Swift: Add a partial model of Collection.

2026-05-01 11:45:14 +02:00 · 2023-02-03 17:25:39 +00:00
parent e357b44943
commit ec72c7504c
6 changed files with 236 additions and 21 deletions
--- a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
@@ -78,6 +78,7 @@ private import internal.FlowSummaryImplSpecific
 * ensuring that they are visible to the taint tracking / data flow library.
 */
 private module Frameworks {
+  private import codeql.swift.frameworks.StandardLibrary.Collection
  private import codeql.swift.frameworks.StandardLibrary.CustomUrlSchemes
  private import codeql.swift.frameworks.StandardLibrary.Data
  private import codeql.swift.frameworks.StandardLibrary.FilePath
--- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll
@@ -0,0 +1,35 @@
+/**
+ * Provides models for the `Collection` and related Swift class.
+ */
+
+import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.dataflow.ExternalFlow
+private import codeql.swift.dataflow.FlowSteps
+
+
+/**
+ * A model for `Collection` members that permit taint flow.
+ */
+private class CollectionSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";Collection;true;prefix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(through:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(upTo:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(while:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;suffix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;suffix(from:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;dropFirst(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;dropLast(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;removeFirst();;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;remove(at:);;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;removeLast();;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;removeLast();;;Argument[-1];ReturnValue;taint",
+        ";BidirectionalCollection;true;joined(separator:);;;Argument[-1..0];ReturnValue;taint",
+      ]
+  }
+}
--- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll
@@ -109,12 +109,6 @@ private class StringSummaries extends SummaryModelCsv {
        ";String;true;min();;;Argument[-1];ReturnValue;taint",
        ";String;true;min(by:);;;Argument[-1];ReturnValue;taint",
        ";String;true;subscript(_:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;prefix(_:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;prefix(through:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;prefix(upTo:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;prefix(while:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;suffix(_:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;suffix(from:);;;Argument[-1];ReturnValue;taint",
        ";String;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
        ";String;true;randomElement();;;Argument[-1];ReturnValue;taint",
        ";String;true;randomElement(using:);;;Argument[-1];ReturnValue;taint",
--- a/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
+++ b/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
@@ -1189,8 +1189,10 @@
 | string.swift:228:31:228:31 | tainted | string.swift:228:13:228:48 | call to String.init(repeating:count:) |
 | string.swift:228:31:228:31 | tainted | string.swift:230:13:230:13 | tainted |
 | string.swift:230:13:230:13 | [post] tainted | string.swift:231:13:231:13 | tainted |
+| string.swift:230:13:230:13 | tainted | string.swift:230:13:230:33 | call to dropFirst(_:) |
 | string.swift:230:13:230:13 | tainted | string.swift:231:13:231:13 | tainted |
 | string.swift:231:13:231:13 | [post] tainted | string.swift:232:13:232:13 | tainted |
+| string.swift:231:13:231:13 | tainted | string.swift:231:13:231:32 | call to dropLast(_:) |
 | string.swift:231:13:231:13 | tainted | string.swift:232:13:232:13 | tainted |
 | string.swift:232:13:232:13 | [post] tainted | string.swift:232:37:232:37 | tainted |
 | string.swift:232:13:232:13 | tainted | string.swift:232:13:232:55 | call to substring(from:) |
@@ -1216,8 +1218,10 @@
 | string.swift:239:13:239:13 | tainted | string.swift:239:13:239:30 | call to reversed() |
 | string.swift:239:13:239:13 | tainted | string.swift:241:13:241:13 | tainted |
 | string.swift:241:13:241:13 | [post] tainted | string.swift:242:13:242:13 | tainted |
+| string.swift:241:13:241:13 | tainted | string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) |
 | string.swift:241:13:241:13 | tainted | string.swift:242:13:242:13 | tainted |
 | string.swift:242:13:242:13 | [post] tainted | string.swift:245:13:245:13 | tainted |
+| string.swift:242:13:242:13 | tainted | string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) |
 | string.swift:242:13:242:13 | tainted | string.swift:245:13:245:13 | tainted |
 | string.swift:243:5:243:5 | SSA def(c) | string.swift:243:18:243:18 | c |
 | string.swift:243:5:243:5 | c | string.swift:243:5:243:5 | SSA def(c) |
@@ -1258,14 +1262,22 @@
 | string.swift:259:5:259:5 | line | string.swift:259:5:259:5 | SSA def(line) |
 | string.swift:259:11:259:11 | SSA def(stop) | string.swift:261:15:261:15 | stop |
 | string.swift:259:11:259:11 | stop | string.swift:259:11:259:11 | SSA def(stop) |
+| string.swift:264:13:264:26 | [...] | string.swift:264:13:264:35 | call to joined(separator:) |
 | string.swift:264:14:264:14 | clean | string.swift:264:21:264:21 | clean |
 | string.swift:264:21:264:21 | clean | string.swift:265:23:265:23 | clean |
+| string.swift:264:34:264:34 | default separator | string.swift:264:13:264:35 | call to joined(separator:) |
+| string.swift:265:13:265:28 | [...] | string.swift:265:13:265:37 | call to joined(separator:) |
 | string.swift:265:14:265:14 | tainted | string.swift:266:21:266:21 | tainted |
 | string.swift:265:23:265:23 | clean | string.swift:266:14:266:14 | clean |
+| string.swift:265:36:265:36 | default separator | string.swift:265:13:265:37 | call to joined(separator:) |
+| string.swift:266:13:266:28 | [...] | string.swift:266:13:266:37 | call to joined(separator:) |
 | string.swift:266:14:266:14 | clean | string.swift:269:13:269:13 | clean |
 | string.swift:266:21:266:21 | tainted | string.swift:267:14:267:14 | tainted |
+| string.swift:266:36:266:36 | default separator | string.swift:266:13:266:37 | call to joined(separator:) |
+| string.swift:267:13:267:30 | [...] | string.swift:267:13:267:39 | call to joined(separator:) |
 | string.swift:267:14:267:14 | tainted | string.swift:267:23:267:23 | tainted |
 | string.swift:267:23:267:23 | tainted | string.swift:270:13:270:13 | tainted |
+| string.swift:267:38:267:38 | default separator | string.swift:267:13:267:39 | call to joined(separator:) |
 | string.swift:269:13:269:13 | [post] clean | string.swift:271:13:271:13 | clean |
 | string.swift:269:13:269:13 | clean | string.swift:269:13:269:19 | .description |
 | string.swift:269:13:269:13 | clean | string.swift:271:13:271:13 | clean |
@@ -1352,6 +1364,7 @@
 | string.swift:300:14:300:22 | call to source2() | string.swift:300:7:300:7 | SSA def(str1) |
 | string.swift:301:13:301:13 | [post] str1 | string.swift:302:13:302:13 | str1 |
 | string.swift:301:13:301:13 | str1 | string.swift:302:13:302:13 | str1 |
+| string.swift:302:13:302:13 | &... | string.swift:302:13:302:44 | call to remove(at:) |
 | string.swift:302:13:302:13 | &... | string.swift:302:29:302:29 | str1 |
 | string.swift:302:13:302:13 | [post] &... | string.swift:302:29:302:29 | str1 |
 | string.swift:302:13:302:13 | str1 | string.swift:302:13:302:13 | &... |
@@ -1375,6 +1388,7 @@
 | string.swift:315:14:315:22 | call to source2() | string.swift:315:7:315:7 | SSA def(str4) |
 | string.swift:316:13:316:13 | [post] str4 | string.swift:317:13:317:13 | str4 |
 | string.swift:316:13:316:13 | str4 | string.swift:317:13:317:13 | str4 |
+| string.swift:317:13:317:13 | &... | string.swift:317:13:317:30 | call to removeFirst() |
 | string.swift:317:13:317:13 | &... | string.swift:318:13:318:13 | str4 |
 | string.swift:317:13:317:13 | [post] &... | string.swift:318:13:318:13 | str4 |
 | string.swift:317:13:317:13 | str4 | string.swift:317:13:317:13 | &... |
@@ -1385,6 +1399,7 @@
 | string.swift:319:3:319:3 | str4 | string.swift:319:3:319:3 | &... |
 | string.swift:320:13:320:13 | [post] str4 | string.swift:321:13:321:13 | str4 |
 | string.swift:320:13:320:13 | str4 | string.swift:321:13:321:13 | str4 |
+| string.swift:321:13:321:13 | &... | string.swift:321:13:321:29 | call to removeLast() |
 | string.swift:321:13:321:13 | &... | string.swift:322:13:322:13 | str4 |
 | string.swift:321:13:321:13 | [post] &... | string.swift:322:13:322:13 | str4 |
 | string.swift:321:13:321:13 | str4 | string.swift:321:13:321:13 | &... |
@@ -1691,12 +1706,14 @@
 | string.swift:546:20:546:20 | sub1 | string.swift:546:13:546:24 | call to String.init(_:) |
 | string.swift:548:7:548:7 | SSA def(sub2) | string.swift:549:13:549:13 | sub2 |
 | string.swift:548:14:548:14 | [post] tainted | string.swift:552:14:552:14 | tainted |
+| string.swift:548:14:548:14 | tainted | string.swift:548:14:548:31 | call to prefix(_:) |
 | string.swift:548:14:548:14 | tainted | string.swift:552:14:552:14 | tainted |
 | string.swift:548:14:548:31 | call to prefix(_:) | string.swift:548:7:548:7 | SSA def(sub2) |
 | string.swift:549:13:549:13 | sub2 | string.swift:550:20:550:20 | sub2 |
 | string.swift:550:20:550:20 | sub2 | string.swift:550:13:550:24 | call to String.init(_:) |
 | string.swift:552:7:552:7 | SSA def(sub3) | string.swift:553:13:553:13 | sub3 |
 | string.swift:552:14:552:14 | [post] tainted | string.swift:552:38:552:38 | tainted |
+| string.swift:552:14:552:14 | tainted | string.swift:552:14:552:54 | call to prefix(through:) |
 | string.swift:552:14:552:14 | tainted | string.swift:552:38:552:38 | tainted |
 | string.swift:552:14:552:54 | call to prefix(through:) | string.swift:552:7:552:7 | SSA def(sub3) |
 | string.swift:552:38:552:38 | [post] tainted | string.swift:556:14:556:14 | tainted |
@@ -1705,6 +1722,7 @@
 | string.swift:554:20:554:20 | sub3 | string.swift:554:13:554:24 | call to String.init(_:) |
 | string.swift:556:7:556:7 | SSA def(sub4) | string.swift:557:13:557:13 | sub4 |
 | string.swift:556:14:556:14 | [post] tainted | string.swift:556:35:556:35 | tainted |
+| string.swift:556:14:556:14 | tainted | string.swift:556:14:556:51 | call to prefix(upTo:) |
 | string.swift:556:14:556:14 | tainted | string.swift:556:35:556:35 | tainted |
 | string.swift:556:14:556:51 | call to prefix(upTo:) | string.swift:556:7:556:7 | SSA def(sub4) |
 | string.swift:556:35:556:35 | [post] tainted | string.swift:560:14:560:14 | tainted |
@@ -1713,12 +1731,14 @@
 | string.swift:558:20:558:20 | sub4 | string.swift:558:13:558:24 | call to String.init(_:) |
 | string.swift:560:7:560:7 | SSA def(sub5) | string.swift:561:13:561:13 | sub5 |
 | string.swift:560:14:560:14 | [post] tainted | string.swift:564:14:564:14 | tainted |
+| string.swift:560:14:560:14 | tainted | string.swift:560:14:560:31 | call to suffix(_:) |
 | string.swift:560:14:560:14 | tainted | string.swift:564:14:564:14 | tainted |
 | string.swift:560:14:560:31 | call to suffix(_:) | string.swift:560:7:560:7 | SSA def(sub5) |
 | string.swift:561:13:561:13 | sub5 | string.swift:562:20:562:20 | sub5 |
 | string.swift:562:20:562:20 | sub5 | string.swift:562:13:562:24 | call to String.init(_:) |
 | string.swift:564:7:564:7 | SSA def(sub6) | string.swift:565:13:565:13 | sub6 |
 | string.swift:564:14:564:14 | [post] tainted | string.swift:564:35:564:35 | tainted |
+| string.swift:564:14:564:14 | tainted | string.swift:564:14:564:53 | call to suffix(from:) |
 | string.swift:564:14:564:14 | tainted | string.swift:564:35:564:35 | tainted |
 | string.swift:564:14:564:53 | call to suffix(from:) | string.swift:564:7:564:7 | SSA def(sub6) |
 | string.swift:565:13:565:13 | sub6 | string.swift:566:20:566:20 | sub6 |
--- a/swift/ql/test/library-tests/dataflow/taint/Taint.expected
+++ b/swift/ql/test/library-tests/dataflow/taint/Taint.expected
@@ -173,8 +173,20 @@ edges
 | file://:0:0:0:0 | [summary param] 0 in append(contentsOf:) :  | file://:0:0:0:0 | [summary] to write: argument this in append(contentsOf:) :  |
 | file://:0:0:0:0 | [summary param] 0 in insert(contentsOf:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in insert(contentsOf:at:) :  |
 | file://:0:0:0:0 | [summary param] 0 in write(_:) :  | file://:0:0:0:0 | [summary] to write: argument this in write(_:) :  |
+| file://:0:0:0:0 | [summary param] this in dropFirst(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in dropFirst(_:) :  |
+| file://:0:0:0:0 | [summary param] this in dropLast(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in dropLast(_:) :  |
 | file://:0:0:0:0 | [summary param] this in lowercased() :  | file://:0:0:0:0 | [summary] to write: return (return) in lowercased() :  |
+| file://:0:0:0:0 | [summary param] this in prefix(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(_:) :  |
+| file://:0:0:0:0 | [summary param] this in prefix(through:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(through:) :  |
+| file://:0:0:0:0 | [summary param] this in prefix(upTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(upTo:) :  |
+| file://:0:0:0:0 | [summary param] this in remove(at:) :  | file://:0:0:0:0 | [summary] to write: return (return) in remove(at:) :  |
+| file://:0:0:0:0 | [summary param] this in removeFirst() :  | file://:0:0:0:0 | [summary] to write: return (return) in removeFirst() :  |
+| file://:0:0:0:0 | [summary param] this in removeLast() :  | file://:0:0:0:0 | [summary] to write: return (return) in removeLast() :  |
 | file://:0:0:0:0 | [summary param] this in reversed() :  | file://:0:0:0:0 | [summary] to write: return (return) in reversed() :  |
+| file://:0:0:0:0 | [summary param] this in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  | file://:0:0:0:0 | [summary] to write: return (return) in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  |
+| file://:0:0:0:0 | [summary param] this in split(separator:maxSplits:omittingEmptySubsequences:) :  | file://:0:0:0:0 | [summary] to write: return (return) in split(separator:maxSplits:omittingEmptySubsequences:) :  |
+| file://:0:0:0:0 | [summary param] this in suffix(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in suffix(_:) :  |
+| file://:0:0:0:0 | [summary param] this in suffix(from:) :  | file://:0:0:0:0 | [summary] to write: return (return) in suffix(from:) :  |
 | file://:0:0:0:0 | [summary param] this in uppercased() :  | file://:0:0:0:0 | [summary] to write: return (return) in uppercased() :  |
 | file://:0:0:0:0 | [summary] to write: argument 0.parameter 0 in enumerateBytes(_:) :  | nsdata.swift:110:9:110:9 | bytes :  |
 | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  | url.swift:154:61:154:61 | data :  |
@@ -379,6 +391,8 @@ edges
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:222:28:222:28 | tainted :  |
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:223:46:223:46 | tainted :  |
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:228:31:228:31 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:230:13:230:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:231:13:231:13 | tainted :  |
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:232:13:232:13 | tainted :  |
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:234:13:234:13 | tainted :  |
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:235:13:235:13 | tainted :  |
@@ -386,6 +400,8 @@ edges
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:237:13:237:13 | tainted :  |
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:238:13:238:13 | tainted :  |
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:239:13:239:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:241:13:241:13 | tainted :  |
+| string.swift:212:17:212:25 | call to source2() :  | string.swift:242:13:242:13 | tainted :  |
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:245:13:245:13 | tainted :  |
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:246:13:246:13 | tainted :  |
 | string.swift:212:17:212:25 | call to source2() :  | string.swift:247:13:247:13 | tainted :  |
@@ -425,6 +441,10 @@ edges
 | string.swift:223:46:223:46 | tainted :  | string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) |
 | string.swift:228:31:228:31 | tainted :  | file://:0:0:0:0 | [summary param] 0 in String.init(repeating:count:) :  |
 | string.swift:228:31:228:31 | tainted :  | string.swift:228:13:228:48 | call to String.init(repeating:count:) |
+| string.swift:230:13:230:13 | tainted :  | file://:0:0:0:0 | [summary param] this in dropFirst(_:) :  |
+| string.swift:230:13:230:13 | tainted :  | string.swift:230:13:230:33 | call to dropFirst(_:) |
+| string.swift:231:13:231:13 | tainted :  | file://:0:0:0:0 | [summary param] this in dropLast(_:) :  |
+| string.swift:231:13:231:13 | tainted :  | string.swift:231:13:231:32 | call to dropLast(_:) |
 | string.swift:232:13:232:13 | tainted :  | string.swift:101:3:101:64 | [summary param] this in substring(from:) :  |
 | string.swift:232:13:232:13 | tainted :  | string.swift:232:13:232:55 | call to substring(from:) |
 | string.swift:234:13:234:13 | tainted :  | file://:0:0:0:0 | [summary param] this in lowercased() :  |
@@ -439,6 +459,10 @@ edges
 | string.swift:238:13:238:13 | tainted :  | string.swift:238:13:238:42 | call to capitalized(with:) |
 | string.swift:239:13:239:13 | tainted :  | file://:0:0:0:0 | [summary param] this in reversed() :  |
 | string.swift:239:13:239:13 | tainted :  | string.swift:239:13:239:30 | call to reversed() |
+| string.swift:241:13:241:13 | tainted :  | file://:0:0:0:0 | [summary param] this in split(separator:maxSplits:omittingEmptySubsequences:) :  |
+| string.swift:241:13:241:13 | tainted :  | string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) |
+| string.swift:242:13:242:13 | tainted :  | file://:0:0:0:0 | [summary param] this in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  |
+| string.swift:242:13:242:13 | tainted :  | string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) |
 | string.swift:245:13:245:13 | tainted :  | string.swift:102:3:102:71 | [summary param] this in trimmingCharacters(in:) :  |
 | string.swift:245:13:245:13 | tainted :  | string.swift:245:13:245:68 | call to trimmingCharacters(in:) |
 | string.swift:246:13:246:13 | tainted :  | string.swift:104:3:104:138 | [summary param] this in padding(toLength:withPad:startingAt:) :  |
@@ -472,16 +496,25 @@ edges
 | string.swift:258:13:258:13 | tainted :  | string.swift:109:8:109:8 | self :  |
 | string.swift:258:13:258:13 | tainted :  | string.swift:258:13:258:13 | [post] tainted :  |
 | string.swift:300:14:300:22 | call to source2() :  | string.swift:301:13:301:13 | str1 |
+| string.swift:300:14:300:22 | call to source2() :  | string.swift:302:13:302:13 | &... :  |
 | string.swift:300:14:300:22 | call to source2() :  | string.swift:303:13:303:13 | str1 |
+| string.swift:302:13:302:13 | &... :  | file://:0:0:0:0 | [summary param] this in remove(at:) :  |
+| string.swift:302:13:302:13 | &... :  | string.swift:302:13:302:44 | call to remove(at:) |
 | string.swift:305:14:305:22 | call to source2() :  | string.swift:306:13:306:13 | str2 |
 | string.swift:305:14:305:22 | call to source2() :  | string.swift:308:13:308:13 | str2 |
 | string.swift:310:14:310:22 | call to source2() :  | string.swift:311:13:311:13 | str3 |
 | string.swift:310:14:310:22 | call to source2() :  | string.swift:313:13:313:13 | str3 |
 | string.swift:315:14:315:22 | call to source2() :  | string.swift:316:13:316:13 | str4 |
+| string.swift:315:14:315:22 | call to source2() :  | string.swift:317:13:317:13 | &... :  |
 | string.swift:315:14:315:22 | call to source2() :  | string.swift:318:13:318:13 | str4 |
 | string.swift:315:14:315:22 | call to source2() :  | string.swift:320:13:320:13 | str4 |
+| string.swift:315:14:315:22 | call to source2() :  | string.swift:321:13:321:13 | &... :  |
 | string.swift:315:14:315:22 | call to source2() :  | string.swift:322:13:322:13 | str4 |
 | string.swift:315:14:315:22 | call to source2() :  | string.swift:324:13:324:13 | str4 |
+| string.swift:317:13:317:13 | &... :  | file://:0:0:0:0 | [summary param] this in removeFirst() :  |
+| string.swift:317:13:317:13 | &... :  | string.swift:317:13:317:30 | call to removeFirst() |
+| string.swift:321:13:321:13 | &... :  | file://:0:0:0:0 | [summary param] this in removeLast() :  |
+| string.swift:321:13:321:13 | &... :  | string.swift:321:13:321:29 | call to removeLast() |
 | string.swift:326:14:326:22 | call to source2() :  | string.swift:327:13:327:13 | str5 |
 | string.swift:326:14:326:22 | call to source2() :  | string.swift:329:13:329:13 | str5 |
 | string.swift:331:14:331:22 | call to source2() :  | string.swift:332:13:332:13 | str6 |
@@ -507,8 +540,43 @@ edges
 | string.swift:512:29:512:29 | taintedCCharValues :  | string.swift:512:13:512:47 | call to String.init(cString:) |
 | string.swift:540:17:540:25 | call to source2() :  | string.swift:545:13:545:13 | sub1 |
 | string.swift:540:17:540:25 | call to source2() :  | string.swift:546:20:546:20 | sub1 :  |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:548:14:548:14 | tainted :  |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:552:14:552:14 | tainted :  |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:556:14:556:14 | tainted :  |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:560:14:560:14 | tainted :  |
+| string.swift:540:17:540:25 | call to source2() :  | string.swift:564:14:564:14 | tainted :  |
 | string.swift:546:20:546:20 | sub1 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
 | string.swift:546:20:546:20 | sub1 :  | string.swift:546:13:546:24 | call to String.init(_:) |
+| string.swift:548:14:548:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(_:) :  |
+| string.swift:548:14:548:14 | tainted :  | string.swift:548:14:548:31 | call to prefix(_:) :  |
+| string.swift:548:14:548:31 | call to prefix(_:) :  | string.swift:549:13:549:13 | sub2 |
+| string.swift:548:14:548:31 | call to prefix(_:) :  | string.swift:550:20:550:20 | sub2 :  |
+| string.swift:550:20:550:20 | sub2 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:550:20:550:20 | sub2 :  | string.swift:550:13:550:24 | call to String.init(_:) |
+| string.swift:552:14:552:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(through:) :  |
+| string.swift:552:14:552:14 | tainted :  | string.swift:552:14:552:54 | call to prefix(through:) :  |
+| string.swift:552:14:552:54 | call to prefix(through:) :  | string.swift:553:13:553:13 | sub3 |
+| string.swift:552:14:552:54 | call to prefix(through:) :  | string.swift:554:20:554:20 | sub3 :  |
+| string.swift:554:20:554:20 | sub3 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:554:20:554:20 | sub3 :  | string.swift:554:13:554:24 | call to String.init(_:) |
+| string.swift:556:14:556:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(upTo:) :  |
+| string.swift:556:14:556:14 | tainted :  | string.swift:556:14:556:51 | call to prefix(upTo:) :  |
+| string.swift:556:14:556:51 | call to prefix(upTo:) :  | string.swift:557:13:557:13 | sub4 |
+| string.swift:556:14:556:51 | call to prefix(upTo:) :  | string.swift:558:20:558:20 | sub4 :  |
+| string.swift:558:20:558:20 | sub4 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:558:20:558:20 | sub4 :  | string.swift:558:13:558:24 | call to String.init(_:) |
+| string.swift:560:14:560:14 | tainted :  | file://:0:0:0:0 | [summary param] this in suffix(_:) :  |
+| string.swift:560:14:560:14 | tainted :  | string.swift:560:14:560:31 | call to suffix(_:) :  |
+| string.swift:560:14:560:31 | call to suffix(_:) :  | string.swift:561:13:561:13 | sub5 |
+| string.swift:560:14:560:31 | call to suffix(_:) :  | string.swift:562:20:562:20 | sub5 :  |
+| string.swift:562:20:562:20 | sub5 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:562:20:562:20 | sub5 :  | string.swift:562:13:562:24 | call to String.init(_:) |
+| string.swift:564:14:564:14 | tainted :  | file://:0:0:0:0 | [summary param] this in suffix(from:) :  |
+| string.swift:564:14:564:14 | tainted :  | string.swift:564:14:564:53 | call to suffix(from:) :  |
+| string.swift:564:14:564:53 | call to suffix(from:) :  | string.swift:565:13:565:13 | sub6 |
+| string.swift:564:14:564:53 | call to suffix(from:) :  | string.swift:566:20:566:20 | sub6 :  |
+| string.swift:566:20:566:20 | sub6 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
+| string.swift:566:20:566:20 | sub6 :  | string.swift:566:13:566:24 | call to String.init(_:) |
 | string.swift:622:20:622:27 | call to source() :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  |
 | string.swift:622:20:622:27 | call to source() :  | string.swift:622:13:622:28 | call to String.init(_:) |
 | string.swift:626:32:626:39 | call to source() :  | file://:0:0:0:0 | [summary param] 0 in String.init(describing:) :  |
@@ -988,8 +1056,20 @@ nodes
 | file://:0:0:0:0 | [summary param] 0 in append(contentsOf:) :  | semmle.label | [summary param] 0 in append(contentsOf:) :  |
 | file://:0:0:0:0 | [summary param] 0 in insert(contentsOf:at:) :  | semmle.label | [summary param] 0 in insert(contentsOf:at:) :  |
 | file://:0:0:0:0 | [summary param] 0 in write(_:) :  | semmle.label | [summary param] 0 in write(_:) :  |
+| file://:0:0:0:0 | [summary param] this in dropFirst(_:) :  | semmle.label | [summary param] this in dropFirst(_:) :  |
+| file://:0:0:0:0 | [summary param] this in dropLast(_:) :  | semmle.label | [summary param] this in dropLast(_:) :  |
 | file://:0:0:0:0 | [summary param] this in lowercased() :  | semmle.label | [summary param] this in lowercased() :  |
+| file://:0:0:0:0 | [summary param] this in prefix(_:) :  | semmle.label | [summary param] this in prefix(_:) :  |
+| file://:0:0:0:0 | [summary param] this in prefix(through:) :  | semmle.label | [summary param] this in prefix(through:) :  |
+| file://:0:0:0:0 | [summary param] this in prefix(upTo:) :  | semmle.label | [summary param] this in prefix(upTo:) :  |
+| file://:0:0:0:0 | [summary param] this in remove(at:) :  | semmle.label | [summary param] this in remove(at:) :  |
+| file://:0:0:0:0 | [summary param] this in removeFirst() :  | semmle.label | [summary param] this in removeFirst() :  |
+| file://:0:0:0:0 | [summary param] this in removeLast() :  | semmle.label | [summary param] this in removeLast() :  |
 | file://:0:0:0:0 | [summary param] this in reversed() :  | semmle.label | [summary param] this in reversed() :  |
+| file://:0:0:0:0 | [summary param] this in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  | semmle.label | [summary param] this in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  |
+| file://:0:0:0:0 | [summary param] this in split(separator:maxSplits:omittingEmptySubsequences:) :  | semmle.label | [summary param] this in split(separator:maxSplits:omittingEmptySubsequences:) :  |
+| file://:0:0:0:0 | [summary param] this in suffix(_:) :  | semmle.label | [summary param] this in suffix(_:) :  |
+| file://:0:0:0:0 | [summary param] this in suffix(from:) :  | semmle.label | [summary param] this in suffix(from:) :  |
 | file://:0:0:0:0 | [summary param] this in uppercased() :  | semmle.label | [summary param] this in uppercased() :  |
 | file://:0:0:0:0 | [summary] to write: argument 0 in copyBytes(to:) :  | semmle.label | [summary] to write: argument 0 in copyBytes(to:) :  |
 | file://:0:0:0:0 | [summary] to write: argument 0 in getBytes(_:) :  | semmle.label | [summary] to write: argument 0 in getBytes(_:) :  |
@@ -1086,6 +1166,8 @@ nodes
 | file://:0:0:0:0 | [summary] to write: return (return) in compressed(using:) :  | semmle.label | [summary] to write: return (return) in compressed(using:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in dataWithContentsOfMappedFile(_:) :  | semmle.label | [summary] to write: return (return) in dataWithContentsOfMappedFile(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in decompressed(using:) :  | semmle.label | [summary] to write: return (return) in decompressed(using:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in dropFirst(_:) :  | semmle.label | [summary] to write: return (return) in dropFirst(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in dropLast(_:) :  | semmle.label | [summary] to write: return (return) in dropLast(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in flatMap(_:) :  | semmle.label | [summary] to write: return (return) in flatMap(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in flatMap(_:) :  | semmle.label | [summary] to write: return (return) in flatMap(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in folding(options:locale:) :  | semmle.label | [summary] to write: return (return) in folding(options:locale:) :  |
@@ -1095,16 +1177,26 @@ nodes
 | file://:0:0:0:0 | [summary] to write: return (return) in lowercased(with:) :  | semmle.label | [summary] to write: return (return) in lowercased(with:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in map(_:) :  | semmle.label | [summary] to write: return (return) in map(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in padding(toLength:withPad:startingAt:) :  | semmle.label | [summary] to write: return (return) in padding(toLength:withPad:startingAt:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in prefix(_:) :  | semmle.label | [summary] to write: return (return) in prefix(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in prefix(through:) :  | semmle.label | [summary] to write: return (return) in prefix(through:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in prefix(upTo:) :  | semmle.label | [summary] to write: return (return) in prefix(upTo:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in propertyListFromStringsFileFormat() :  | semmle.label | [summary] to write: return (return) in propertyListFromStringsFileFormat() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in reduce(into:_:) :  | semmle.label | [summary] to write: return (return) in reduce(into:_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in remove(at:) :  | semmle.label | [summary] to write: return (return) in remove(at:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in removeFirst() :  | semmle.label | [summary] to write: return (return) in removeFirst() :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in removeLast() :  | semmle.label | [summary] to write: return (return) in removeLast() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in reversed() :  | semmle.label | [summary] to write: return (return) in reversed() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in shuffled() :  | semmle.label | [summary] to write: return (return) in shuffled() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in shuffled(using:) :  | semmle.label | [summary] to write: return (return) in shuffled(using:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in sorted() :  | semmle.label | [summary] to write: return (return) in sorted() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in sorted(by:) :  | semmle.label | [summary] to write: return (return) in sorted(by:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in sorted(using:) :  | semmle.label | [summary] to write: return (return) in sorted(using:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  | semmle.label | [summary] to write: return (return) in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in split(separator:maxSplits:omittingEmptySubsequences:) :  | semmle.label | [summary] to write: return (return) in split(separator:maxSplits:omittingEmptySubsequences:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in subdata(with:) :  | semmle.label | [summary] to write: return (return) in subdata(with:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in substring(from:) :  | semmle.label | [summary] to write: return (return) in substring(from:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in suffix(_:) :  | semmle.label | [summary] to write: return (return) in suffix(_:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in suffix(from:) :  | semmle.label | [summary] to write: return (return) in suffix(from:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toArray() :  | semmle.label | [summary] to write: return (return) in toArray() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toBool() :  | semmle.label | [summary] to write: return (return) in toBool() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in toDate() :  | semmle.label | [summary] to write: return (return) in toDate() :  |
@@ -1330,6 +1422,10 @@ nodes
 | string.swift:223:46:223:46 | tainted :  | semmle.label | tainted :  |
 | string.swift:228:13:228:48 | call to String.init(repeating:count:) | semmle.label | call to String.init(repeating:count:) |
 | string.swift:228:31:228:31 | tainted :  | semmle.label | tainted :  |
+| string.swift:230:13:230:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:230:13:230:33 | call to dropFirst(_:) | semmle.label | call to dropFirst(_:) |
+| string.swift:231:13:231:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:231:13:231:32 | call to dropLast(_:) | semmle.label | call to dropLast(_:) |
 | string.swift:232:13:232:13 | tainted :  | semmle.label | tainted :  |
 | string.swift:232:13:232:55 | call to substring(from:) | semmle.label | call to substring(from:) |
 | string.swift:234:13:234:13 | tainted :  | semmle.label | tainted :  |
@@ -1344,6 +1440,10 @@ nodes
 | string.swift:238:13:238:42 | call to capitalized(with:) | semmle.label | call to capitalized(with:) |
 | string.swift:239:13:239:13 | tainted :  | semmle.label | tainted :  |
 | string.swift:239:13:239:30 | call to reversed() | semmle.label | call to reversed() |
+| string.swift:241:13:241:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) | semmle.label | call to split(separator:maxSplits:omittingEmptySubsequences:) |
+| string.swift:242:13:242:13 | tainted :  | semmle.label | tainted :  |
+| string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) | semmle.label | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) |
 | string.swift:245:13:245:13 | tainted :  | semmle.label | tainted :  |
 | string.swift:245:13:245:68 | call to trimmingCharacters(in:) | semmle.label | call to trimmingCharacters(in:) |
 | string.swift:246:13:246:13 | tainted :  | semmle.label | tainted :  |
@@ -1378,6 +1478,8 @@ nodes
 | string.swift:296:13:296:44 | ...! | semmle.label | ...! |
 | string.swift:300:14:300:22 | call to source2() :  | semmle.label | call to source2() :  |
 | string.swift:301:13:301:13 | str1 | semmle.label | str1 |
+| string.swift:302:13:302:13 | &... :  | semmle.label | &... :  |
+| string.swift:302:13:302:44 | call to remove(at:) | semmle.label | call to remove(at:) |
 | string.swift:303:13:303:13 | str1 | semmle.label | str1 |
 | string.swift:305:14:305:22 | call to source2() :  | semmle.label | call to source2() :  |
 | string.swift:306:13:306:13 | str2 | semmle.label | str2 |
@@ -1387,8 +1489,12 @@ nodes
 | string.swift:313:13:313:13 | str3 | semmle.label | str3 |
 | string.swift:315:14:315:22 | call to source2() :  | semmle.label | call to source2() :  |
 | string.swift:316:13:316:13 | str4 | semmle.label | str4 |
+| string.swift:317:13:317:13 | &... :  | semmle.label | &... :  |
+| string.swift:317:13:317:30 | call to removeFirst() | semmle.label | call to removeFirst() |
 | string.swift:318:13:318:13 | str4 | semmle.label | str4 |
 | string.swift:320:13:320:13 | str4 | semmle.label | str4 |
+| string.swift:321:13:321:13 | &... :  | semmle.label | &... :  |
+| string.swift:321:13:321:29 | call to removeLast() | semmle.label | call to removeLast() |
 | string.swift:322:13:322:13 | str4 | semmle.label | str4 |
 | string.swift:324:13:324:13 | str4 | semmle.label | str4 |
 | string.swift:326:14:326:22 | call to source2() :  | semmle.label | call to source2() :  |
@@ -1420,6 +1526,31 @@ nodes
 | string.swift:545:13:545:13 | sub1 | semmle.label | sub1 |
 | string.swift:546:13:546:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
 | string.swift:546:20:546:20 | sub1 :  | semmle.label | sub1 :  |
+| string.swift:548:14:548:14 | tainted :  | semmle.label | tainted :  |
+| string.swift:548:14:548:31 | call to prefix(_:) :  | semmle.label | call to prefix(_:) :  |
+| string.swift:549:13:549:13 | sub2 | semmle.label | sub2 |
+| string.swift:550:13:550:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:550:20:550:20 | sub2 :  | semmle.label | sub2 :  |
+| string.swift:552:14:552:14 | tainted :  | semmle.label | tainted :  |
+| string.swift:552:14:552:54 | call to prefix(through:) :  | semmle.label | call to prefix(through:) :  |
+| string.swift:553:13:553:13 | sub3 | semmle.label | sub3 |
+| string.swift:554:13:554:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:554:20:554:20 | sub3 :  | semmle.label | sub3 :  |
+| string.swift:556:14:556:14 | tainted :  | semmle.label | tainted :  |
+| string.swift:556:14:556:51 | call to prefix(upTo:) :  | semmle.label | call to prefix(upTo:) :  |
+| string.swift:557:13:557:13 | sub4 | semmle.label | sub4 |
+| string.swift:558:13:558:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:558:20:558:20 | sub4 :  | semmle.label | sub4 :  |
+| string.swift:560:14:560:14 | tainted :  | semmle.label | tainted :  |
+| string.swift:560:14:560:31 | call to suffix(_:) :  | semmle.label | call to suffix(_:) :  |
+| string.swift:561:13:561:13 | sub5 | semmle.label | sub5 |
+| string.swift:562:13:562:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:562:20:562:20 | sub5 :  | semmle.label | sub5 :  |
+| string.swift:564:14:564:14 | tainted :  | semmle.label | tainted :  |
+| string.swift:564:14:564:53 | call to suffix(from:) :  | semmle.label | call to suffix(from:) :  |
+| string.swift:565:13:565:13 | sub6 | semmle.label | sub6 |
+| string.swift:566:13:566:24 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| string.swift:566:20:566:20 | sub6 :  | semmle.label | sub6 :  |
 | string.swift:622:13:622:28 | call to String.init(_:) | semmle.label | call to String.init(_:) |
 | string.swift:622:20:622:27 | call to source() :  | semmle.label | call to source() :  |
 | string.swift:626:13:626:40 | call to String.init(describing:) | semmle.label | call to String.init(describing:) |
@@ -1746,6 +1877,8 @@ subpaths
 | string.swift:222:28:222:28 | tainted :  | string.swift:67:3:67:77 | [summary param] 0 in String.init(format:locale:arguments:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(format:locale:arguments:) :  | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) |
 | string.swift:223:46:223:46 | tainted :  | string.swift:69:3:69:106 | [summary param] 0 in localizedStringWithFormat(_:_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in localizedStringWithFormat(_:_:) :  | string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) |
 | string.swift:228:31:228:31 | tainted :  | file://:0:0:0:0 | [summary param] 0 in String.init(repeating:count:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(repeating:count:) :  | string.swift:228:13:228:48 | call to String.init(repeating:count:) |
+| string.swift:230:13:230:13 | tainted :  | file://:0:0:0:0 | [summary param] this in dropFirst(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in dropFirst(_:) :  | string.swift:230:13:230:33 | call to dropFirst(_:) |
+| string.swift:231:13:231:13 | tainted :  | file://:0:0:0:0 | [summary param] this in dropLast(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in dropLast(_:) :  | string.swift:231:13:231:32 | call to dropLast(_:) |
 | string.swift:232:13:232:13 | tainted :  | string.swift:101:3:101:64 | [summary param] this in substring(from:) :  | file://:0:0:0:0 | [summary] to write: return (return) in substring(from:) :  | string.swift:232:13:232:55 | call to substring(from:) |
 | string.swift:234:13:234:13 | tainted :  | file://:0:0:0:0 | [summary param] this in lowercased() :  | file://:0:0:0:0 | [summary] to write: return (return) in lowercased() :  | string.swift:234:13:234:32 | call to lowercased() |
 | string.swift:235:13:235:13 | tainted :  | file://:0:0:0:0 | [summary param] this in uppercased() :  | file://:0:0:0:0 | [summary] to write: return (return) in uppercased() :  | string.swift:235:13:235:32 | call to uppercased() |
@@ -1753,6 +1886,8 @@ subpaths
 | string.swift:237:13:237:13 | tainted :  | string.swift:99:3:99:63 | [summary param] this in uppercased(with:) :  | file://:0:0:0:0 | [summary] to write: return (return) in uppercased(with:) :  | string.swift:237:13:237:41 | call to uppercased(with:) |
 | string.swift:238:13:238:13 | tainted :  | string.swift:100:3:100:64 | [summary param] this in capitalized(with:) :  | file://:0:0:0:0 | [summary] to write: return (return) in capitalized(with:) :  | string.swift:238:13:238:42 | call to capitalized(with:) |
 | string.swift:239:13:239:13 | tainted :  | file://:0:0:0:0 | [summary param] this in reversed() :  | file://:0:0:0:0 | [summary] to write: return (return) in reversed() :  | string.swift:239:13:239:30 | call to reversed() |
+| string.swift:241:13:241:13 | tainted :  | file://:0:0:0:0 | [summary param] this in split(separator:maxSplits:omittingEmptySubsequences:) :  | file://:0:0:0:0 | [summary] to write: return (return) in split(separator:maxSplits:omittingEmptySubsequences:) :  | string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) |
+| string.swift:242:13:242:13 | tainted :  | file://:0:0:0:0 | [summary param] this in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  | file://:0:0:0:0 | [summary] to write: return (return) in split(maxSplits:omittingEmptySubsequences:whereSeparator:) :  | string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) |
 | string.swift:245:13:245:13 | tainted :  | string.swift:102:3:102:71 | [summary param] this in trimmingCharacters(in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in trimmingCharacters(in:) :  | string.swift:245:13:245:68 | call to trimmingCharacters(in:) |
 | string.swift:246:13:246:13 | tainted :  | string.swift:104:3:104:138 | [summary param] this in padding(toLength:withPad:startingAt:) :  | file://:0:0:0:0 | [summary] to write: return (return) in padding(toLength:withPad:startingAt:) :  | string.swift:246:13:246:70 | call to padding(toLength:withPad:startingAt:) |
 | string.swift:247:13:247:13 | tainted :  | string.swift:105:3:105:80 | [summary param] this in components(separatedBy:) :  | file://:0:0:0:0 | [summary] to write: return (return) in components(separatedBy:) :  | string.swift:247:13:247:69 | call to components(separatedBy:) |
@@ -1761,6 +1896,9 @@ subpaths
 | string.swift:250:13:250:13 | tainted :  | string.swift:107:3:107:78 | [summary param] this in propertyListFromStringsFileFormat() :  | file://:0:0:0:0 | [summary] to write: return (return) in propertyListFromStringsFileFormat() :  | string.swift:250:13:250:55 | call to propertyListFromStringsFileFormat() |
 | string.swift:251:13:251:13 | tainted :  | string.swift:107:3:107:78 | [summary param] this in propertyListFromStringsFileFormat() :  | file://:0:0:0:0 | [summary] to write: return (return) in propertyListFromStringsFileFormat() :  | string.swift:251:13:251:55 | call to propertyListFromStringsFileFormat() :  |
 | string.swift:258:13:258:13 | tainted :  | string.swift:109:8:109:8 | self :  | string.swift:109:3:109:79 | self[return] :  | string.swift:258:13:258:13 | [post] tainted :  |
+| string.swift:302:13:302:13 | &... :  | file://:0:0:0:0 | [summary param] this in remove(at:) :  | file://:0:0:0:0 | [summary] to write: return (return) in remove(at:) :  | string.swift:302:13:302:44 | call to remove(at:) |
+| string.swift:317:13:317:13 | &... :  | file://:0:0:0:0 | [summary param] this in removeFirst() :  | file://:0:0:0:0 | [summary] to write: return (return) in removeFirst() :  | string.swift:317:13:317:30 | call to removeFirst() |
+| string.swift:321:13:321:13 | &... :  | file://:0:0:0:0 | [summary param] this in removeLast() :  | file://:0:0:0:0 | [summary] to write: return (return) in removeLast() :  | string.swift:321:13:321:29 | call to removeLast() |
 | string.swift:341:36:341:44 | call to source3() :  | string.swift:60:2:60:54 | [summary param] 0 in String.init(data:encoding:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(data:encoding:) :  | string.swift:341:23:341:77 | call to String.init(data:encoding:) :  |
 | string.swift:347:30:347:38 | call to source3() :  | file://:0:0:0:0 | [summary param] 0 in String.init(decoding:as:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(decoding:as:) :  | string.swift:347:13:347:54 | call to String.init(decoding:as:) |
 | string.swift:389:22:389:22 | tainted :  | string.swift:108:3:108:74 | [summary param] this in cString(using:) :  | file://:0:0:0:0 | [summary] to write: return (return) in cString(using:) :  | string.swift:389:22:389:65 | call to cString(using:) :  |
@@ -1768,6 +1906,16 @@ subpaths
 | string.swift:459:29:459:29 | taintedUInt8Values :  | file://:0:0:0:0 | [summary param] 0 in String.init(cString:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) :  | string.swift:459:13:459:47 | call to String.init(cString:) |
 | string.swift:512:29:512:29 | taintedCCharValues :  | file://:0:0:0:0 | [summary param] 0 in String.init(cString:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(cString:) :  | string.swift:512:13:512:47 | call to String.init(cString:) |
 | string.swift:546:20:546:20 | sub1 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:546:13:546:24 | call to String.init(_:) |
+| string.swift:548:14:548:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(_:) :  | string.swift:548:14:548:31 | call to prefix(_:) :  |
+| string.swift:550:20:550:20 | sub2 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:550:13:550:24 | call to String.init(_:) |
+| string.swift:552:14:552:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(through:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(through:) :  | string.swift:552:14:552:54 | call to prefix(through:) :  |
+| string.swift:554:20:554:20 | sub3 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:554:13:554:24 | call to String.init(_:) |
+| string.swift:556:14:556:14 | tainted :  | file://:0:0:0:0 | [summary param] this in prefix(upTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in prefix(upTo:) :  | string.swift:556:14:556:51 | call to prefix(upTo:) :  |
+| string.swift:558:20:558:20 | sub4 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:558:13:558:24 | call to String.init(_:) |
+| string.swift:560:14:560:14 | tainted :  | file://:0:0:0:0 | [summary param] this in suffix(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in suffix(_:) :  | string.swift:560:14:560:31 | call to suffix(_:) :  |
+| string.swift:562:20:562:20 | sub5 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:562:13:562:24 | call to String.init(_:) |
+| string.swift:564:14:564:14 | tainted :  | file://:0:0:0:0 | [summary param] this in suffix(from:) :  | file://:0:0:0:0 | [summary] to write: return (return) in suffix(from:) :  | string.swift:564:14:564:53 | call to suffix(from:) :  |
+| string.swift:566:20:566:20 | sub6 :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:566:13:566:24 | call to String.init(_:) |
 | string.swift:622:20:622:27 | call to source() :  | file://:0:0:0:0 | [summary param] 0 in String.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(_:) :  | string.swift:622:13:622:28 | call to String.init(_:) |
 | string.swift:626:32:626:39 | call to source() :  | file://:0:0:0:0 | [summary param] 0 in String.init(describing:) :  | file://:0:0:0:0 | [summary] to write: return (return) in String.init(describing:) :  | string.swift:626:13:626:40 | call to String.init(describing:) |
 | ui.swift:55:10:55:10 | tainted :  | ui.swift:16:9:16:9 | self :  | file://:0:0:0:0 | .url :  | ui.swift:55:10:55:18 | .url |
@@ -1930,6 +2078,8 @@ subpaths
 | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:222:13:222:63 | call to String.init(format:locale:arguments:) | result |
 | string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:223:13:223:62 | call to localizedStringWithFormat(_:_:) | result |
 | string.swift:228:13:228:48 | call to String.init(repeating:count:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:228:13:228:48 | call to String.init(repeating:count:) | result |
+| string.swift:230:13:230:33 | call to dropFirst(_:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:230:13:230:33 | call to dropFirst(_:) | result |
+| string.swift:231:13:231:32 | call to dropLast(_:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:231:13:231:32 | call to dropLast(_:) | result |
 | string.swift:232:13:232:55 | call to substring(from:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:232:13:232:55 | call to substring(from:) | result |
 | string.swift:234:13:234:32 | call to lowercased() | string.swift:212:17:212:25 | call to source2() :  | string.swift:234:13:234:32 | call to lowercased() | result |
 | string.swift:235:13:235:32 | call to uppercased() | string.swift:212:17:212:25 | call to source2() :  | string.swift:235:13:235:32 | call to uppercased() | result |
@@ -1937,6 +2087,8 @@ subpaths
 | string.swift:237:13:237:41 | call to uppercased(with:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:237:13:237:41 | call to uppercased(with:) | result |
 | string.swift:238:13:238:42 | call to capitalized(with:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:238:13:238:42 | call to capitalized(with:) | result |
 | string.swift:239:13:239:30 | call to reversed() | string.swift:212:17:212:25 | call to source2() :  | string.swift:239:13:239:30 | call to reversed() | result |
+| string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) | result |
+| string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) | result |
 | string.swift:245:13:245:68 | call to trimmingCharacters(in:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:245:13:245:68 | call to trimmingCharacters(in:) | result |
 | string.swift:246:13:246:70 | call to padding(toLength:withPad:startingAt:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:246:13:246:70 | call to padding(toLength:withPad:startingAt:) | result |
 | string.swift:247:13:247:69 | call to components(separatedBy:) | string.swift:212:17:212:25 | call to source2() :  | string.swift:247:13:247:69 | call to components(separatedBy:) | result |
@@ -1959,14 +2111,17 @@ subpaths
 | string.swift:294:13:294:21 | .precomposedStringWithCompatibilityMapping | string.swift:212:17:212:25 | call to source2() :  | string.swift:294:13:294:21 | .precomposedStringWithCompatibilityMapping | result |
 | string.swift:296:13:296:44 | ...! | string.swift:212:17:212:25 | call to source2() :  | string.swift:296:13:296:44 | ...! | result |
 | string.swift:301:13:301:13 | str1 | string.swift:300:14:300:22 | call to source2() :  | string.swift:301:13:301:13 | str1 | result |
+| string.swift:302:13:302:44 | call to remove(at:) | string.swift:300:14:300:22 | call to source2() :  | string.swift:302:13:302:44 | call to remove(at:) | result |
 | string.swift:303:13:303:13 | str1 | string.swift:300:14:300:22 | call to source2() :  | string.swift:303:13:303:13 | str1 | result |
 | string.swift:306:13:306:13 | str2 | string.swift:305:14:305:22 | call to source2() :  | string.swift:306:13:306:13 | str2 | result |
 | string.swift:308:13:308:13 | str2 | string.swift:305:14:305:22 | call to source2() :  | string.swift:308:13:308:13 | str2 | result |
 | string.swift:311:13:311:13 | str3 | string.swift:310:14:310:22 | call to source2() :  | string.swift:311:13:311:13 | str3 | result |
 | string.swift:313:13:313:13 | str3 | string.swift:310:14:310:22 | call to source2() :  | string.swift:313:13:313:13 | str3 | result |
 | string.swift:316:13:316:13 | str4 | string.swift:315:14:315:22 | call to source2() :  | string.swift:316:13:316:13 | str4 | result |
+| string.swift:317:13:317:30 | call to removeFirst() | string.swift:315:14:315:22 | call to source2() :  | string.swift:317:13:317:30 | call to removeFirst() | result |
 | string.swift:318:13:318:13 | str4 | string.swift:315:14:315:22 | call to source2() :  | string.swift:318:13:318:13 | str4 | result |
 | string.swift:320:13:320:13 | str4 | string.swift:315:14:315:22 | call to source2() :  | string.swift:320:13:320:13 | str4 | result |
+| string.swift:321:13:321:29 | call to removeLast() | string.swift:315:14:315:22 | call to source2() :  | string.swift:321:13:321:29 | call to removeLast() | result |
 | string.swift:322:13:322:13 | str4 | string.swift:315:14:315:22 | call to source2() :  | string.swift:322:13:322:13 | str4 | result |
 | string.swift:324:13:324:13 | str4 | string.swift:315:14:315:22 | call to source2() :  | string.swift:324:13:324:13 | str4 | result |
 | string.swift:327:13:327:13 | str5 | string.swift:326:14:326:22 | call to source2() :  | string.swift:327:13:327:13 | str5 | result |
@@ -1982,6 +2137,16 @@ subpaths
 | string.swift:542:13:542:21 | call to source7() | string.swift:542:13:542:21 | call to source7() | string.swift:542:13:542:21 | call to source7() | result |
 | string.swift:545:13:545:13 | sub1 | string.swift:540:17:540:25 | call to source2() :  | string.swift:545:13:545:13 | sub1 | result |
 | string.swift:546:13:546:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:546:13:546:24 | call to String.init(_:) | result |
+| string.swift:549:13:549:13 | sub2 | string.swift:540:17:540:25 | call to source2() :  | string.swift:549:13:549:13 | sub2 | result |
+| string.swift:550:13:550:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:550:13:550:24 | call to String.init(_:) | result |
+| string.swift:553:13:553:13 | sub3 | string.swift:540:17:540:25 | call to source2() :  | string.swift:553:13:553:13 | sub3 | result |
+| string.swift:554:13:554:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:554:13:554:24 | call to String.init(_:) | result |
+| string.swift:557:13:557:13 | sub4 | string.swift:540:17:540:25 | call to source2() :  | string.swift:557:13:557:13 | sub4 | result |
+| string.swift:558:13:558:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:558:13:558:24 | call to String.init(_:) | result |
+| string.swift:561:13:561:13 | sub5 | string.swift:540:17:540:25 | call to source2() :  | string.swift:561:13:561:13 | sub5 | result |
+| string.swift:562:13:562:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:562:13:562:24 | call to String.init(_:) | result |
+| string.swift:565:13:565:13 | sub6 | string.swift:540:17:540:25 | call to source2() :  | string.swift:565:13:565:13 | sub6 | result |
+| string.swift:566:13:566:24 | call to String.init(_:) | string.swift:540:17:540:25 | call to source2() :  | string.swift:566:13:566:24 | call to String.init(_:) | result |
 | string.swift:622:13:622:28 | call to String.init(_:) | string.swift:622:20:622:27 | call to source() :  | string.swift:622:13:622:28 | call to String.init(_:) | result |
 | string.swift:626:13:626:40 | call to String.init(describing:) | string.swift:626:32:626:39 | call to source() :  | string.swift:626:13:626:40 | call to String.init(describing:) | result |
 | subscript.swift:13:15:13:25 | ...[...] | subscript.swift:13:15:13:22 | call to source() :  | subscript.swift:13:15:13:25 | ...[...] | result |
--- a/swift/ql/test/library-tests/dataflow/taint/string.swift
+++ b/swift/ql/test/library-tests/dataflow/taint/string.swift
@@ -238,8 +238,8 @@ func taintThroughSimpleStringOperations() {
  sink(arg: tainted.capitalized(with: nil)) // $ tainted=212
  sink(arg: tainted.reversed()) // $ tainted=212

-  sink(arg: tainted.split(separator: ",")) // $ MISSING: tainted=212
-  sink(arg: tainted.split(whereSeparator: { // $ MISSING: tainted=212
+  sink(arg: tainted.split(separator: ",")) // $ tainted=212
+  sink(arg: tainted.split(whereSeparator: { // $ tainted=212
    c in return (c == ",")
  }))
  sink(arg: tainted.trimmingCharacters(in: CharacterSet.whitespaces)) // $ tainted=212
@@ -299,7 +299,7 @@ func taintThroughSimpleStringOperations() {
 func taintThroughMutatingStringOperations() {
  var str1 = source2()
  sink(arg: str1) // $ tainted=300
-  sink(arg: str1.remove(at: str1.startIndex)) // $ MISSING: tainted=300
+  sink(arg: str1.remove(at: str1.startIndex)) // $ tainted=300
  sink(arg: str1) // $ tainted=300

  var str2 = source2()
@@ -314,11 +314,11 @@ func taintThroughMutatingStringOperations() {

  var str4 = source2()
  sink(arg: str4) // $ tainted=315
-  sink(arg: str4.removeFirst()) // $ MISSING: tainted=315
+  sink(arg: str4.removeFirst()) // $ tainted=315
  sink(arg: str4) // $ tainted=315
  str4.removeFirst(5)
  sink(arg: str4) // $ tainted=315
-  sink(arg: str4.removeLast()) // $ MISSING: tainted=315
+  sink(arg: str4.removeLast()) // $ tainted=315
  sink(arg: str4) // $ tainted=315
  str4.removeLast(5)
  sink(arg: str4) // $ tainted=315
@@ -546,24 +546,24 @@ func taintThroughSubstring() {
  sink(arg: String(sub1)) // $ tainted=540

  let sub2 = tainted.prefix(10)
-  sink(arg: sub2) // $ MISSING: tainted=540
-  sink(arg: String(sub2)) // $ MISSING: tainted=540
+  sink(arg: sub2) // $ tainted=540
+  sink(arg: String(sub2)) // $ tainted=540

  let sub3 = tainted.prefix(through: tainted.endIndex)
-  sink(arg: sub3) // $ MISSING: tainted=540
-  sink(arg: String(sub3)) // $ MISSING: tainted=540
+  sink(arg: sub3) // $ tainted=540
+  sink(arg: String(sub3)) // $ tainted=540

  let sub4 = tainted.prefix(upTo: tainted.endIndex)
-  sink(arg: sub4) // $ MISSING: tainted=540
-  sink(arg: String(sub4)) // $ MISSING: tainted=540
+  sink(arg: sub4) // $ tainted=540
+  sink(arg: String(sub4)) // $ tainted=540

  let sub5 = tainted.suffix(10)
-  sink(arg: sub5) // $ MISSING: tainted=540
-  sink(arg: String(sub5)) // $ MISSING: tainted=540
+  sink(arg: sub5) // $ tainted=540
+  sink(arg: String(sub5)) // $ tainted=540

  let sub6 = tainted.suffix(from: tainted.startIndex)
-  sink(arg: sub6) // $ MISSING: tainted=540
-  sink(arg: String(sub6)) // $ MISSING: tainted=540
+  sink(arg: sub6) // $ tainted=540
+  sink(arg: String(sub6)) // $ tainted=540
 }

 func taintedThroughFilePath() {