Swift: Add CSV extension points.

2025-12-20 18:56:32 +01:00 · 2023-02-27 22:55:47 +00:00
parent c533334470
commit ea4c2e4321
3 changed files with 24 additions and 0 deletions
--- a/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll
@@ -6,6 +6,7 @@
 import swift
 import codeql.swift.security.SensitiveExprs
 import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.ExternalFlow

 /**
 * A dataflow sink for cleartext database storage vulnerabilities. That is,
@@ -150,3 +151,10 @@ private class CleartextStorageDatabaseArrayAdditionalTaintStep extends Cleartext
    )
  }
 }
+
+/**
+ * A sink defined in a CSV model.
+ */
+private class DefaultCleartextStorageDatabaseSink extends CleartextStorageDatabaseSink {
+  DefaultCleartextStorageDatabaseSink() { sinkNode(this, "database-store") }
+}
--- a/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll
@@ -6,6 +6,7 @@
 import swift
 import codeql.swift.security.SensitiveExprs
 import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.ExternalFlow

 /**
 * A dataflow sink for cleartext preferences storage vulnerabilities. That is,
@@ -78,3 +79,10 @@ private class CleartextStoragePreferencesEncryptionSanitizer extends CleartextSt
    this.asExpr() instanceof EncryptedExpr
  }
 }
+
+/**
+ * A sink defined in a CSV model.
+ */
+private class DefaultCleartextStoragePreferencesSink extends CleartextStoragePreferencesSink {
+  DefaultCleartextStoragePreferencesSink() { sinkNode(this, "preferences-store") }
+}
--- a/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll
@@ -6,6 +6,7 @@
 import swift
 import codeql.swift.security.SensitiveExprs
 import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.ExternalFlow

 /**
 * A dataflow sink for cleartext transmission vulnerabilities. That is,
@@ -87,3 +88,10 @@ private class CleartextTransmissionEncryptionSanitizer extends CleartextTransmis
    this.asExpr() instanceof EncryptedExpr
  }
 }
+
+/**
+ * A sink defined in a CSV model.
+ */
+private class DefaultCleartextTransmissionSink extends CleartextTransmissionSink {
+  DefaultCleartextTransmissionSink() { sinkNode(this, "transmission") }
+}