups.swift:37:11:37:11 | X.init() | () -> X |
| method_lookups.swift:37:11:37:15 | (no string representation) | (Int) -> () |
| method_lookups.swift:37:15:37:15 | .baz(_:) | (Int) -> () |
@@ -18,15 +17,13 @@
| method_lookups.swift:41:3:41:5 | .foo(_:_:) | (Int, Int) -> () |
| method_lookups.swift:42:9:42:9 | Y.init() | () -> Y |
| method_lookups.swift:42:9:42:13 | .baz(_:) | (Int) -> () |
| method_lookups.swift:44:11:44:13 | (no string representation) | (Int, Int) -> () |
| method_lookups.swift:44:13:44:13 | .foo(_:_:) | (Int, Int) -> () |
| method_lookups.swift:44:11:44:13 | .foo(_:_:) | (Int, Int) -> () |
| method_lookups.swift:47:1:47:1 | Task<Success, Never>.init(priority:operation:) | (TaskPriority?, __owned @escaping @Sendable () async -> ()) -> Task<(), Never> |
| method_lookups.swift:48:9:48:11 | .foo(_:_:) | @MainActor (Int, Int) -> () |
| method_lookups.swift:49:9:49:11 | .bar() | @MainActor () -> () |
| method_lookups.swift:50:9:50:9 | Z.init() | @MainActor () -> Z |
| method_lookups.swift:50:9:50:13 | .baz(_:) | @MainActor (Int) -> () |
| method_lookups.swift:52:11:52:13 | (no string representation) | @MainActor () -> () |
| method_lookups.swift:52:13:52:13 | .bar() | () -> () |
| method_lookups.swift:52:11:52:13 | .bar() | () -> () |
| method_lookups.swift:53:11:53:23 | (no string representation) | @MainActor (Int) -> () |
| method_lookups.swift:53:18:53:18 | Z.init() | @MainActor () -> Z |
| method_lookups.swift:53:23:53:23 | .baz(_:) | (Int) -> () |

4
swift/ql/test/extractor-tests/run_under/Strings.expected
View File

@@ -1,2 +1,2 @@
| run_under: $CODEQL_EXTRACTOR_SWIFT_ROOT/tools/$CODEQL_PLATFORM/extractor -sdk $CODEQL_EXTRACTOR_SWIFT_ROOT/qltest/$CODEQL_PLATFORM/sdk -c -primary-file filtered_in.swift |
| run_under: $CODEQL_EXTRACTOR_SWIFT_ROOT/tools/$CODEQL_PLATFORM/extractor -sdk $CODEQL_EXTRACTOR_SWIFT_ROOT/qltest/$CODEQL_PLATFORM/sdk -c -primary-file unfiltered.swift |
| run_under: $CODEQL_EXTRACTOR_SWIFT_ROOT/tools/$CODEQL_PLATFORM/extractor -sdk $CODEQL_EXTRACTOR_SWIFT_ROOT/qltest/$CODEQL_PLATFORM/sdk -resource-dir $CODEQL_EXTRACTOR_SWIFT_ROOT/resource-dir/$CODEQL_PLATFORM -c -primary-file filtered_in.swift |
| run_under: $CODEQL_EXTRACTOR_SWIFT_ROOT/tools/$CODEQL_PLATFORM/extractor -sdk $CODEQL_EXTRACTOR_SWIFT_ROOT/qltest/$CODEQL_PLATFORM/sdk -resource-dir $CODEQL_EXTRACTOR_SWIFT_ROOT/resource-dir/$CODEQL_PLATFORM -c -primary-file unfiltered.swift |

256
swift/ql/test/extractor-tests/updates/PrintAst.expected Normal file
View File

@@ -0,0 +1,256 @@
v5.8.swift:
# 1| [Comment] // https://github.com/apple/swift/blob/main/CHANGELOG.md#swift-58
# 1|
# 4| [StructDecl] Temperature
# 5| getMember(0): [PatternBindingDecl] var ... = ...
# 5| getPattern(0): [TypedPattern] ... as ...
# 5| getSubPattern(): [NamedPattern] degreesCelsius
# 5| getTypeRepr(): [TypeRepr] Double
# 5| getMember(1): [ConcreteVarDecl] degreesCelsius
# 5| Type = Double
# 5| getAccessor(0): [Accessor] get
# 5| InterfaceType = (Temperature) -> () -> Double
# 5| getSelfParam(): [ParamDecl] self
# 5| Type = Temperature
# 5| getBody(): [BraceStmt] { ... }
#-----| getElement(0): [ReturnStmt] return ...
#-----| getResult(): [MemberRefExpr] .degreesCelsius
#-----| getBase(): [DeclRefExpr] self
# 5| getAccessor(1): [Accessor] set
# 5| InterfaceType = (inout Temperature) -> (Double) -> ()
# 5| getSelfParam(): [ParamDecl] self
# 5| Type = Temperature
# 5| getParam(0): [ParamDecl] value
# 5| Type = Double
# 5| getBody(): [BraceStmt] { ... }
#-----| getElement(0): [AssignExpr] ... = ...
#-----| getDest(): [MemberRefExpr] .degreesCelsius
#-----| getBase(): [DeclRefExpr] self
#-----| getSource(): [DeclRefExpr] value
# 5| getAccessor(2): [Accessor] _modify
# 5| InterfaceType = (inout Temperature) -> () -> ()
# 5| getSelfParam(): [ParamDecl] self
# 5| Type = Temperature
# 5| getBody(): [BraceStmt] { ... }
# 5| getElement(0): [YieldStmt] yield ...
#-----| getResult(0): [InOutExpr] &...
#-----| getSubExpr(): [MemberRefExpr] .degreesCelsius
#-----| getBase(): [DeclRefExpr] self
# 4| getMember(2): [Initializer] Temperature.init(degreesCelsius:)
# 4| InterfaceType = (Temperature.Type) -> (Double) -> Temperature
# 4| getSelfParam(): [ParamDecl] self
# 4| Type = Temperature
# 4| getParam(0): [ParamDecl] degreesCelsius
# 4| Type = Double
# 7| [Comment] // ...
# 7|
# 10| [ExtensionDecl] extension of Temperature
# 13| getMember(0): [PatternBindingDecl] var ... = ...
# 13| getPattern(0): [TypedPattern] ... as ...
# 13| getSubPattern(): [NamedPattern] degreesFahrenheit
# 13| getTypeRepr(): [TypeRepr] Double
# 13| getMember(1): [ConcreteVarDecl] degreesFahrenheit
# 13| Type = Double
# 13| getAccessor(0): [Accessor] get
# 13| InterfaceType = (Temperature) -> () -> Double
# 13| getSelfParam(): [ParamDecl] self
# 13| Type = Temperature
# 13| getBody(): [BraceStmt] { ... }
# 14| getElement(0): [ReturnStmt] return ...
# 14| getResult(): [BinaryExpr] ... .+(_:_:) ...
# 14| getFunction(): [MethodLookupExpr] .+(_:_:)
# 14| getBase(): [TypeExpr] Double.Type
# 14| getTypeRepr(): [TypeRepr] Double
# 14| getMethodRef(): [DeclRefExpr] +(_:_:)
# 14| getArgument(0): [Argument] : ... ./(_:_:) ...
# 14| getExpr(): [BinaryExpr] ... ./(_:_:) ...
# 14| getFunction(): [MethodLookupExpr] ./(_:_:)
# 14| getBase(): [TypeExpr] Double.Type
# 14| getTypeRepr(): [TypeRepr] Double
# 14| getMethodRef(): [DeclRefExpr] /(_:_:)
# 14| getArgument(0): [Argument] : ... .*(_:_:) ...
# 14| getExpr(): [BinaryExpr] ... .*(_:_:) ...
# 14| getFunction(): [MethodLookupExpr] .*(_:_:)
# 14| getBase(): [TypeExpr] Double.Type
# 14| getTypeRepr(): [TypeRepr] Double
# 14| getMethodRef(): [DeclRefExpr] *(_:_:)
# 14| getArgument(0): [Argument] : .degreesCelsius
# 14| getExpr(): [MemberRefExpr] .degreesCelsius
# 14| getBase(): [DeclRefExpr] self
# 14| getArgument(1): [Argument] : 9
# 14| getExpr(): [IntegerLiteralExpr] 9
# 14| getArgument(1): [Argument] : 5
# 14| getExpr(): [IntegerLiteralExpr] 5
# 14| getExpr().getFullyConverted(): [ParenExpr] (...)
# 14| getArgument(1): [Argument] : 32
# 14| getExpr(): [IntegerLiteralExpr] 32
# 18| [NamedFunction] collectionDowncast(_:)
# 18| InterfaceType = ([Any]) -> ()
# 18| getParam(0): [ParamDecl] arr
# 18| Type = [Any]
# 18| getBody(): [BraceStmt] { ... }
# 19| getElement(0): [SwitchStmt] switch arr { ... }
# 19| getExpr(): [DeclRefExpr] arr
# 20| getCase(0): [CaseStmt] case ...
# 21| getBody(): [BraceStmt] { ... }
# 21| getElement(0): [IntegerLiteralExpr] 0
# 20| getLabel(0): [CaseLabelItem] ... is ...
# 20| getPattern(): [IsPattern] ... is ...
# 20| getCastTypeRepr(): [TypeRepr] [Int]
# 20| getSubPattern(): [NamedPattern] ints
# 20| getPattern().getFullyUnresolved(): [BindingPattern] let ...
# 22| getCase(1): [CaseStmt] case ...
# 23| getBody(): [BraceStmt] { ... }
# 23| getElement(0): [IntegerLiteralExpr] 1
# 22| getLabel(0): [CaseLabelItem] ... is ...
# 22| getPattern(): [IsPattern] ... is ...
# 22| getCastTypeRepr(): [TypeRepr] [Bool]
# 24| getCase(2): [CaseStmt] case ...
# 25| getBody(): [BraceStmt] { ... }
# 25| getElement(0): [IntegerLiteralExpr] 2
# 24| getLabel(0): [CaseLabelItem] _
# 24| getPattern(): [AnyPattern] _
# 20| [ConcreteVarDecl] ints
# 20| Type = [Int]
# 29| [StructDecl] Button
# 30| getMember(0): [PatternBindingDecl] var ... = ...
#-----| getInit(0): [NilLiteralExpr] nil
# 30| getPattern(0): [TypedPattern] ... as ...
# 30| getSubPattern(): [NamedPattern] tapHandler
# 30| getTypeRepr(): [TypeRepr] (() -> ())?
# 30| getMember(1): [ConcreteVarDecl] tapHandler
# 30| Type = (() -> ())?
# 30| getAccessor(0): [Accessor] get
# 30| InterfaceType = (Button) -> () -> (() -> ())?
# 30| getSelfParam(): [ParamDecl] self
# 30| Type = Button
# 30| getBody(): [BraceStmt] { ... }
#-----| getElement(0): [ReturnStmt] return ...
#-----| getResult(): [MemberRefExpr] .tapHandler
#-----| getBase(): [DeclRefExpr] self
# 30| getAccessor(1): [Accessor] set
# 30| InterfaceType = (inout Button) -> ((() -> ())?) -> ()
# 30| getSelfParam(): [ParamDecl] self
# 30| Type = Button
# 30| getParam(0): [ParamDecl] value
# 30| Type = (() -> ())?
# 30| getBody(): [BraceStmt] { ... }
#-----| getElement(0): [AssignExpr] ... = ...
#-----| getDest(): [MemberRefExpr] .tapHandler
#-----| getBase(): [DeclRefExpr] self
#-----| getSource(): [DeclRefExpr] value
# 30| getAccessor(2): [Accessor] _modify
# 30| InterfaceType = (inout Button) -> () -> ()
# 30| getSelfParam(): [ParamDecl] self
# 30| Type = Button
# 30| getBody(): [BraceStmt] { ... }
# 30| getElement(0): [YieldStmt] yield ...
#-----| getResult(0): [InOutExpr] &...
#-----| getSubExpr(): [MemberRefExpr] .tapHandler
#-----| getBase(): [DeclRefExpr] self
# 29| getMember(2): [Initializer] Button.init()
# 29| InterfaceType = (Button.Type) -> () -> Button
# 29| getSelfParam(): [ParamDecl] self
# 29| Type = Button
# 29| getBody(): [BraceStmt] { ... }
# 29| getElement(0): [ReturnStmt] return
# 29| getMember(3): [Initializer] Button.init(tapHandler:)
# 29| InterfaceType = (Button.Type) -> ((() -> ())?) -> Button
# 29| getSelfParam(): [ParamDecl] self
# 29| Type = Button
# 29| getParam(0): [ParamDecl] tapHandler
# 29| Type = (() -> ())?
# 33| [ClassDecl] ViewController
# 34| getMember(0): [PatternBindingDecl] var ... = ...
# 34| getInit(0): [CallExpr] call to Button.init()
# 34| getFunction(): [MethodLookupExpr] Button.init()
# 34| getBase(): [TypeExpr] Button.Type
# 34| getTypeRepr(): [TypeRepr] Button
# 34| getMethodRef(): [DeclRefExpr] Button.init()
# 34| getPattern(0): [TypedPattern] ... as ...
# 34| getSubPattern(): [NamedPattern] button
# 34| getTypeRepr(): [TypeRepr] Button
# 34| getMember(1): [ConcreteVarDecl] button
# 34| Type = Button
# 34| getAccessor(0): [Accessor] get
# 34| InterfaceType = (ViewController) -> () -> Button
# 34| getSelfParam(): [ParamDecl] self
# 34| Type = ViewController
# 34| getBody(): [BraceStmt] { ... }
#-----| getElement(0): [ReturnStmt] return ...
#-----| getResult(): [MemberRefExpr] .button
#-----| getBase(): [DeclRefExpr] self
# 34| getAccessor(1): [Accessor] set
# 34| InterfaceType = (ViewController) -> (Button) -> ()
# 34| getSelfParam(): [ParamDecl] self
# 34| Type = ViewController
# 34| getParam(0): [ParamDecl] value
# 34| Type = Button
# 34| getBody(): [BraceStmt] { ... }
#-----| getElement(0): [AssignExpr] ... = ...
#-----| getDest(): [MemberRefExpr] .button
#-----| getBase(): [DeclRefExpr] self
#-----| getSource(): [DeclRefExpr] value
# 34| getAccessor(2): [Accessor] _modify
# 34| InterfaceType = (ViewController) -> () -> ()
# 34| getSelfParam(): [ParamDecl] self
# 34| Type = ViewController
# 34| getBody(): [BraceStmt] { ... }
# 34| getElement(0): [YieldStmt] yield ...
#-----| getResult(0): [InOutExpr] &...
#-----| getSubExpr(): [MemberRefExpr] .button
#-----| getBase(): [DeclRefExpr] self
# 36| getMember(2): [NamedFunction] setup()
# 36| InterfaceType = (ViewController) -> () -> ()
# 36| getSelfParam(): [ParamDecl] self
# 36| Type = ViewController
# 36| getBody(): [BraceStmt] { ... }
# 37| getElement(0): [AssignExpr] ... = ...
# 37| getDest(): [MemberRefExpr] .tapHandler
# 37| getBase(): [MemberRefExpr] .button
# 37| getBase(): [DeclRefExpr] self
# 37| getSource(): [CaptureListExpr] { ... }
# 37| getBindingDecl(0): [PatternBindingDecl] var ... = ...
# 37| getInit(0): [DeclRefExpr] self
# 37| getInit(0).getFullyConverted(): [InjectIntoOptionalExpr] (ViewController?) ...
# 37| getPattern(0): [NamedPattern] self
# 37| getClosureBody(): [ExplicitClosureExpr] { ... }
# 37| getBody(): [BraceStmt] { ... }
# 38| getElement(0): [GuardStmt] guard ... else { ... }
# 38| getCondition(): [StmtCondition] StmtCondition
# 38| getElement(0): [ConditionElement] let ...? = ...
# 38| getPattern(): [OptionalSomePattern] let ...?
# 38| getSubPattern(): [NamedPattern] self
# 38| getSubPattern().getFullyUnresolved(): [BindingPattern] let ...
# 38| getInitializer(): [DeclRefExpr] self
# 38| getInitializer().getFullyConverted(): [LoadExpr] (ViewController?) ...
# 38| getBody(): [BraceStmt] { ... }
# 38| getElement(0): [ReturnStmt] return
# 39| getElement(1): [CallExpr] call to dismiss()
# 39| getFunction(): [MethodLookupExpr] .dismiss()
# 39| getBase(): [DeclRefExpr] self
# 39| getMethodRef(): [DeclRefExpr] dismiss()
# 38| getCapture(0): [CapturedDecl] self
# 37| getSource().getFullyConverted(): [InjectIntoOptionalExpr] ((() -> ())?) ...
# 43| getMember(3): [NamedFunction] dismiss()
# 43| InterfaceType = (ViewController) -> () -> ()
# 43| getSelfParam(): [ParamDecl] self
# 43| Type = ViewController
# 43| getBody(): [BraceStmt] { ... }
# 33| getMember(4): [Deinitializer] ViewController.deinit()
# 33| InterfaceType = (ViewController) -> () -> ()
# 33| getSelfParam(): [ParamDecl] self
# 33| Type = ViewController
# 33| getBody(): [BraceStmt] { ... }
# 33| getMember(5): [Initializer] ViewController.init()
# 33| InterfaceType = (ViewController.Type) -> () -> ViewController
# 33| getSelfParam(): [ParamDecl] self
# 33| Type = ViewController
# 33| getBody(): [BraceStmt] { ... }
# 33| getElement(0): [ReturnStmt] return
# 37| [ConcreteVarDecl] self
# 37| Type = ViewController?
# 38| [ConcreteVarDecl] self
# 38| Type = ViewController
# 39| [Comment] // refers to `self.dismiss()`
# 39|

1
swift/ql/test/extractor-tests/updates/PrintAst.qlref Normal file
View File

@@ -0,0 +1 @@
library-tests/ast/PrintAst.ql

44
swift/ql/test/extractor-tests/updates/v5.8.swift Normal file
View File

@@ -0,0 +1,44 @@
// https://github.com/apple/swift/blob/main/CHANGELOG.md#swift-58
@available(macOS 12, *)
public struct Temperature {
public var degreesCelsius: Double
// ...
}
extension Temperature {
@available(macOS 12, *)
@backDeployed(before: macOS 13)
public var degreesFahrenheit: Double {
return (degreesCelsius * 9 / 5) + 32
}
}
func collectionDowncast(_ arr: [Any]) {
switch arr {
case let ints as [Int]:
0
case is [Bool]:
1
case _:
2
}
}
struct Button {
var tapHandler: (() -> ())?
}
class ViewController {
var button: Button = Button()
func setup() {
button.tapHandler = { [weak self] in
guard let self else { return }
dismiss() // refers to `self.dismiss()`
}
}
func dismiss() {}
}

692
swift/ql/test/library-tests/ast/PrintAst.expected
View File

File diff suppressed because it is too large Load Diff

196
swift/ql/test/library-tests/controlflow/graph/Cfg.expected
View File

@@ -367,6 +367,7 @@ cfg.swift:
#-----| -> [...]
# 40| OpaqueValueExpr
#-----| -> .appendLiteral(_:)
# 40| TapExpr
#-----| -> "..."
@@ -596,9 +597,6 @@ cfg.swift:
#-----| -> exit callClosures()
# 65| var ... = ...
#-----| -> x1
# 65| x1
#-----| -> x2
# 65| x1
@@ -617,9 +615,6 @@ cfg.swift:
#-----| -> call to createClosure1(s:)
# 66| var ... = ...
#-----| -> x2
# 66| x2
#-----| -> x3
# 66| x2
@@ -641,9 +636,6 @@ cfg.swift:
#-----| -> call to ...
# 67| var ... = ...
#-----| -> x3
# 67| x3
#-----| -> exit callClosures() (normal)
# 67| x3
@@ -681,9 +673,6 @@ cfg.swift:
# 71| var ... = ...
#-----| -> n
# 71| n
#-----| -> n
# 71| n
#-----| match -> ... as ...
@@ -723,9 +712,6 @@ cfg.swift:
#-----| -> nBang
# 76| var ... = ...
#-----| -> nBang
# 76| nBang
#-----| -> n
# 76| nBang
@@ -744,9 +730,6 @@ cfg.swift:
#-----| -> call to maybeParseInt(s:)
# 77| var ... = ...
#-----| -> n
# 77| n
#-----| -> .+(_:_:)
# 77| n
@@ -803,9 +786,6 @@ cfg.swift:
#-----| -> temp
# 82| var ... = ...
#-----| -> temp
# 82| temp
#-----| -> add(a:)
# 82| temp
@@ -894,9 +874,6 @@ cfg.swift:
#-----| -> &...
# 93| var ... = ...
#-----| -> tempOptional
# 93| tempOptional
#-----| -> addOptional(a:)
# 93| tempOptional
@@ -1056,9 +1033,6 @@ cfg.swift:
#-----| -> c
# 110| var ... = ...
#-----| -> c
# 110| c
#-----| -> n1
# 110| c
@@ -1077,9 +1051,6 @@ cfg.swift:
#-----| -> call to C.init(n:)
# 111| var ... = ...
#-----| -> n1
# 111| n1
#-----| -> n2
# 111| n1
@@ -1092,9 +1063,6 @@ cfg.swift:
#-----| -> var ... = ...
# 112| var ... = ...
#-----| -> n2
# 112| n2
#-----| -> n3
# 112| n2
@@ -1110,9 +1078,6 @@ cfg.swift:
#-----| -> var ... = ...
# 113| var ... = ...
#-----| -> n3
# 113| n3
#-----| -> n4
# 113| n3
@@ -1128,9 +1093,6 @@ cfg.swift:
#-----| -> var ... = ...
# 114| var ... = ...
#-----| -> n4
# 114| n4
#-----| -> n5
# 114| n4
@@ -1149,9 +1111,6 @@ cfg.swift:
#-----| -> var ... = ...
# 116| var ... = ...
#-----| -> n5
# 116| n5
#-----| -> n6
# 116| n5
@@ -1164,9 +1123,6 @@ cfg.swift:
#-----| -> var ... = ...
# 117| var ... = ...
#-----| -> n6
# 117| n6
#-----| -> n7
# 117| n6
@@ -1182,9 +1138,6 @@ cfg.swift:
#-----| -> var ... = ...
# 118| var ... = ...
#-----| -> n7
# 118| n7
#-----| -> n8
# 118| n7
@@ -1200,9 +1153,6 @@ cfg.swift:
#-----| -> var ... = ...
# 119| var ... = ...
#-----| -> n8
# 119| n8
#-----| -> n9
# 119| n8
@@ -1221,9 +1171,6 @@ cfg.swift:
#-----| -> var ... = ...
# 121| var ... = ...
#-----| -> n9
# 121| n9
#-----| -> n10
# 121| n9
@@ -1239,9 +1186,6 @@ cfg.swift:
#-----| -> var ... = ...
# 122| var ... = ...
#-----| -> n10
# 122| n10
#-----| -> n11
# 122| n10
@@ -1260,9 +1204,6 @@ cfg.swift:
#-----| -> var ... = ...
# 123| var ... = ...
#-----| -> n11
# 123| n11
#-----| -> n12
# 123| n11
@@ -1281,9 +1222,6 @@ cfg.swift:
#-----| -> var ... = ...
# 124| var ... = ...
#-----| -> n12
# 124| n12
#-----| -> n13
# 124| n12
@@ -1305,9 +1243,6 @@ cfg.swift:
#-----| -> var ... = ...
# 126| var ... = ...
#-----| -> n13
# 126| n13
#-----| -> n14
# 126| n13
@@ -1323,9 +1258,6 @@ cfg.swift:
#-----| -> var ... = ...
# 127| var ... = ...
#-----| -> n14
# 127| n14
#-----| -> n15
# 127| n14
@@ -1344,9 +1276,6 @@ cfg.swift:
#-----| -> var ... = ...
# 128| var ... = ...
#-----| -> n15
# 128| n15
#-----| -> n16
# 128| n15
@@ -1365,9 +1294,6 @@ cfg.swift:
#-----| -> var ... = ...
# 129| var ... = ...
#-----| -> n16
# 129| n16
#-----| -> n17
# 129| n16
@@ -1389,9 +1315,6 @@ cfg.swift:
#-----| -> var ... = ...
# 131| var ... = ...
#-----| -> n17
# 131| n17
#-----| -> n18
# 131| n17
@@ -1413,9 +1336,6 @@ cfg.swift:
#-----| -> (Int?) ...
# 132| var ... = ...
#-----| -> n18
# 132| n18
#-----| -> n19
# 132| n18
@@ -1440,9 +1360,6 @@ cfg.swift:
#-----| -> (Int?) ...
# 133| var ... = ...
#-----| -> n19
# 133| n19
#-----| -> n20
# 133| n19
@@ -1467,9 +1384,6 @@ cfg.swift:
#-----| -> (Int?) ...
# 134| var ... = ...
#-----| -> n20
# 134| n20
#-----| -> exit testMemberRef(param:inoutParam:opt:) (normal)
# 134| n20
@@ -2379,9 +2293,6 @@ cfg.swift:
#-----| -> c
# 244| var ... = ...
#-----| -> c
# 244| c
#-----| -> d
# 244| c
@@ -2403,9 +2314,6 @@ cfg.swift:
#-----| -> ... .+(_:_:) ...
# 245| var ... = ...
#-----| -> d
# 245| d
#-----| -> e
# 245| d
@@ -2427,9 +2335,6 @@ cfg.swift:
#-----| -> ... .-(_:_:) ...
# 246| var ... = ...
#-----| -> e
# 246| e
#-----| -> f
# 246| e
@@ -2451,9 +2356,6 @@ cfg.swift:
#-----| -> ... .*(_:_:) ...
# 247| var ... = ...
#-----| -> f
# 247| f
#-----| -> g
# 247| f
@@ -2475,9 +2377,6 @@ cfg.swift:
#-----| -> ... ./(_:_:) ...
# 248| var ... = ...
#-----| -> g
# 248| g
#-----| -> h
# 248| g
@@ -2499,9 +2398,6 @@ cfg.swift:
#-----| -> ... .%(_:_:) ...
# 249| var ... = ...
#-----| -> h
# 249| h
#-----| -> i
# 249| h
@@ -2523,9 +2419,6 @@ cfg.swift:
#-----| -> ... .&(_:_:) ...
# 250| var ... = ...
#-----| -> i
# 250| i
#-----| -> j
# 250| i
@@ -2547,9 +2440,6 @@ cfg.swift:
#-----| -> ... .|(_:_:) ...
# 251| var ... = ...
#-----| -> j
# 251| j
#-----| -> k
# 251| j
@@ -2571,9 +2461,6 @@ cfg.swift:
#-----| -> ... .^(_:_:) ...
# 252| var ... = ...
#-----| -> k
# 252| k
#-----| -> l
# 252| k
@@ -2595,9 +2482,6 @@ cfg.swift:
#-----| -> ... .<<(_:_:) ...
# 253| var ... = ...
#-----| -> l
# 253| l
#-----| -> o
# 253| l
@@ -2619,9 +2503,6 @@ cfg.swift:
#-----| -> ... .>>(_:_:) ...
# 254| var ... = ...
#-----| -> o
# 254| o
#-----| -> p
# 254| o
@@ -2643,9 +2524,6 @@ cfg.swift:
#-----| -> ... .==(_:_:) ...
# 255| var ... = ...
#-----| -> p
# 255| p
#-----| -> q
# 255| p
@@ -2667,9 +2545,6 @@ cfg.swift:
#-----| -> ... .!=(_:_:) ...
# 256| var ... = ...
#-----| -> q
# 256| q
#-----| -> r
# 256| q
@@ -2691,9 +2566,6 @@ cfg.swift:
#-----| -> ... .<(_:_:) ...
# 257| var ... = ...
#-----| -> r
# 257| r
#-----| -> s
# 257| r
@@ -2715,9 +2587,6 @@ cfg.swift:
#-----| -> ... .<=(_:_:) ...
# 258| var ... = ...
#-----| -> s
# 258| s
#-----| -> t
# 258| s
@@ -2739,9 +2608,6 @@ cfg.swift:
#-----| -> ... .>(_:_:) ...
# 259| var ... = ...
#-----| -> t
# 259| t
#-----| -> exit binaryExprs(a:b:) (normal)
# 259| t
@@ -2789,6 +2655,7 @@ cfg.swift:
#-----| -> return ...
# 263| OpaqueValueExpr
#-----| -> .appendLiteral(_:)
# 263| TapExpr
#-----| -> "..."
@@ -2954,9 +2821,6 @@ cfg.swift:
# 267| var ... = ...
#-----| -> a
# 267| a
#-----| -> a
# 267| a
#-----| match -> 0
@@ -3285,9 +3149,6 @@ cfg.swift:
#-----| -> ... .>>=(_:_:) ...
# 280| var ... = ...
#-----| -> tupleWithA
# 280| tupleWithA
#-----| -> b
# 280| tupleWithA
@@ -3374,9 +3235,6 @@ cfg.swift:
# 282| var ... = ...
#-----| -> b
# 282| b
#-----| -> b
# 282| b
#-----| match -> 0
@@ -3870,38 +3728,23 @@ cfg.swift:
#-----| -> ... .>>(_:_:) ...
# 295| var ... = ...
#-----| -> a1
#-----| -> .+(_:_:)
# 295| (...)
#-----| -> a1
# 295| a1
#-----| -> a2
# 295| a1
#-----| match -> a2
# 295| a2
#-----| -> a3
# 295| a2
#-----| match -> a3
# 295| a3
#-----| -> a4
# 295| a3
#-----| match -> a4
# 295| a4
#-----| -> a5
# 295| a4
#-----| match -> a5
# 295| a5
#-----| -> .+(_:_:)
# 295| a5
#-----| match -> tupleWithA
@@ -4630,9 +4473,6 @@ cfg.swift:
#-----| -> x
# 346| var ... = ...
#-----| -> x
# 346| x
#-----| -> while ... { ... }
# 346| x
@@ -5478,9 +5318,6 @@ cfg.swift:
#-----| -> myLocalVar
# 428| var ... = ...
#-----| -> myLocalVar
# 428| myLocalVar
#-----| -> 0
# 428| myLocalVar
@@ -5690,9 +5527,6 @@ cfg.swift:
#-----| -> kpGet_b_x
# 456| var ... = ...
#-----| -> kpGet_b_x
# 456| kpGet_b_x
#-----| -> kpGet_bs_0_x
# 456| kpGet_b_x
@@ -5719,9 +5553,6 @@ cfg.swift:
#-----| -> #keyPath(...)
# 457| var ... = ...
#-----| -> kpGet_bs_0_x
# 457| kpGet_bs_0_x
#-----| -> kpGet_mayB_force_x
# 457| kpGet_bs_0_x
@@ -5754,9 +5585,6 @@ cfg.swift:
#-----| -> #keyPath(...)
# 458| var ... = ...
#-----| -> kpGet_mayB_force_x
# 458| kpGet_mayB_force_x
#-----| -> kpGet_mayB_x
# 458| kpGet_mayB_force_x
@@ -5786,9 +5614,6 @@ cfg.swift:
#-----| -> #keyPath(...)
# 459| var ... = ...
#-----| -> kpGet_mayB_x
# 459| kpGet_mayB_x
#-----| -> apply_kpGet_b_x
# 459| kpGet_mayB_x
@@ -5817,9 +5642,6 @@ cfg.swift:
# 459| KeyPathComponent
# 461| var ... = ...
#-----| -> apply_kpGet_b_x
# 461| apply_kpGet_b_x
#-----| -> apply_kpGet_bs_0_x
# 461| apply_kpGet_b_x
@@ -5838,9 +5660,6 @@ cfg.swift:
#-----| -> (WritableKeyPath<A, Int>) ...
# 462| var ... = ...
#-----| -> apply_kpGet_bs_0_x
# 462| apply_kpGet_bs_0_x
#-----| -> apply_kpGet_mayB_force_x
# 462| apply_kpGet_bs_0_x
@@ -5859,9 +5678,6 @@ cfg.swift:
#-----| -> (WritableKeyPath<A, Int>) ...
# 463| var ... = ...
#-----| -> apply_kpGet_mayB_force_x
# 463| apply_kpGet_mayB_force_x
#-----| -> apply_kpGet_mayB_x
# 463| apply_kpGet_mayB_force_x
@@ -5880,9 +5696,6 @@ cfg.swift:
#-----| -> (WritableKeyPath<A, Int>) ...
# 464| var ... = ...
#-----| -> apply_kpGet_mayB_x
# 464| apply_kpGet_mayB_x
#-----| -> exit test(a:) (normal)
# 464| apply_kpGet_mayB_x
@@ -5953,9 +5766,6 @@ cfg.swift:
#-----| -> x
# 497| var ... = ...
#-----| -> x
# 497| x
#-----| -> if ... then { ... }
# 497| x

48
swift/ql/test/library-tests/elements/expr/methodlookup/PrintAst.expected
View File

@@ -99,6 +99,8 @@ methodlookup.swift:
# 22| getBody(): [BraceStmt] { ... }
# 22| getElement(0): [DoStmt] do { ... }
# 22| getBody(): [BraceStmt] { ... }
# 23| getVariable(0): [ConcreteVarDecl] foo
# 23| Type = Foo
# 23| getElement(0): [PatternBindingDecl] var ... = ...
# 23| getInit(0): [CallExpr] call to Foo.init()
# 23| getFunction(): [MethodLookupExpr] Foo.init()
@@ -106,20 +108,18 @@ methodlookup.swift:
# 23| getTypeRepr(): [TypeRepr] Foo
# 23| getMethodRef(): [DeclRefExpr] Foo.init()
# 23| getPattern(0): [NamedPattern] foo
# 23| getElement(1): [ConcreteVarDecl] foo
# 23| Type = Foo
# 24| getElement(2): [AssignExpr] ... = ...
# 24| getElement(1): [AssignExpr] ... = ...
# 24| getDest(): [DiscardAssignmentExpr] _
# 24| getSource(): [CallExpr] call to Foo.init()
# 24| getFunction(): [MethodLookupExpr] Foo.init()
# 24| getBase(): [TypeExpr] Foo.Type
# 24| getTypeRepr(): [TypeRepr] Foo
# 24| getMethodRef(): [DeclRefExpr] Foo.init()
# 26| getElement(3): [CallExpr] call to instanceMethod()
# 26| getElement(2): [CallExpr] call to instanceMethod()
# 26| getFunction(): [MethodLookupExpr] .instanceMethod()
# 26| getBase(): [DeclRefExpr] foo
# 26| getMethodRef(): [DeclRefExpr] instanceMethod()
# 27| getElement(4): [CallExpr] call to { ... }
# 27| getElement(3): [CallExpr] call to { ... }
# 27| getFunction(): [CallExpr] call to Foo.instanceMethod()
# 27| getFunction(): [DotSyntaxBaseIgnoredExpr] Foo.instanceMethod()
# 27| getQualifier(): [TypeExpr] Foo.Type
@@ -139,12 +139,12 @@ methodlookup.swift:
#-----| getCapture(0): [CapturedDecl] self
# 27| getArgument(0): [Argument] : foo
# 27| getExpr(): [DeclRefExpr] foo
# 29| getElement(5): [CallExpr] call to classMethod()
# 29| getElement(4): [CallExpr] call to classMethod()
# 29| getFunction(): [MethodLookupExpr] .classMethod()
# 29| getBase(): [TypeExpr] Foo.Type
# 29| getTypeRepr(): [TypeRepr] Foo
# 29| getMethodRef(): [DeclRefExpr] classMethod()
# 30| getElement(6): [CallExpr] call to staticMethod()
# 30| getElement(5): [CallExpr] call to staticMethod()
# 30| getFunction(): [MethodLookupExpr] .staticMethod()
# 30| getBase(): [TypeExpr] Foo.Type
# 30| getTypeRepr(): [TypeRepr] Foo
@@ -161,6 +161,8 @@ methodlookup.swift:
# 33| getArgument(1): [Argument] operation: { ... }
# 33| getExpr(): [ExplicitClosureExpr] { ... }
# 33| getBody(): [BraceStmt] { ... }
# 34| getVariable(0): [ConcreteVarDecl] bar
# 34| Type = Bar
# 34| getElement(0): [PatternBindingDecl] var ... = ...
# 34| getInit(0): [CallExpr] call to Bar.init()
# 34| getFunction(): [MethodLookupExpr] Bar.init()
@@ -168,21 +170,19 @@ methodlookup.swift:
# 34| getTypeRepr(): [TypeRepr] Bar
# 34| getMethodRef(): [DeclRefExpr] Bar.init()
# 34| getPattern(0): [NamedPattern] bar
# 34| getElement(1): [ConcreteVarDecl] bar
# 34| Type = Bar
# 35| getElement(2): [AssignExpr] ... = ...
# 35| getElement(1): [AssignExpr] ... = ...
# 35| getDest(): [DiscardAssignmentExpr] _
# 35| getSource(): [CallExpr] call to Bar.init()
# 35| getFunction(): [MethodLookupExpr] Bar.init()
# 35| getBase(): [TypeExpr] Bar.Type
# 35| getTypeRepr(): [TypeRepr] Bar
# 35| getMethodRef(): [DeclRefExpr] Bar.init()
# 37| getElement(3): [CallExpr] call to instanceMethod()
# 37| getElement(2): [CallExpr] call to instanceMethod()
# 37| getFunction(): [MethodLookupExpr] .instanceMethod()
# 37| getBase(): [DeclRefExpr] bar
# 37| getMethodRef(): [DeclRefExpr] instanceMethod()
# 37| getElement(3).getFullyConverted(): [AwaitExpr] await ...
# 40| getElement(4): [CallExpr] call to staticMethod()
# 37| getElement(2).getFullyConverted(): [AwaitExpr] await ...
# 40| getElement(3): [CallExpr] call to staticMethod()
# 40| getFunction(): [MethodLookupExpr] .staticMethod()
# 40| getBase(): [TypeExpr] Bar.Type
# 40| getTypeRepr(): [TypeRepr] Bar
@@ -202,6 +202,8 @@ methodlookup.swift:
# 43| getArgument(1): [Argument] operation: { ... }
# 43| getExpr(): [ExplicitClosureExpr] { ... }
# 43| getBody(): [BraceStmt] { ... }
# 44| getVariable(0): [ConcreteVarDecl] baz
# 44| Type = Baz
# 44| getElement(0): [PatternBindingDecl] var ... = ...
# 44| getInit(0): [CallExpr] call to Baz.init()
# 44| getFunction(): [MethodLookupExpr] Baz.init()
@@ -211,9 +213,7 @@ methodlookup.swift:
# 44| getMethodRef().getFullyConverted(): [FunctionConversionExpr] ((Baz.Type) -> @MainActor () -> Baz) ...
# 44| getInit(0).getFullyConverted(): [AwaitExpr] await ...
# 44| getPattern(0): [NamedPattern] baz
# 44| getElement(1): [ConcreteVarDecl] baz
# 44| Type = Baz
# 45| getElement(2): [AssignExpr] ... = ...
# 45| getElement(1): [AssignExpr] ... = ...
# 45| getDest(): [DiscardAssignmentExpr] _
# 45| getSource(): [CallExpr] call to Baz.init()
# 45| getFunction(): [MethodLookupExpr] Baz.init()
@@ -222,13 +222,13 @@ methodlookup.swift:
# 45| getMethodRef(): [DeclRefExpr] Baz.init()
# 45| getMethodRef().getFullyConverted(): [FunctionConversionExpr] ((Baz.Type) -> @MainActor () -> Baz) ...
# 45| getSource().getFullyConverted(): [AwaitExpr] await ...
# 47| getElement(3): [CallExpr] call to instanceMethod()
# 47| getElement(2): [CallExpr] call to instanceMethod()
# 47| getFunction(): [MethodLookupExpr] .instanceMethod()
# 47| getBase(): [DeclRefExpr] baz
# 47| getMethodRef(): [DeclRefExpr] instanceMethod()
# 47| getMethodRef().getFullyConverted(): [FunctionConversionExpr] ((Baz) -> @MainActor () -> ()) ...
# 47| getElement(3).getFullyConverted(): [AwaitExpr] await ...
# 48| getElement(4): [CallExpr] call to { ... }
# 47| getElement(2).getFullyConverted(): [AwaitExpr] await ...
# 48| getElement(3): [CallExpr] call to { ... }
# 48| getFunction(): [CallExpr] call to Baz.instanceMethod()
# 48| getFunction(): [DotSyntaxBaseIgnoredExpr] Baz.instanceMethod()
# 48| getQualifier(): [TypeExpr] Baz.Type
@@ -248,21 +248,21 @@ methodlookup.swift:
#-----| getCapture(0): [CapturedDecl] self
# 48| getArgument(0): [Argument] : baz
# 48| getExpr(): [DeclRefExpr] baz
# 48| getElement(4).getFullyConverted(): [AwaitExpr] await ...
# 50| getElement(5): [CallExpr] call to classMethod()
# 48| getElement(3).getFullyConverted(): [AwaitExpr] await ...
# 50| getElement(4): [CallExpr] call to classMethod()
# 50| getFunction(): [MethodLookupExpr] .classMethod()
# 50| getBase(): [TypeExpr] Baz.Type
# 50| getTypeRepr(): [TypeRepr] Baz
# 50| getMethodRef(): [DeclRefExpr] classMethod()
# 50| getMethodRef().getFullyConverted(): [FunctionConversionExpr] ((Baz.Type) -> @MainActor () -> ()) ...
# 50| getElement(5).getFullyConverted(): [AwaitExpr] await ...
# 51| getElement(6): [CallExpr] call to staticMethod()
# 50| getElement(4).getFullyConverted(): [AwaitExpr] await ...
# 51| getElement(5): [CallExpr] call to staticMethod()
# 51| getFunction(): [MethodLookupExpr] .staticMethod()
# 51| getBase(): [TypeExpr] Baz.Type
# 51| getTypeRepr(): [TypeRepr] Baz
# 51| getMethodRef(): [DeclRefExpr] staticMethod()
# 51| getMethodRef().getFullyConverted(): [FunctionConversionExpr] ((Baz.Type) -> @MainActor () -> ()) ...
# 51| getElement(6).getFullyConverted(): [AwaitExpr] await ...
# 51| getElement(5).getFullyConverted(): [AwaitExpr] await ...
# 43| [NilLiteralExpr] nil
# 47| [Comment] // DotSyntaxCallExpr
# 47|

24
swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.expected
View File

@@ -1,7 +1,7 @@
edges
| UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in URL.init(string:) | file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:) |
| UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in URL.init(string:relativeTo:) | file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:relativeTo:) |
| UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) |
| UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in URL.init(string:) | UnsafeWebViewFetch.swift:10:2:10:25 | [summary] to write: return (return) in URL.init(string:) |
| UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in URL.init(string:relativeTo:) | UnsafeWebViewFetch.swift:11:2:11:43 | [summary] to write: return (return) in URL.init(string:relativeTo:) |
| UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in Data.init(_:) | UnsafeWebViewFetch.swift:43:5:43:29 | [summary] to write: return (return) in Data.init(_:) |
| UnsafeWebViewFetch.swift:94:10:94:37 | try ... | UnsafeWebViewFetch.swift:117:21:117:35 | call to getRemoteData() |
| UnsafeWebViewFetch.swift:94:10:94:37 | try ... | UnsafeWebViewFetch.swift:120:25:120:39 | call to getRemoteData() |
| UnsafeWebViewFetch.swift:94:10:94:37 | try ... | UnsafeWebViewFetch.swift:164:21:164:35 | call to getRemoteData() |
@@ -63,8 +63,11 @@ edges
| UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() | UnsafeWebViewFetch.swift:211:25:211:25 | htmlData |
nodes
| UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in URL.init(string:) | semmle.label | [summary param] 0 in URL.init(string:) |
| UnsafeWebViewFetch.swift:10:2:10:25 | [summary] to write: return (return) in URL.init(string:) | semmle.label | [summary] to write: return (return) in URL.init(string:) |
| UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in URL.init(string:relativeTo:) | semmle.label | [summary param] 1 in URL.init(string:relativeTo:) |
| UnsafeWebViewFetch.swift:11:2:11:43 | [summary] to write: return (return) in URL.init(string:relativeTo:) | semmle.label | [summary] to write: return (return) in URL.init(string:relativeTo:) |
| UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in Data.init(_:) | semmle.label | [summary param] 0 in Data.init(_:) |
| UnsafeWebViewFetch.swift:43:5:43:29 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| UnsafeWebViewFetch.swift:94:10:94:37 | try ... | semmle.label | try ... |
| UnsafeWebViewFetch.swift:94:14:94:37 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| UnsafeWebViewFetch.swift:103:25:103:84 | try! ... | semmle.label | try! ... |
@@ -122,16 +125,13 @@ nodes
| UnsafeWebViewFetch.swift:206:17:206:31 | call to getRemoteData() | semmle.label | call to getRemoteData() |
| UnsafeWebViewFetch.swift:210:25:210:25 | htmlData | semmle.label | htmlData |
| UnsafeWebViewFetch.swift:211:25:211:25 | htmlData | semmle.label | htmlData |
| file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:) | semmle.label | [summary] to write: return (return) in URL.init(string:) |
| file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:relativeTo:) | semmle.label | [summary] to write: return (return) in URL.init(string:relativeTo:) |
subpaths
| UnsafeWebViewFetch.swift:131:30:131:30 | remoteString | UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in URL.init(string:) | file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:) | UnsafeWebViewFetch.swift:131:18:131:42 | call to URL.init(string:) |
| UnsafeWebViewFetch.swift:132:52:132:52 | remoteURL | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in URL.init(string:relativeTo:) | file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:relativeTo:) | UnsafeWebViewFetch.swift:132:19:132:61 | call to URL.init(string:relativeTo:) |
| UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | UnsafeWebViewFetch.swift:150:19:150:41 | call to Data.init(_:) |
| UnsafeWebViewFetch.swift:178:30:178:30 | remoteString | UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in URL.init(string:) | file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:) | UnsafeWebViewFetch.swift:178:18:178:42 | call to URL.init(string:) |
| UnsafeWebViewFetch.swift:179:52:179:52 | remoteURL | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in URL.init(string:relativeTo:) | file://:0:0:0:0 | [summary] to write: return (return) in URL.init(string:relativeTo:) | UnsafeWebViewFetch.swift:179:19:179:61 | call to URL.init(string:relativeTo:) |
| UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | UnsafeWebViewFetch.swift:197:19:197:41 | call to Data.init(_:) |
| UnsafeWebViewFetch.swift:131:30:131:30 | remoteString | UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in URL.init(string:) | UnsafeWebViewFetch.swift:10:2:10:25 | [summary] to write: return (return) in URL.init(string:) | UnsafeWebViewFetch.swift:131:18:131:42 | call to URL.init(string:) |
| UnsafeWebViewFetch.swift:132:52:132:52 | remoteURL | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in URL.init(string:relativeTo:) | UnsafeWebViewFetch.swift:11:2:11:43 | [summary] to write: return (return) in URL.init(string:relativeTo:) | UnsafeWebViewFetch.swift:132:19:132:61 | call to URL.init(string:relativeTo:) |
| UnsafeWebViewFetch.swift:150:24:150:37 | .utf8 | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in Data.init(_:) | UnsafeWebViewFetch.swift:43:5:43:29 | [summary] to write: return (return) in Data.init(_:) | UnsafeWebViewFetch.swift:150:19:150:41 | call to Data.init(_:) |
| UnsafeWebViewFetch.swift:178:30:178:30 | remoteString | UnsafeWebViewFetch.swift:10:2:10:25 | [summary param] 0 in URL.init(string:) | UnsafeWebViewFetch.swift:10:2:10:25 | [summary] to write: return (return) in URL.init(string:) | UnsafeWebViewFetch.swift:178:18:178:42 | call to URL.init(string:) |
| UnsafeWebViewFetch.swift:179:52:179:52 | remoteURL | UnsafeWebViewFetch.swift:11:2:11:43 | [summary param] 1 in URL.init(string:relativeTo:) | UnsafeWebViewFetch.swift:11:2:11:43 | [summary] to write: return (return) in URL.init(string:relativeTo:) | UnsafeWebViewFetch.swift:179:19:179:61 | call to URL.init(string:relativeTo:) |
| UnsafeWebViewFetch.swift:197:24:197:37 | .utf8 | UnsafeWebViewFetch.swift:43:5:43:29 | [summary param] 0 in Data.init(_:) | UnsafeWebViewFetch.swift:43:5:43:29 | [summary] to write: return (return) in Data.init(_:) | UnsafeWebViewFetch.swift:197:19:197:41 | call to Data.init(_:) |
#select
| UnsafeWebViewFetch.swift:103:25:103:84 | try! ... | UnsafeWebViewFetch.swift:103:30:103:84 | call to String.init(contentsOf:) | UnsafeWebViewFetch.swift:103:25:103:84 | try! ... | Tainted data is used in a WebView fetch without restricting the base URL. |
| UnsafeWebViewFetch.swift:106:25:106:25 | data | UnsafeWebViewFetch.swift:105:18:105:72 | call to String.init(contentsOf:) | UnsafeWebViewFetch.swift:106:25:106:25 | data | Tainted data is used in a WebView fetch without restricting the base URL. |

12
swift/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
View File

@@ -97,8 +97,8 @@ edges
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:117:16:117:16 | unsafeQuery1 |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:119:16:119:16 | unsafeQuery1 |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | SQLite.swift:132:20:132:20 | remoteString |
| sqlite3_c_api.swift:15:2:15:71 | [summary param] this in copyBytes(to:count:) | file://:0:0:0:0 | [summary] to write: argument 0 in copyBytes(to:count:) |
| sqlite3_c_api.swift:37:2:37:103 | [summary param] this in data(using:allowLossyConversion:) | file://:0:0:0:0 | [summary] to write: return (return) in data(using:allowLossyConversion:) |
| sqlite3_c_api.swift:15:2:15:71 | [summary param] this in copyBytes(to:count:) | sqlite3_c_api.swift:15:2:15:71 | [summary] to write: argument 0 in copyBytes(to:count:) |
| sqlite3_c_api.swift:37:2:37:103 | [summary param] this in data(using:allowLossyConversion:) | sqlite3_c_api.swift:37:2:37:103 | [summary] to write: return (return) in data(using:allowLossyConversion:) |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:133:33:133:33 | unsafeQuery1 |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:134:33:134:33 | unsafeQuery2 |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | sqlite3_c_api.swift:135:33:135:33 | unsafeQuery3 |
@@ -226,10 +226,10 @@ nodes
| SQLite.swift:117:16:117:16 | unsafeQuery1 | semmle.label | unsafeQuery1 |
| SQLite.swift:119:16:119:16 | unsafeQuery1 | semmle.label | unsafeQuery1 |
| SQLite.swift:132:20:132:20 | remoteString | semmle.label | remoteString |
| file://:0:0:0:0 | [summary] to write: argument 0 in copyBytes(to:count:) | semmle.label | [summary] to write: argument 0 in copyBytes(to:count:) |
| file://:0:0:0:0 | [summary] to write: return (return) in data(using:allowLossyConversion:) | semmle.label | [summary] to write: return (return) in data(using:allowLossyConversion:) |
| sqlite3_c_api.swift:15:2:15:71 | [summary param] this in copyBytes(to:count:) | semmle.label | [summary param] this in copyBytes(to:count:) |
| sqlite3_c_api.swift:15:2:15:71 | [summary] to write: argument 0 in copyBytes(to:count:) | semmle.label | [summary] to write: argument 0 in copyBytes(to:count:) |
| sqlite3_c_api.swift:37:2:37:103 | [summary param] this in data(using:allowLossyConversion:) | semmle.label | [summary param] this in data(using:allowLossyConversion:) |
| sqlite3_c_api.swift:37:2:37:103 | [summary] to write: return (return) in data(using:allowLossyConversion:) | semmle.label | [summary] to write: return (return) in data(using:allowLossyConversion:) |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| sqlite3_c_api.swift:133:33:133:33 | unsafeQuery1 | semmle.label | unsafeQuery1 |
| sqlite3_c_api.swift:134:33:134:33 | unsafeQuery2 | semmle.label | unsafeQuery2 |
@@ -245,8 +245,8 @@ nodes
| sqlite3_c_api.swift:202:31:202:31 | buffer | semmle.label | buffer |
| sqlite3_c_api.swift:210:31:210:31 | buffer | semmle.label | buffer |
subpaths
| sqlite3_c_api.swift:189:13:189:13 | unsafeQuery3 | sqlite3_c_api.swift:37:2:37:103 | [summary param] this in data(using:allowLossyConversion:) | file://:0:0:0:0 | [summary] to write: return (return) in data(using:allowLossyConversion:) | sqlite3_c_api.swift:189:13:189:58 | call to data(using:allowLossyConversion:) |
| sqlite3_c_api.swift:190:2:190:2 | data | sqlite3_c_api.swift:15:2:15:71 | [summary param] this in copyBytes(to:count:) | file://:0:0:0:0 | [summary] to write: argument 0 in copyBytes(to:count:) | sqlite3_c_api.swift:190:21:190:21 | [post] buffer |
| sqlite3_c_api.swift:189:13:189:13 | unsafeQuery3 | sqlite3_c_api.swift:37:2:37:103 | [summary param] this in data(using:allowLossyConversion:) | sqlite3_c_api.swift:37:2:37:103 | [summary] to write: return (return) in data(using:allowLossyConversion:) | sqlite3_c_api.swift:189:13:189:58 | call to data(using:allowLossyConversion:) |
| sqlite3_c_api.swift:190:2:190:2 | data | sqlite3_c_api.swift:15:2:15:71 | [summary param] this in copyBytes(to:count:) | sqlite3_c_api.swift:15:2:15:71 | [summary] to write: argument 0 in copyBytes(to:count:) | sqlite3_c_api.swift:190:21:190:21 | [post] buffer |
#select
| GRDB.swift:106:41:106:41 | remoteString | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | GRDB.swift:106:41:106:41 | remoteString | This query depends on a $@. | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:108:41:108:41 | remoteString | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | GRDB.swift:108:41:108:41 | remoteString | This query depends on a $@. | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | user-provided value |

18
swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected
View File

@@ -1,8 +1,8 @@
edges
| UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:) | file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
| UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) |
| UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:69:2:73:5 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
| UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:75:2:80:5 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) |
| UnsafeJsEval.swift:124:21:124:42 | string | UnsafeJsEval.swift:124:70:124:70 | string |
| UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) |
| UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in Data.init(_:) | UnsafeJsEval.swift:144:5:144:29 | [summary] to write: return (return) in Data.init(_:) |
| UnsafeJsEval.swift:165:10:165:37 | try ... | UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() |
| UnsafeJsEval.swift:165:14:165:37 | call to String.init(contentsOf:) | UnsafeJsEval.swift:165:10:165:37 | try ... |
| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | UnsafeJsEval.swift:205:7:205:7 | remoteString |
@@ -66,10 +66,13 @@ edges
| file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) | file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) |
nodes
| UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:) | semmle.label | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
| UnsafeJsEval.swift:69:2:73:5 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) | semmle.label | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
| UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | semmle.label | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) |
| UnsafeJsEval.swift:75:2:80:5 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | semmle.label | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) |
| UnsafeJsEval.swift:124:21:124:42 | string | semmle.label | string |
| UnsafeJsEval.swift:124:70:124:70 | string | semmle.label | string |
| UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in Data.init(_:) | semmle.label | [summary param] 0 in Data.init(_:) |
| UnsafeJsEval.swift:144:5:144:29 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| UnsafeJsEval.swift:165:10:165:37 | try ... | semmle.label | try ... |
| UnsafeJsEval.swift:165:14:165:37 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | semmle.label | call to getRemoteData() |
@@ -106,15 +109,12 @@ nodes
| UnsafeJsEval.swift:318:24:318:87 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| UnsafeJsEval.swift:320:44:320:74 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
| file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) | semmle.label | [summary param] 0 in String.init(decoding:as:) |
| file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) | semmle.label | [summary] to write: return (return) in String.init(decoding:as:) |
| file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) | semmle.label | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
| file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | semmle.label | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) |
subpaths
| UnsafeJsEval.swift:211:24:211:37 | .utf8 | UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) |
| UnsafeJsEval.swift:211:24:211:37 | .utf8 | UnsafeJsEval.swift:144:5:144:29 | [summary param] 0 in Data.init(_:) | UnsafeJsEval.swift:144:5:144:29 | [summary] to write: return (return) in Data.init(_:) | UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) |
| UnsafeJsEval.swift:214:24:214:24 | remoteData | file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) | file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) |
| UnsafeJsEval.swift:266:43:266:43 | string | UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:) | file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
| UnsafeJsEval.swift:269:43:269:43 | string | UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | file://:0:0:0:0 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) |
| UnsafeJsEval.swift:266:43:266:43 | string | UnsafeJsEval.swift:69:2:73:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:69:2:73:5 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) |
| UnsafeJsEval.swift:269:43:269:43 | string | UnsafeJsEval.swift:75:2:80:5 | [summary param] 0 in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:75:2:80:5 | [summary] to write: return (return) in WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) |
| UnsafeJsEval.swift:287:31:287:97 | call to JSStringCreateWithCharacters(_:_:) | UnsafeJsEval.swift:124:21:124:42 | string | UnsafeJsEval.swift:124:70:124:70 | string | UnsafeJsEval.swift:287:16:287:98 | call to JSStringRetain(_:) |
| UnsafeJsEval.swift:301:31:301:84 | call to JSStringCreateWithUTF8CString(_:) | UnsafeJsEval.swift:124:21:124:42 | string | UnsafeJsEval.swift:124:70:124:70 | string | UnsafeJsEval.swift:301:16:301:85 | call to JSStringRetain(_:) |
#select

12
swift/ql/test/query-tests/Security/CWE-1204/StaticInitializationVector.expected
View File

@@ -1,5 +1,5 @@
edges
| rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:60:19:60:25 | call to Data.init(_:) | rncryptor.swift:68:104:68:104 | myConstIV1 |
| rncryptor.swift:60:19:60:25 | call to Data.init(_:) | rncryptor.swift:77:125:77:125 | myConstIV1 |
| rncryptor.swift:60:24:60:24 | 0 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) |
@@ -40,8 +40,8 @@ edges
| test.swift:101:17:101:35 | call to getConstantString() | test.swift:130:39:130:39 | ivString |
| test.swift:147:22:147:22 | iv | test.swift:53:19:53:34 | iv |
nodes
| file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | semmle.label | [summary param] 0 in Data.init(_:) |
| rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:60:19:60:25 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
| rncryptor.swift:60:24:60:24 | 0 | semmle.label | 0 |
| rncryptor.swift:61:19:61:27 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
@@ -84,10 +84,10 @@ nodes
| test.swift:167:22:167:22 | iv | semmle.label | iv |
| test.swift:168:22:168:22 | iv | semmle.label | iv |
subpaths
| rncryptor.swift:60:24:60:24 | 0 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:60:19:60:25 | call to Data.init(_:) |
| rncryptor.swift:61:24:61:24 | 123 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:61:19:61:27 | call to Data.init(_:) |
| rncryptor.swift:62:24:62:34 | [...] | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:62:19:62:35 | call to Data.init(_:) |
| rncryptor.swift:63:24:63:24 | iv | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:63:19:63:28 | call to Data.init(_:) |
| rncryptor.swift:60:24:60:24 | 0 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:60:19:60:25 | call to Data.init(_:) |
| rncryptor.swift:61:24:61:24 | 123 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:61:19:61:27 | call to Data.init(_:) |
| rncryptor.swift:62:24:62:34 | [...] | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:62:19:62:35 | call to Data.init(_:) |
| rncryptor.swift:63:24:63:24 | iv | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:63:19:63:28 | call to Data.init(_:) |
#select
| rncryptor.swift:68:104:68:104 | myConstIV1 | rncryptor.swift:60:24:60:24 | 0 | rncryptor.swift:68:104:68:104 | myConstIV1 | The static value '0' is used as an initialization vector for encryption. |
| rncryptor.swift:70:104:70:104 | myConstIV2 | rncryptor.swift:61:24:61:24 | 123 | rncryptor.swift:70:104:70:104 | myConstIV2 | The static value '123' is used as an initialization vector for encryption. |

12
swift/ql/test/query-tests/Security/CWE-134/UncontrolledFormatString.expected
View File

@@ -1,5 +1,5 @@
edges
| UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | file://:0:0:0:0 | [summary] to write: return (return) in NSString.init(string:) |
| UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | UncontrolledFormatString.swift:30:5:30:35 | [summary] to write: return (return) in NSString.init(string:) |
| UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:70:28:70:28 | tainted |
| UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:73:28:73:28 | tainted |
| UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:74:28:74:28 | tainted |
@@ -23,6 +23,7 @@ edges
| UncontrolledFormatString.swift:85:72:85:72 | tainted | UncontrolledFormatString.swift:85:55:85:79 | call to NSString.init(string:) |
nodes
| UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | semmle.label | [summary param] 0 in NSString.init(string:) |
| UncontrolledFormatString.swift:30:5:30:35 | [summary] to write: return (return) in NSString.init(string:) | semmle.label | [summary] to write: return (return) in NSString.init(string:) |
| UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) |
| UncontrolledFormatString.swift:70:28:70:28 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:73:28:73:28 | tainted | semmle.label | tainted |
@@ -41,12 +42,11 @@ nodes
| UncontrolledFormatString.swift:85:72:85:72 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:88:11:88:11 | tainted | semmle.label | tainted |
| UncontrolledFormatString.swift:91:61:91:61 | tainted | semmle.label | tainted |
| file://:0:0:0:0 | [summary] to write: return (return) in NSString.init(string:) | semmle.label | [summary] to write: return (return) in NSString.init(string:) |
subpaths
| UncontrolledFormatString.swift:81:47:81:47 | tainted | UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | file://:0:0:0:0 | [summary] to write: return (return) in NSString.init(string:) | UncontrolledFormatString.swift:81:30:81:54 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:82:65:82:65 | tainted | UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | file://:0:0:0:0 | [summary] to write: return (return) in NSString.init(string:) | UncontrolledFormatString.swift:82:48:82:72 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:84:54:84:54 | tainted | UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | file://:0:0:0:0 | [summary] to write: return (return) in NSString.init(string:) | UncontrolledFormatString.swift:84:37:84:61 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:85:72:85:72 | tainted | UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | file://:0:0:0:0 | [summary] to write: return (return) in NSString.init(string:) | UncontrolledFormatString.swift:85:55:85:79 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:81:47:81:47 | tainted | UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | UncontrolledFormatString.swift:30:5:30:35 | [summary] to write: return (return) in NSString.init(string:) | UncontrolledFormatString.swift:81:30:81:54 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:82:65:82:65 | tainted | UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | UncontrolledFormatString.swift:30:5:30:35 | [summary] to write: return (return) in NSString.init(string:) | UncontrolledFormatString.swift:82:48:82:72 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:84:54:84:54 | tainted | UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | UncontrolledFormatString.swift:30:5:30:35 | [summary] to write: return (return) in NSString.init(string:) | UncontrolledFormatString.swift:84:37:84:61 | call to NSString.init(string:) |
| UncontrolledFormatString.swift:85:72:85:72 | tainted | UncontrolledFormatString.swift:30:5:30:35 | [summary param] 0 in NSString.init(string:) | UncontrolledFormatString.swift:30:5:30:35 | [summary] to write: return (return) in NSString.init(string:) | UncontrolledFormatString.swift:85:55:85:79 | call to NSString.init(string:) |
#select
| UncontrolledFormatString.swift:70:28:70:28 | tainted | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:70:28:70:28 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | this user-provided value |
| UncontrolledFormatString.swift:73:28:73:28 | tainted | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | UncontrolledFormatString.swift:73:28:73:28 | tainted | This format string depends on $@. | UncontrolledFormatString.swift:64:24:64:77 | call to String.init(contentsOf:) | this user-provided value |

6
swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected
View File

@@ -2,7 +2,7 @@ edges
| testAlamofire.swift:150:45:150:45 | password | testAlamofire.swift:150:13:150:45 | ... .+(_:_:) ... |
| testAlamofire.swift:152:51:152:51 | password | testAlamofire.swift:152:19:152:51 | ... .+(_:_:) ... |
| testAlamofire.swift:154:38:154:38 | email | testAlamofire.swift:154:14:154:46 | ... .+(_:_:) ... |
| testSend.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) |
| testSend.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | testSend.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) |
| testSend.swift:33:14:33:32 | call to Data.init(_:) | testSend.swift:37:19:37:19 | data2 |
| testSend.swift:33:19:33:19 | passwordPlain | testSend.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) |
| testSend.swift:33:19:33:19 | passwordPlain | testSend.swift:33:14:33:32 | call to Data.init(_:) |
@@ -16,7 +16,6 @@ edges
| testURL.swift:15:55:15:55 | account_no | testURL.swift:15:22:15:55 | ... .+(_:_:) ... |
| testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... |
nodes
| file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| testAlamofire.swift:150:13:150:45 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
| testAlamofire.swift:150:45:150:45 | password | semmle.label | password |
| testAlamofire.swift:152:19:152:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
@@ -24,6 +23,7 @@ nodes
| testAlamofire.swift:154:14:154:46 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
| testAlamofire.swift:154:38:154:38 | email | semmle.label | email |
| testSend.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | semmle.label | [summary param] 0 in Data.init(_:) |
| testSend.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| testSend.swift:29:19:29:19 | passwordPlain | semmle.label | passwordPlain |
| testSend.swift:33:14:33:32 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
| testSend.swift:33:19:33:19 | passwordPlain | semmle.label | passwordPlain |
@@ -47,7 +47,7 @@ nodes
| testURL.swift:16:55:16:55 | credit_card_no | semmle.label | credit_card_no |
| testURL.swift:20:22:20:22 | passwd | semmle.label | passwd |
subpaths
| testSend.swift:33:19:33:19 | passwordPlain | testSend.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | testSend.swift:33:14:33:32 | call to Data.init(_:) |
| testSend.swift:33:19:33:19 | passwordPlain | testSend.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | testSend.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | testSend.swift:33:14:33:32 | call to Data.init(_:) |
| testSend.swift:54:17:54:17 | password | testSend.swift:41:10:41:18 | data | testSend.swift:41:45:41:45 | data | testSend.swift:54:13:54:25 | call to pad(_:) |
#select
| testAlamofire.swift:150:13:150:45 | ... .+(_:_:) ... | testAlamofire.swift:150:45:150:45 | password | testAlamofire.swift:150:13:150:45 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testAlamofire.swift:150:45:150:45 | password | password |

12
swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.expected
View File

@@ -22,7 +22,7 @@ edges
| file://:0:0:0:0 | [post] self [encryptionKey] | file://:0:0:0:0 | [post] self |
| file://:0:0:0:0 | [post] self [encryptionKey] | file://:0:0:0:0 | [post] self |
| file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [encryptionKey] |
| misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) |
| misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | misc.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) |
| misc.swift:30:7:30:7 | value | file://:0:0:0:0 | value |
| misc.swift:46:19:46:38 | call to Data.init(_:) | misc.swift:49:41:49:41 | myConstKey |
| misc.swift:46:19:46:38 | call to Data.init(_:) | misc.swift:53:25:53:25 | myConstKey |
@@ -37,7 +37,7 @@ edges
| misc.swift:57:41:57:41 | myConstKey | misc.swift:30:7:30:7 | value |
| misc.swift:57:41:57:41 | myConstKey | misc.swift:57:2:57:18 | [post] getter for .config |
| misc.swift:57:41:57:41 | myConstKey | misc.swift:57:2:57:18 | [post] getter for .config [encryptionKey] |
| rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:60:19:60:38 | call to Data.init(_:) | rncryptor.swift:65:73:65:73 | myConstKey |
| rncryptor.swift:60:19:60:38 | call to Data.init(_:) | rncryptor.swift:66:73:66:73 | myConstKey |
| rncryptor.swift:60:19:60:38 | call to Data.init(_:) | rncryptor.swift:67:73:67:73 | myConstKey |
@@ -81,10 +81,9 @@ nodes
| file://:0:0:0:0 | [post] self | semmle.label | [post] self |
| file://:0:0:0:0 | [post] self | semmle.label | [post] self |
| file://:0:0:0:0 | [post] self [encryptionKey] | semmle.label | [post] self [encryptionKey] |
| file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| file://:0:0:0:0 | value | semmle.label | value |
| misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | semmle.label | [summary param] 0 in Data.init(_:) |
| misc.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| misc.swift:30:7:30:7 | value | semmle.label | value |
| misc.swift:46:19:46:38 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
| misc.swift:46:24:46:24 | abcdef123456 | semmle.label | abcdef123456 |
@@ -96,6 +95,7 @@ nodes
| misc.swift:57:2:57:18 | [post] getter for .config [encryptionKey] | semmle.label | [post] getter for .config [encryptionKey] |
| misc.swift:57:41:57:41 | myConstKey | semmle.label | myConstKey |
| rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | semmle.label | [summary param] 0 in Data.init(_:) |
| rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:60:19:60:38 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
| rncryptor.swift:60:24:60:24 | abcdef123456 | semmle.label | abcdef123456 |
| rncryptor.swift:65:73:65:73 | myConstKey | semmle.label | myConstKey |
@@ -114,12 +114,12 @@ nodes
| rncryptor.swift:81:102:81:102 | myConstKey | semmle.label | myConstKey |
| rncryptor.swift:83:92:83:92 | myConstKey | semmle.label | myConstKey |
subpaths
| misc.swift:46:24:46:24 | abcdef123456 | misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | misc.swift:46:19:46:38 | call to Data.init(_:) |
| misc.swift:46:24:46:24 | abcdef123456 | misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | misc.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | misc.swift:46:19:46:38 | call to Data.init(_:) |
| misc.swift:53:25:53:25 | myConstKey | misc.swift:30:7:30:7 | value | file://:0:0:0:0 | [post] self | misc.swift:53:2:53:2 | [post] config |
| misc.swift:53:25:53:25 | myConstKey | misc.swift:30:7:30:7 | value | file://:0:0:0:0 | [post] self [encryptionKey] | misc.swift:53:2:53:2 | [post] config [encryptionKey] |
| misc.swift:57:41:57:41 | myConstKey | misc.swift:30:7:30:7 | value | file://:0:0:0:0 | [post] self | misc.swift:57:2:57:18 | [post] getter for .config |
| misc.swift:57:41:57:41 | myConstKey | misc.swift:30:7:30:7 | value | file://:0:0:0:0 | [post] self [encryptionKey] | misc.swift:57:2:57:18 | [post] getter for .config [encryptionKey] |
| rncryptor.swift:60:24:60:24 | abcdef123456 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:60:19:60:38 | call to Data.init(_:) |
| rncryptor.swift:60:24:60:24 | abcdef123456 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:60:19:60:38 | call to Data.init(_:) |
#select
| cryptoswift.swift:108:21:108:21 | keyString | cryptoswift.swift:76:3:76:3 | this string is constant | cryptoswift.swift:108:21:108:21 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | cryptoswift.swift:76:3:76:3 | this string is constant | this string is constant |
| cryptoswift.swift:109:21:109:21 | keyString | cryptoswift.swift:76:3:76:3 | this string is constant | cryptoswift.swift:109:21:109:21 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | cryptoswift.swift:76:3:76:3 | this string is constant | this string is constant |

8
swift/ql/test/query-tests/Security/CWE-760/ConstantSalt.expected
View File

@@ -1,5 +1,5 @@
edges
| rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:59:24:59:43 | call to Data.init(_:) | rncryptor.swift:63:57:63:57 | myConstantSalt1 |
| rncryptor.swift:59:24:59:43 | call to Data.init(_:) | rncryptor.swift:68:106:68:106 | myConstantSalt1 |
| rncryptor.swift:59:24:59:43 | call to Data.init(_:) | rncryptor.swift:71:106:71:106 | myConstantSalt1 |
@@ -19,8 +19,8 @@ edges
| test.swift:43:35:43:130 | [...] | test.swift:62:59:62:59 | constantSalt |
| test.swift:43:35:43:130 | [...] | test.swift:67:53:67:53 | constantSalt |
nodes
| file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | semmle.label | [summary param] 0 in Data.init(_:) |
| rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) |
| rncryptor.swift:59:24:59:43 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
| rncryptor.swift:59:29:59:29 | abcdef123456 | semmle.label | abcdef123456 |
| rncryptor.swift:60:24:60:30 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
@@ -41,8 +41,8 @@ nodes
| test.swift:62:59:62:59 | constantSalt | semmle.label | constantSalt |
| test.swift:67:53:67:53 | constantSalt | semmle.label | constantSalt |
subpaths
| rncryptor.swift:59:29:59:29 | abcdef123456 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:59:24:59:43 | call to Data.init(_:) |
| rncryptor.swift:60:29:60:29 | 0 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:60:24:60:30 | call to Data.init(_:) |
| rncryptor.swift:59:29:59:29 | abcdef123456 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:59:24:59:43 | call to Data.init(_:) |
| rncryptor.swift:60:29:60:29 | 0 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | rncryptor.swift:5:5:5:29 | [summary] to write: return (return) in Data.init(_:) | rncryptor.swift:60:24:60:30 | call to Data.init(_:) |
#select
| rncryptor.swift:63:57:63:57 | myConstantSalt1 | rncryptor.swift:59:29:59:29 | abcdef123456 | rncryptor.swift:63:57:63:57 | myConstantSalt1 | The value 'abcdef123456' is used as a constant salt, which is insecure for hashing passwords. |
| rncryptor.swift:65:55:65:55 | myConstantSalt2 | rncryptor.swift:60:29:60:29 | 0 | rncryptor.swift:65:55:65:55 | myConstantSalt2 | The value '0' is used as a constant salt, which is insecure for hashing passwords. |