hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10157 from MathiasVP/swift-field-flow-2

Browse Source 
Swift: Add field flow
This commit is contained in:
Mathias Vorreiter Pedersen
2022-08-31 10:42:00 +01:00
committed by GitHub
parent 1f0ca6b02a a4209df239
commit f846c262dc
14 changed files with 523 additions and 309 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
swift/ql/lib/codeql/swift/dataflow/Ssa.qll
View File

@@ -81,20 +81,6 @@ module Ssa {
value.(PropertyGetterCfgNode).getRef() = init
)
}
cached
predicate isInoutDef(ExprCfgNode argument) {
// TODO: This should probably not be only `ExprCfgNode`s.
exists(
ApplyExpr c, BasicBlock bb, int blockIndex, VarDecl v, InOutExpr argExpr // TODO: use CFG node for assignment expr
|
this.definesAt(v, bb, blockIndex) and
bb.getNode(blockIndex).getNode().asAstNode() = c and
[c.getAnArgument().getExpr(), c.getQualifier()] = argExpr and
argExpr = argument.getNode().asAstNode() and
argExpr.getSubExpr() = v.getAnAccess() // TODO: fields?
)
}
}
cached

159
swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
View File

@@ -63,17 +63,26 @@ private module Cached {
newtype TNode =
TExprNode(CfgNode n, Expr e) { hasExprNode(n, e) } or
TSsaDefinitionNode(Ssa::Definition def) or
TInoutReturnNode(ParamDecl param) { param.isInout() } or
TInOutUpdateNode(Argument arg) { arg.getExpr() instanceof InOutExpr } or
TSummaryNode(FlowSummary::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNodeState state)
private predicate hasExprNode(CfgNode n, Expr e) {
n.(ExprCfgNode).getExpr() = e
or
n.(PropertyGetterCfgNode).getRef() = e
or
n.(PropertySetterCfgNode).getAssignExpr() = e
}
TInoutReturnNode(ParamDecl param) { modifiableParam(param) } or
TSummaryNode(FlowSummary::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNodeState state) or
TExprPostUpdateNode(CfgNode n) {
// Obviously, the base of setters needs a post-update node
n = any(PropertySetterCfgNode setter).getBase()
or
// The base of getters and observers needs a post-update node to support reverse reads.
n = any(PropertyGetterCfgNode getter).getBase()
or
n = any(PropertyObserverCfgNode getter).getBase()
or
// Arguments that are `inout` expressions needs a post-update node,
// as well as any class-like argument (since a field can be modified).
// Finally, qualifiers and bases of member reference need post-update nodes to support reverse reads.
hasExprNode(n,
[
any(Argument arg | modifiable(arg)).getExpr(), any(MemberRefExpr ref).getBase(),
any(ApplyExpr apply).getQualifier()
])
}
private predicate localSsaFlowStepUseUse(Ssa::Definition def, Node nodeFrom, Node nodeTo) {
def.adjacentReadPair(nodeFrom.getCfgNode(), nodeTo.getCfgNode()) and
@@ -102,18 +111,12 @@ private module Cached {
// use-use flow
localSsaFlowStepUseUse(def, nodeFrom, nodeTo)
or
//localSsaFlowStepUseUse(def, nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo)
//or
localSsaFlowStepUseUse(def, nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo)
or
// step from previous read to Phi node
localFlowSsaInput(nodeFrom, def, nodeTo.asDefinition())
)
or
// flow through writes to inout parameters
exists(ParamReturnKind kind, ExprCfgNode arg |
arg = nodeFrom.(InOutUpdateNode).getCall(kind).asCall().getArgument(kind.getIndex()) and
nodeTo.asDefinition().(Ssa::WriteDefinition).isInoutDef(arg)
)
or
// flow through `&` (inout argument)
nodeFrom.asExpr() = nodeTo.asExpr().(InOutExpr).getSubExpr()
or
@@ -138,10 +141,36 @@ private module Cached {
predicate localFlowStepImpl(Node nodeFrom, Node nodeTo) { localFlowStepCommon(nodeFrom, nodeTo) }
cached
newtype TContentSet = TODO_TContentSet()
newtype TContentSet = TSingletonContent(Content c)
cached
newtype TContent = TODO_Content()
newtype TContent = TFieldContent(FieldDecl f)
}
/**
* Holds if `arg` can be modified (by overwriting the content completely),
* or if any of its fields can be overwritten by a function call.
*/
private predicate modifiable(Argument arg) {
arg.getExpr() instanceof InOutExpr
or
arg.getExpr().getType() instanceof NominalType
}
predicate modifiableParam(ParamDecl param) {
param.isInout()
or
param instanceof SelfParamDecl
}
private predicate hasExprNode(CfgNode n, Expr e) {
n.(ExprCfgNode).getExpr() = e
or
n.(PropertyGetterCfgNode).getRef() = e
or
n.(PropertySetterCfgNode).getAssignExpr() = e
or
n.(PropertyObserverCfgNode).getAssignExpr() = e
}
import Cached
@@ -341,23 +370,57 @@ private module OutNodes {
}
}
class InOutUpdateNode extends OutNode, TInOutUpdateNode, NodeImpl {
class InOutUpdateArgNode extends OutNode, ExprPostUpdateNode {
Argument arg;
InOutUpdateNode() { this = TInOutUpdateNode(arg) }
InOutUpdateArgNode() {
modifiable(arg) and
hasExprNode(n, arg.getExpr())
}
override DataFlowCall getCall(ReturnKind kind) {
result.asCall().getExpr() = arg.getApplyExpr() and
result.getAnArgument() = n and
kind.(ParamReturnKind).getIndex() = arg.getIndex()
}
}
override DataFlowCallable getEnclosingCallable() {
result = this.getCall(_).getEnclosingCallable()
class InOutUpdateQualifierNode extends OutNode, ExprPostUpdateNode {
InOutUpdateQualifierNode() { hasExprNode(n, any(ApplyExpr apply).getQualifier()) }
override DataFlowCall getCall(ReturnKind kind) {
result.getAnArgument() = n and
kind.(ParamReturnKind).getIndex() = -1
}
}
override Location getLocationImpl() { result = arg.getLocation() }
class PropertySetterOutNode extends OutNode, ExprNodeImpl {
PropertySetterCfgNode setter;
override string toStringImpl() { result = arg.toString() }
PropertySetterOutNode() { setter = this.getCfgNode() }
override DataFlowCall getCall(ReturnKind kind) {
result.(PropertySetterCall).getSetter() = setter and kind.(ParamReturnKind).getIndex() = -1
}
}
class PropertyGetterOutNode extends OutNode, ExprNodeImpl {
PropertyGetterCfgNode getter;
PropertyGetterOutNode() { getter = this.getCfgNode() }
override DataFlowCall getCall(ReturnKind kind) {
result.(PropertyGetterCall).getGetter() = getter and kind instanceof NormalReturnKind
}
}
class PropertyObserverOutNode extends OutNode, ExprNodeImpl {
PropertyObserverCfgNode observer;
PropertyObserverOutNode() { observer = this.getCfgNode() }
override DataFlowCall getCall(ReturnKind kind) {
result.(PropertyGetterCall).getGetter() = observer and kind.(ParamReturnKind).getIndex() = -1
}
}
}
@@ -365,16 +428,34 @@ import OutNodes
predicate jumpStep(Node pred, Node succ) { none() }
predicate storeStep(Node node1, ContentSet c, Node node2) { none() }
predicate storeStep(Node node1, ContentSet c, Node node2) {
exists(MemberRefExpr ref, AssignExpr assign |
ref = assign.getDest() and
node1.asExpr() = assign.getSource() and
node2.(PostUpdateNode).getPreUpdateNode().asExpr() = ref.getBase() and
c.isSingleton(any(Content::FieldContent ct | ct.getField() = ref.getMember()))
)
}
predicate readStep(Node node1, ContentSet c, Node node2) { none() }
predicate isLValue(Expr e) { any(AssignExpr assign).getDest() = e }
predicate readStep(Node node1, ContentSet c, Node node2) {
exists(MemberRefExpr ref |
not isLValue(ref) and
node1.asExpr() = ref.getBase() and
node2.asExpr() = ref and
c.isSingleton(any(Content::FieldContent ct | ct.getField() = ref.getMember()))
)
}
/**
* Holds if values stored inside content `c` are cleared at node `n`. For example,
* any value stored inside `f` is cleared at the pre-update node associated with `x`
* in `x.f = newValue`.
*/
predicate clearsContent(Node n, ContentSet c) { none() }
predicate clearsContent(Node n, ContentSet c) {
n = any(PostUpdateNode pun | storeStep(_, c, pun)).getPreUpdateNode()
}
/**
* Holds if the value that is being tracked is expected to be stored inside content `c`
@@ -408,7 +489,21 @@ abstract class PostUpdateNodeImpl extends Node {
abstract Node getPreUpdateNode();
}
private module PostUpdateNodes { }
private module PostUpdateNodes {
class ExprPostUpdateNode extends PostUpdateNodeImpl, NodeImpl, TExprPostUpdateNode {
CfgNode n;
ExprPostUpdateNode() { this = TExprPostUpdateNode(n) }
override ExprNode getPreUpdateNode() { n = result.getCfgNode() }
override Location getLocationImpl() { result = n.getLocation() }
override string toStringImpl() { result = "[post] " + n.toString() }
override DataFlowCallable getEnclosingCallable() { result = TDataFlowFunc(n.getScope()) }
}
}
private import PostUpdateNodes

31
swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll
View File

@@ -139,18 +139,43 @@ class Content extends TContent {
Location getLocation() { none() }
}
module Content {
/** A field of an object, for example an instance variable. */
class FieldContent extends Content, TFieldContent {
private FieldDecl f;
FieldContent() { this = TFieldContent(f) }
/** Gets the name of the field. */
FieldDecl getField() { result = f }
override string toString() { result = f.toString() }
}
}
/**
* An entity that represents a set of `Content`s.
*
* The set may be interpreted differently depending on whether it is
* stored into (`getAStoreContent`) or read from (`getAReadContent`).
*/
class ContentSet extends Content {
class ContentSet extends TContentSet {
/** Holds if this content set is the singleton `{c}`. */
predicate isSingleton(Content c) { this = TSingletonContent(c) }
/** Gets a textual representation of this content set. */
string toString() {
exists(Content c |
this.isSingleton(c) and
result = c.toString()
)
}
/** Gets a content that may be stored into when storing into this set. */
Content getAStoreContent() { result = this }
Content getAStoreContent() { this.isSingleton(result) }
/** Gets a content that may be read from when reading from this set. */
Content getAReadContent() { result = this }
Content getAReadContent() { this.isSingleton(result) }
}
/**

6
swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll
View File

@@ -27,7 +27,7 @@ Node summaryNode(SummarizedCallable c, SummaryNodeState state) { result = TSumma
SummaryCall summaryDataFlowCall(Node receiver) { receiver = result.getReceiver() }
/** Gets the type of content `c`. */
DataFlowType getContentType(Content c) { any() }
DataFlowType getContentType(ContentSet c) { any() }
/** Gets the return type of kind `rk` for callable `c`. */
bindingset[c]
@@ -109,13 +109,13 @@ SummaryComponent interpretComponentSpecific(AccessPathToken c) {
}
/** Gets the textual representation of the content in the format used for flow summaries. */
private string getContentSpecificCsv(Content c) {
private string getContentSpecificCsv(ContentSet c) {
none() // TODO once we have field flow
}
/** Gets the textual representation of a summary component in the format used for flow summaries. */
string getComponentSpecificCsv(SummaryComponent sc) {
exists(Content c | sc = TContentSummaryComponent(c) and result = getContentSpecificCsv(c))
exists(ContentSet c | sc = TContentSummaryComponent(c) and result = getContentSpecificCsv(c))
or
exists(ReturnKind rk |
sc = TReturnSummaryComponent(rk) and

21
swift/ql/lib/codeql/swift/dataflow/internal/SsaImplSpecific.qll
View File

@@ -4,6 +4,7 @@ private import swift
private import codeql.swift.controlflow.BasicBlocks as BasicBlocks
private import codeql.swift.controlflow.ControlFlowGraph
private import codeql.swift.controlflow.CfgNodes
private import DataFlowPrivate
class BasicBlock = BasicBlocks::BasicBlock;
@@ -29,13 +30,6 @@ predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain)
certain = true
)
or
exists(ApplyExpr call, InOutExpr expr |
expr = [call.getAnArgument().getExpr(), call.getQualifier()] and
expr.getSubExpr() = v.getAnAccess() and
bb.getNode(i).getNode().asAstNode() = call and
certain = false
)
or
v instanceof ParamDecl and
bb.getNode(i).getNode().asAstNode() = v and
certain = true
@@ -48,8 +42,6 @@ predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain)
)
}
private predicate isLValue(DeclRefExpr ref) { any(AssignExpr assign).getDest() = ref }
predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) {
exists(DeclRefExpr ref |
not isLValue(ref) and
@@ -58,10 +50,17 @@ predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain)
certain = true
)
or
exists(InOutExpr expr |
bb.getNode(i).getNode().asAstNode() = expr and
expr.getSubExpr() = v.getAnAccess() and
certain = true
)
or
exists(ExitNode exit, AbstractFunctionDecl func |
func.getAParam() = v or func.getSelfParam() = v
|
bb.getNode(i) = exit and
v.(ParamDecl).isInout() and
func.getAParam() = v and
modifiableParam(v) and
bb.getScope() = func and
certain = true
)

2
swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
View File

@@ -32,7 +32,7 @@ private module Cached {
nodeFrom.asExpr() = [apply.getAnArgument().getExpr(), apply.getQualifier()] and
apply.getStaticTarget().getName() = ["appendLiteral(_:)", "appendInterpolation(_:)"] and
e.getExpr() = [apply.getAnArgument().getExpr(), apply.getQualifier()] and
nodeTo.asDefinition().(Ssa::WriteDefinition).isInoutDef(e)
nodeTo.(PostUpdateNodeImpl).getPreUpdateNode().getCfgNode() = e
)
or
// Flow from the computation of the interpolated string literal to the result of the interpolation.

2
swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPublic.qll
View File

@@ -26,4 +26,4 @@ predicate localTaintStep = localTaintStepCached/2;
* of `c` at sinks and inputs to additional taint steps.
*/
bindingset[node]
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() }
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() }

154
swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
View File

@@ -1,4 +1,7 @@
edges
| file://:0:0:0:0 | self [a, x] : | file://:0:0:0:0 | .a [x] : |
| file://:0:0:0:0 | self [x] : | file://:0:0:0:0 | .x : |
| file://:0:0:0:0 | value : | file://:0:0:0:0 | [post] self [x] : |
| test.swift:6:19:6:26 | call to source() : | test.swift:7:15:7:15 | t1 |
| test.swift:6:19:6:26 | call to source() : | test.swift:9:15:9:15 | t1 |
| test.swift:6:19:6:26 | call to source() : | test.swift:10:15:10:15 | t2 |
@@ -8,21 +11,22 @@ edges
| test.swift:29:26:29:29 | y : | test.swift:31:15:31:15 | y |
| test.swift:35:12:35:19 | call to source() : | test.swift:39:15:39:29 | call to callee_source() |
| test.swift:43:19:43:26 | call to source() : | test.swift:50:15:50:15 | t |
| test.swift:53:1:56:1 | arg[return] : | test.swift:61:17:61:23 | arg: &... : |
| test.swift:53:1:56:1 | arg[return] : | test.swift:61:22:61:23 | [post] &... : |
| test.swift:54:11:54:18 | call to source() : | test.swift:53:1:56:1 | arg[return] : |
| test.swift:61:17:61:23 | arg: &... : | test.swift:62:15:62:15 | x |
| test.swift:61:22:61:23 | [post] &... : | test.swift:62:15:62:15 | x |
| test.swift:65:16:65:28 | arg1 : | test.swift:65:1:70:1 | arg2[return] : |
| test.swift:73:18:73:25 | call to source() : | test.swift:75:21:75:22 | &... : |
| test.swift:73:18:73:25 | call to source() : | test.swift:76:15:76:15 | x |
| test.swift:75:21:75:22 | &... : | test.swift:65:16:65:28 | arg1 : |
| test.swift:75:21:75:22 | &... : | test.swift:75:25:75:32 | arg2: &... : |
| test.swift:75:25:75:32 | arg2: &... : | test.swift:77:15:77:15 | y |
| test.swift:80:1:82:1 | arg[return] : | test.swift:97:34:97:40 | arg: &... : |
| test.swift:75:21:75:22 | &... : | test.swift:75:31:75:32 | [post] &... : |
| test.swift:75:31:75:32 | [post] &... : | test.swift:77:15:77:15 | y |
| test.swift:80:1:82:1 | arg[return] : | test.swift:97:39:97:40 | [post] &... : |
| test.swift:81:11:81:18 | call to source() : | test.swift:80:1:82:1 | arg[return] : |
| test.swift:84:1:91:1 | arg[return] : | test.swift:104:35:104:41 | arg: &... : |
| test.swift:84:1:91:1 | arg[return] : | test.swift:104:40:104:41 | [post] &... : |
| test.swift:86:15:86:22 | call to source() : | test.swift:84:1:91:1 | arg[return] : |
| test.swift:89:15:89:22 | call to source() : | test.swift:84:1:91:1 | arg[return] : |
| test.swift:97:34:97:40 | arg: &... : | test.swift:98:19:98:19 | x |
| test.swift:104:35:104:41 | arg: &... : | test.swift:105:19:105:19 | x |
| test.swift:97:39:97:40 | [post] &... : | test.swift:98:19:98:19 | x |
| test.swift:104:40:104:41 | [post] &... : | test.swift:105:19:105:19 | x |
| test.swift:109:9:109:14 | arg : | test.swift:110:12:110:12 | arg : |
| test.swift:113:14:113:19 | arg : | test.swift:114:19:114:19 | arg : |
| test.swift:113:14:113:19 | arg : | test.swift:114:19:114:19 | arg : |
@@ -46,7 +50,61 @@ edges
| test.swift:154:10:154:13 | i : | test.swift:155:19:155:19 | i |
| test.swift:157:16:157:23 | call to source() : | test.swift:154:10:154:13 | i : |
| test.swift:159:16:159:29 | call to ... : | test.swift:154:10:154:13 | i : |
| test.swift:163:7:163:7 | self [x] : | file://:0:0:0:0 | self [x] : |
| test.swift:163:7:163:7 | value : | file://:0:0:0:0 | value : |
| test.swift:169:12:169:22 | value : | test.swift:170:9:170:9 | value : |
| test.swift:170:5:170:5 | [post] self [x] : | test.swift:169:3:171:3 | self[return] [x] : |
| test.swift:170:9:170:9 | value : | test.swift:163:7:163:7 | value : |
| test.swift:170:9:170:9 | value : | test.swift:170:5:170:5 | [post] self [x] : |
| test.swift:173:8:173:8 | self [x] : | test.swift:174:12:174:12 | self [x] : |
| test.swift:174:12:174:12 | self [x] : | test.swift:163:7:163:7 | self [x] : |
| test.swift:174:12:174:12 | self [x] : | test.swift:174:12:174:12 | .x : |
| test.swift:180:3:180:3 | [post] a [x] : | test.swift:181:13:181:13 | a [x] : |
| test.swift:180:9:180:16 | call to source() : | test.swift:163:7:163:7 | value : |
| test.swift:180:9:180:16 | call to source() : | test.swift:180:3:180:3 | [post] a [x] : |
| test.swift:181:13:181:13 | a [x] : | test.swift:163:7:163:7 | self [x] : |
| test.swift:181:13:181:13 | a [x] : | test.swift:181:13:181:15 | .x |
| test.swift:185:7:185:7 | self [a, x] : | file://:0:0:0:0 | self [a, x] : |
| test.swift:194:3:194:3 | [post] b [a, x] : | test.swift:195:13:195:13 | b [a, x] : |
| test.swift:194:3:194:5 | [post] getter for .a [x] : | test.swift:194:3:194:3 | [post] b [a, x] : |
| test.swift:194:11:194:18 | call to source() : | test.swift:163:7:163:7 | value : |
| test.swift:194:11:194:18 | call to source() : | test.swift:194:3:194:5 | [post] getter for .a [x] : |
| test.swift:195:13:195:13 | b [a, x] : | test.swift:185:7:185:7 | self [a, x] : |
| test.swift:195:13:195:13 | b [a, x] : | test.swift:195:13:195:15 | .a [x] : |
| test.swift:195:13:195:15 | .a [x] : | test.swift:163:7:163:7 | self [x] : |
| test.swift:195:13:195:15 | .a [x] : | test.swift:195:13:195:17 | .x |
| test.swift:200:3:200:3 | [post] a [x] : | test.swift:201:13:201:13 | a [x] : |
| test.swift:200:9:200:16 | call to source() : | test.swift:169:12:169:22 | value : |
| test.swift:200:9:200:16 | call to source() : | test.swift:200:3:200:3 | [post] a [x] : |
| test.swift:201:13:201:13 | a [x] : | test.swift:163:7:163:7 | self [x] : |
| test.swift:201:13:201:13 | a [x] : | test.swift:201:13:201:15 | .x |
| test.swift:206:3:206:3 | [post] a [x] : | test.swift:207:13:207:13 | a [x] : |
| test.swift:206:9:206:16 | call to source() : | test.swift:163:7:163:7 | value : |
| test.swift:206:9:206:16 | call to source() : | test.swift:206:3:206:3 | [post] a [x] : |
| test.swift:207:13:207:13 | a [x] : | test.swift:173:8:173:8 | self [x] : |
| test.swift:207:13:207:13 | a [x] : | test.swift:207:13:207:19 | call to get() |
| test.swift:212:3:212:3 | [post] a [x] : | test.swift:213:13:213:13 | a [x] : |
| test.swift:212:9:212:16 | call to source() : | test.swift:169:12:169:22 | value : |
| test.swift:212:9:212:16 | call to source() : | test.swift:212:3:212:3 | [post] a [x] : |
| test.swift:213:13:213:13 | a [x] : | test.swift:173:8:173:8 | self [x] : |
| test.swift:213:13:213:13 | a [x] : | test.swift:213:13:213:19 | call to get() |
| test.swift:218:3:218:3 | [post] b [a, x] : | test.swift:219:13:219:13 | b [a, x] : |
| test.swift:218:3:218:5 | [post] getter for .a [x] : | test.swift:218:3:218:3 | [post] b [a, x] : |
| test.swift:218:11:218:18 | call to source() : | test.swift:169:12:169:22 | value : |
| test.swift:218:11:218:18 | call to source() : | test.swift:218:3:218:5 | [post] getter for .a [x] : |
| test.swift:219:13:219:13 | b [a, x] : | test.swift:185:7:185:7 | self [a, x] : |
| test.swift:219:13:219:13 | b [a, x] : | test.swift:219:13:219:15 | .a [x] : |
| test.swift:219:13:219:15 | .a [x] : | test.swift:163:7:163:7 | self [x] : |
| test.swift:219:13:219:15 | .a [x] : | test.swift:219:13:219:17 | .x |
| test.swift:225:14:225:21 | call to source() : | test.swift:235:13:235:15 | .source_value |
| test.swift:225:14:225:21 | call to source() : | test.swift:238:13:238:15 | .source_value |
nodes
| file://:0:0:0:0 | .a [x] : | semmle.label | .a [x] : |
| file://:0:0:0:0 | .x : | semmle.label | .x : |
| file://:0:0:0:0 | [post] self [x] : | semmle.label | [post] self [x] : |
| file://:0:0:0:0 | self [a, x] : | semmle.label | self [a, x] : |
| file://:0:0:0:0 | self [x] : | semmle.label | self [x] : |
| file://:0:0:0:0 | value : | semmle.label | value : |
| test.swift:6:19:6:26 | call to source() : | semmle.label | call to source() : |
| test.swift:7:15:7:15 | t1 | semmle.label | t1 |
| test.swift:9:15:9:15 | t1 | semmle.label | t1 |
@@ -63,22 +121,23 @@ nodes
| test.swift:50:15:50:15 | t | semmle.label | t |
| test.swift:53:1:56:1 | arg[return] : | semmle.label | arg[return] : |
| test.swift:54:11:54:18 | call to source() : | semmle.label | call to source() : |
| test.swift:61:17:61:23 | arg: &... : | semmle.label | arg: &... : |
| test.swift:61:22:61:23 | [post] &... : | semmle.label | [post] &... : |
| test.swift:62:15:62:15 | x | semmle.label | x |
| test.swift:65:1:70:1 | arg2[return] : | semmle.label | arg2[return] : |
| test.swift:65:16:65:28 | arg1 : | semmle.label | arg1 : |
| test.swift:73:18:73:25 | call to source() : | semmle.label | call to source() : |
| test.swift:75:21:75:22 | &... : | semmle.label | &... : |
| test.swift:75:25:75:32 | arg2: &... : | semmle.label | arg2: &... : |
| test.swift:75:31:75:32 | [post] &... : | semmle.label | [post] &... : |
| test.swift:76:15:76:15 | x | semmle.label | x |
| test.swift:77:15:77:15 | y | semmle.label | y |
| test.swift:80:1:82:1 | arg[return] : | semmle.label | arg[return] : |
| test.swift:81:11:81:18 | call to source() : | semmle.label | call to source() : |
| test.swift:84:1:91:1 | arg[return] : | semmle.label | arg[return] : |
| test.swift:86:15:86:22 | call to source() : | semmle.label | call to source() : |
| test.swift:89:15:89:22 | call to source() : | semmle.label | call to source() : |
| test.swift:97:34:97:40 | arg: &... : | semmle.label | arg: &... : |
| test.swift:97:39:97:40 | [post] &... : | semmle.label | [post] &... : |
| test.swift:98:19:98:19 | x | semmle.label | x |
| test.swift:104:35:104:41 | arg: &... : | semmle.label | arg: &... : |
| test.swift:104:40:104:41 | [post] &... : | semmle.label | [post] &... : |
| test.swift:105:19:105:19 | x | semmle.label | x |
| test.swift:109:9:109:14 | arg : | semmle.label | arg : |
| test.swift:110:12:110:12 | arg : | semmle.label | arg : |
@@ -108,13 +167,73 @@ nodes
| test.swift:155:19:155:19 | i | semmle.label | i |
| test.swift:157:16:157:23 | call to source() : | semmle.label | call to source() : |
| test.swift:159:16:159:29 | call to ... : | semmle.label | call to ... : |
| test.swift:163:7:163:7 | self [x] : | semmle.label | self [x] : |
| test.swift:163:7:163:7 | value : | semmle.label | value : |
| test.swift:169:3:171:3 | self[return] [x] : | semmle.label | self[return] [x] : |
| test.swift:169:12:169:22 | value : | semmle.label | value : |
| test.swift:170:5:170:5 | [post] self [x] : | semmle.label | [post] self [x] : |
| test.swift:170:9:170:9 | value : | semmle.label | value : |
| test.swift:173:8:173:8 | self [x] : | semmle.label | self [x] : |
| test.swift:174:12:174:12 | .x : | semmle.label | .x : |
| test.swift:174:12:174:12 | self [x] : | semmle.label | self [x] : |
| test.swift:180:3:180:3 | [post] a [x] : | semmle.label | [post] a [x] : |
| test.swift:180:9:180:16 | call to source() : | semmle.label | call to source() : |
| test.swift:181:13:181:13 | a [x] : | semmle.label | a [x] : |
| test.swift:181:13:181:15 | .x | semmle.label | .x |
| test.swift:185:7:185:7 | self [a, x] : | semmle.label | self [a, x] : |
| test.swift:194:3:194:3 | [post] b [a, x] : | semmle.label | [post] b [a, x] : |
| test.swift:194:3:194:5 | [post] getter for .a [x] : | semmle.label | [post] getter for .a [x] : |
| test.swift:194:11:194:18 | call to source() : | semmle.label | call to source() : |
| test.swift:195:13:195:13 | b [a, x] : | semmle.label | b [a, x] : |
| test.swift:195:13:195:15 | .a [x] : | semmle.label | .a [x] : |
| test.swift:195:13:195:17 | .x | semmle.label | .x |
| test.swift:200:3:200:3 | [post] a [x] : | semmle.label | [post] a [x] : |
| test.swift:200:9:200:16 | call to source() : | semmle.label | call to source() : |
| test.swift:201:13:201:13 | a [x] : | semmle.label | a [x] : |
| test.swift:201:13:201:15 | .x | semmle.label | .x |
| test.swift:206:3:206:3 | [post] a [x] : | semmle.label | [post] a [x] : |
| test.swift:206:9:206:16 | call to source() : | semmle.label | call to source() : |
| test.swift:207:13:207:13 | a [x] : | semmle.label | a [x] : |
| test.swift:207:13:207:19 | call to get() | semmle.label | call to get() |
| test.swift:212:3:212:3 | [post] a [x] : | semmle.label | [post] a [x] : |
| test.swift:212:9:212:16 | call to source() : | semmle.label | call to source() : |
| test.swift:213:13:213:13 | a [x] : | semmle.label | a [x] : |
| test.swift:213:13:213:19 | call to get() | semmle.label | call to get() |
| test.swift:218:3:218:3 | [post] b [a, x] : | semmle.label | [post] b [a, x] : |
| test.swift:218:3:218:5 | [post] getter for .a [x] : | semmle.label | [post] getter for .a [x] : |
| test.swift:218:11:218:18 | call to source() : | semmle.label | call to source() : |
| test.swift:219:13:219:13 | b [a, x] : | semmle.label | b [a, x] : |
| test.swift:219:13:219:15 | .a [x] : | semmle.label | .a [x] : |
| test.swift:219:13:219:17 | .x | semmle.label | .x |
| test.swift:225:14:225:21 | call to source() : | semmle.label | call to source() : |
| test.swift:235:13:235:15 | .source_value | semmle.label | .source_value |
| test.swift:238:13:238:15 | .source_value | semmle.label | .source_value |
subpaths
| test.swift:75:21:75:22 | &... : | test.swift:65:16:65:28 | arg1 : | test.swift:65:1:70:1 | arg2[return] : | test.swift:75:25:75:32 | arg2: &... : |
| test.swift:75:21:75:22 | &... : | test.swift:65:16:65:28 | arg1 : | test.swift:65:1:70:1 | arg2[return] : | test.swift:75:31:75:32 | [post] &... : |
| test.swift:114:19:114:19 | arg : | test.swift:109:9:109:14 | arg : | test.swift:110:12:110:12 | arg : | test.swift:114:12:114:22 | call to ... : |
| test.swift:114:19:114:19 | arg : | test.swift:123:10:123:13 | i : | test.swift:124:16:124:16 | i : | test.swift:114:12:114:22 | call to ... : |
| test.swift:119:31:119:31 | x : | test.swift:113:14:113:19 | arg : | test.swift:114:12:114:22 | call to ... : | test.swift:119:18:119:44 | call to forward(arg:lambda:) : |
| test.swift:122:31:122:38 | call to source() : | test.swift:113:14:113:19 | arg : | test.swift:114:12:114:22 | call to ... : | test.swift:122:18:125:6 | call to forward(arg:lambda:) : |
| test.swift:145:23:145:30 | call to source() : | test.swift:142:10:142:13 | i : | test.swift:143:16:143:16 | i : | test.swift:145:15:145:31 | call to ... |
| test.swift:170:9:170:9 | value : | test.swift:163:7:163:7 | value : | file://:0:0:0:0 | [post] self [x] : | test.swift:170:5:170:5 | [post] self [x] : |
| test.swift:174:12:174:12 | self [x] : | test.swift:163:7:163:7 | self [x] : | file://:0:0:0:0 | .x : | test.swift:174:12:174:12 | .x : |
| test.swift:180:9:180:16 | call to source() : | test.swift:163:7:163:7 | value : | file://:0:0:0:0 | [post] self [x] : | test.swift:180:3:180:3 | [post] a [x] : |
| test.swift:181:13:181:13 | a [x] : | test.swift:163:7:163:7 | self [x] : | file://:0:0:0:0 | .x : | test.swift:181:13:181:15 | .x |
| test.swift:194:11:194:18 | call to source() : | test.swift:163:7:163:7 | value : | file://:0:0:0:0 | [post] self [x] : | test.swift:194:3:194:5 | [post] getter for .a [x] : |
| test.swift:195:13:195:13 | b [a, x] : | test.swift:185:7:185:7 | self [a, x] : | file://:0:0:0:0 | .a [x] : | test.swift:195:13:195:15 | .a [x] : |
| test.swift:195:13:195:15 | .a [x] : | test.swift:163:7:163:7 | self [x] : | file://:0:0:0:0 | .x : | test.swift:195:13:195:17 | .x |
| test.swift:200:9:200:16 | call to source() : | test.swift:169:12:169:22 | value : | test.swift:169:3:171:3 | self[return] [x] : | test.swift:200:3:200:3 | [post] a [x] : |
| test.swift:200:9:200:16 | call to source() : | test.swift:169:12:169:22 | value : | test.swift:170:5:170:5 | [post] self [x] : | test.swift:200:3:200:3 | [post] a [x] : |
| test.swift:201:13:201:13 | a [x] : | test.swift:163:7:163:7 | self [x] : | file://:0:0:0:0 | .x : | test.swift:201:13:201:15 | .x |
| test.swift:206:9:206:16 | call to source() : | test.swift:163:7:163:7 | value : | file://:0:0:0:0 | [post] self [x] : | test.swift:206:3:206:3 | [post] a [x] : |
| test.swift:207:13:207:13 | a [x] : | test.swift:173:8:173:8 | self [x] : | test.swift:174:12:174:12 | .x : | test.swift:207:13:207:19 | call to get() |
| test.swift:212:9:212:16 | call to source() : | test.swift:169:12:169:22 | value : | test.swift:169:3:171:3 | self[return] [x] : | test.swift:212:3:212:3 | [post] a [x] : |
| test.swift:212:9:212:16 | call to source() : | test.swift:169:12:169:22 | value : | test.swift:170:5:170:5 | [post] self [x] : | test.swift:212:3:212:3 | [post] a [x] : |
| test.swift:213:13:213:13 | a [x] : | test.swift:173:8:173:8 | self [x] : | test.swift:174:12:174:12 | .x : | test.swift:213:13:213:19 | call to get() |
| test.swift:218:11:218:18 | call to source() : | test.swift:169:12:169:22 | value : | test.swift:169:3:171:3 | self[return] [x] : | test.swift:218:3:218:5 | [post] getter for .a [x] : |
| test.swift:218:11:218:18 | call to source() : | test.swift:169:12:169:22 | value : | test.swift:170:5:170:5 | [post] self [x] : | test.swift:218:3:218:5 | [post] getter for .a [x] : |
| test.swift:219:13:219:13 | b [a, x] : | test.swift:185:7:185:7 | self [a, x] : | file://:0:0:0:0 | .a [x] : | test.swift:219:13:219:15 | .a [x] : |
| test.swift:219:13:219:15 | .a [x] : | test.swift:163:7:163:7 | self [x] : | file://:0:0:0:0 | .x : | test.swift:219:13:219:17 | .x |
#select
| test.swift:7:15:7:15 | t1 | test.swift:6:19:6:26 | call to source() : | test.swift:7:15:7:15 | t1 | result |
| test.swift:9:15:9:15 | t1 | test.swift:6:19:6:26 | call to source() : | test.swift:9:15:9:15 | t1 | result |
@@ -124,6 +243,7 @@ subpaths
| test.swift:39:15:39:29 | call to callee_source() | test.swift:35:12:35:19 | call to source() : | test.swift:39:15:39:29 | call to callee_source() | result |
| test.swift:50:15:50:15 | t | test.swift:43:19:43:26 | call to source() : | test.swift:50:15:50:15 | t | result |
| test.swift:62:15:62:15 | x | test.swift:54:11:54:18 | call to source() : | test.swift:62:15:62:15 | x | result |
| test.swift:76:15:76:15 | x | test.swift:73:18:73:25 | call to source() : | test.swift:76:15:76:15 | x | result |
| test.swift:77:15:77:15 | y | test.swift:73:18:73:25 | call to source() : | test.swift:77:15:77:15 | y | result |
| test.swift:98:19:98:19 | x | test.swift:81:11:81:18 | call to source() : | test.swift:98:19:98:19 | x | result |
| test.swift:105:19:105:19 | x | test.swift:86:15:86:22 | call to source() : | test.swift:105:19:105:19 | x | result |
@@ -135,3 +255,11 @@ subpaths
| test.swift:151:15:151:28 | call to ... | test.swift:149:16:149:23 | call to source() : | test.swift:151:15:151:28 | call to ... | result |
| test.swift:155:19:155:19 | i | test.swift:149:16:149:23 | call to source() : | test.swift:155:19:155:19 | i | result |
| test.swift:155:19:155:19 | i | test.swift:157:16:157:23 | call to source() : | test.swift:155:19:155:19 | i | result |
| test.swift:181:13:181:15 | .x | test.swift:180:9:180:16 | call to source() : | test.swift:181:13:181:15 | .x | result |
| test.swift:195:13:195:17 | .x | test.swift:194:11:194:18 | call to source() : | test.swift:195:13:195:17 | .x | result |
| test.swift:201:13:201:15 | .x | test.swift:200:9:200:16 | call to source() : | test.swift:201:13:201:15 | .x | result |
| test.swift:207:13:207:19 | call to get() | test.swift:206:9:206:16 | call to source() : | test.swift:207:13:207:19 | call to get() | result |
| test.swift:213:13:213:19 | call to get() | test.swift:212:9:212:16 | call to source() : | test.swift:213:13:213:19 | call to get() | result |
| test.swift:219:13:219:17 | .x | test.swift:218:11:218:18 | call to source() : | test.swift:219:13:219:17 | .x | result |
| test.swift:235:13:235:15 | .source_value | test.swift:225:14:225:21 | call to source() : | test.swift:235:13:235:15 | .source_value | result |
| test.swift:238:13:238:15 | .source_value | test.swift:225:14:225:21 | call to source() : | test.swift:238:13:238:15 | .source_value | result |

68
swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
View File

@@ -1,11 +1,3 @@
| file://:0:0:0:0 | .a | file://:0:0:0:0 | &... |
| file://:0:0:0:0 | .source_value | file://:0:0:0:0 | &... |
| file://:0:0:0:0 | .wrappedValue | file://:0:0:0:0 | &... |
| file://:0:0:0:0 | .x | file://:0:0:0:0 | &... |
| file://:0:0:0:0 | self | file://:0:0:0:0 | &... |
| file://:0:0:0:0 | self | file://:0:0:0:0 | &... |
| file://:0:0:0:0 | self | file://:0:0:0:0 | self |
| file://:0:0:0:0 | self | file://:0:0:0:0 | self |
| test.swift:6:9:6:13 | WriteDef | test.swift:7:15:7:15 | t1 |
| test.swift:6:19:6:26 | call to source() | test.swift:6:9:6:13 | WriteDef |
| test.swift:7:15:7:15 | t1 | test.swift:8:10:8:10 | t1 |
@@ -33,8 +25,8 @@
| test.swift:59:9:59:12 | WriteDef | test.swift:60:15:60:15 | x |
| test.swift:59:18:59:18 | 0 | test.swift:59:9:59:12 | WriteDef |
| test.swift:60:15:60:15 | x | test.swift:61:23:61:23 | x |
| test.swift:61:5:61:24 | WriteDef | test.swift:62:15:62:15 | x |
| test.swift:61:17:61:23 | arg: &... | test.swift:61:5:61:24 | WriteDef |
| test.swift:61:22:61:23 | &... | test.swift:62:15:62:15 | x |
| test.swift:61:22:61:23 | [post] &... | test.swift:62:15:62:15 | x |
| test.swift:61:23:61:23 | x | test.swift:61:22:61:23 | &... |
| test.swift:65:16:65:28 | arg1 | test.swift:66:21:66:21 | arg1 |
| test.swift:65:33:65:45 | arg2 | test.swift:67:12:67:12 | arg2 |
@@ -48,11 +40,11 @@
| test.swift:73:18:73:25 | call to source() | test.swift:73:9:73:12 | WriteDef |
| test.swift:74:9:74:12 | WriteDef | test.swift:75:32:75:32 | y |
| test.swift:74:18:74:18 | 0 | test.swift:74:9:74:12 | WriteDef |
| test.swift:75:5:75:33 | WriteDef | test.swift:76:15:76:15 | x |
| test.swift:75:5:75:33 | WriteDef | test.swift:77:15:77:15 | y |
| test.swift:75:15:75:22 | arg1: &... | test.swift:75:5:75:33 | WriteDef |
| test.swift:75:21:75:22 | &... | test.swift:76:15:76:15 | x |
| test.swift:75:21:75:22 | [post] &... | test.swift:76:15:76:15 | x |
| test.swift:75:22:75:22 | x | test.swift:75:21:75:22 | &... |
| test.swift:75:25:75:32 | arg2: &... | test.swift:75:5:75:33 | WriteDef |
| test.swift:75:31:75:32 | &... | test.swift:77:15:77:15 | y |
| test.swift:75:31:75:32 | [post] &... | test.swift:77:15:77:15 | y |
| test.swift:75:32:75:32 | y | test.swift:75:31:75:32 | &... |
| test.swift:81:5:81:18 | WriteDef | test.swift:80:1:82:1 | arg[return] |
| test.swift:81:11:81:18 | call to source() | test.swift:81:5:81:18 | WriteDef |
@@ -66,14 +58,14 @@
| test.swift:95:13:95:16 | WriteDef | test.swift:96:19:96:19 | x |
| test.swift:95:22:95:22 | 0 | test.swift:95:13:95:16 | WriteDef |
| test.swift:96:19:96:19 | x | test.swift:97:40:97:40 | x |
| test.swift:97:9:97:41 | WriteDef | test.swift:98:19:98:19 | x |
| test.swift:97:34:97:40 | arg: &... | test.swift:97:9:97:41 | WriteDef |
| test.swift:97:39:97:40 | &... | test.swift:98:19:98:19 | x |
| test.swift:97:39:97:40 | [post] &... | test.swift:98:19:98:19 | x |
| test.swift:97:40:97:40 | x | test.swift:97:39:97:40 | &... |
| test.swift:102:13:102:16 | WriteDef | test.swift:103:19:103:19 | x |
| test.swift:102:22:102:22 | 0 | test.swift:102:13:102:16 | WriteDef |
| test.swift:103:19:103:19 | x | test.swift:104:41:104:41 | x |
| test.swift:104:9:104:54 | WriteDef | test.swift:105:19:105:19 | x |
| test.swift:104:35:104:41 | arg: &... | test.swift:104:9:104:54 | WriteDef |
| test.swift:104:40:104:41 | &... | test.swift:105:19:105:19 | x |
| test.swift:104:40:104:41 | [post] &... | test.swift:105:19:105:19 | x |
| test.swift:104:41:104:41 | x | test.swift:104:40:104:41 | &... |
| test.swift:109:9:109:14 | arg | test.swift:110:12:110:12 | arg |
| test.swift:113:14:113:19 | arg | test.swift:114:19:114:19 | arg |
@@ -97,46 +89,58 @@
| test.swift:153:22:156:5 | { ... } | test.swift:153:9:153:9 | WriteDef |
| test.swift:154:10:154:13 | i | test.swift:155:19:155:19 | i |
| test.swift:157:5:157:5 | lambdaSink | test.swift:159:5:159:5 | lambdaSink |
| test.swift:163:7:163:7 | self | file://:0:0:0:0 | self |
| test.swift:163:7:163:7 | self | file://:0:0:0:0 | self |
| test.swift:163:7:163:7 | self | file://:0:0:0:0 | self |
| test.swift:163:7:163:7 | value | file://:0:0:0:0 | value |
| test.swift:162:7:162:7 | self | test.swift:162:7:162:7 | self[return] |
| test.swift:165:3:165:3 | self | test.swift:166:5:166:5 | self |
| test.swift:166:5:166:5 | [post] self | test.swift:165:3:167:3 | self[return] |
| test.swift:166:5:166:5 | self | test.swift:165:3:167:3 | self[return] |
| test.swift:169:8:169:8 | self | test.swift:170:5:170:5 | self |
| test.swift:169:12:169:22 | value | test.swift:170:9:170:9 | value |
| test.swift:170:5:170:5 | [post] self | test.swift:169:3:171:3 | self[return] |
| test.swift:170:5:170:5 | self | test.swift:169:3:171:3 | self[return] |
| test.swift:173:8:173:8 | self | test.swift:174:12:174:12 | self |
| test.swift:174:12:174:12 | [post] self | test.swift:173:3:175:3 | self[return] |
| test.swift:174:12:174:12 | self | test.swift:173:3:175:3 | self[return] |
| test.swift:179:7:179:7 | WriteDef | test.swift:180:3:180:3 | a |
| test.swift:179:11:179:13 | call to init() | test.swift:179:7:179:7 | WriteDef |
| test.swift:180:3:180:3 | [post] a | test.swift:181:13:181:13 | a |
| test.swift:180:3:180:3 | a | test.swift:181:13:181:13 | a |
| test.swift:185:7:185:7 | self | file://:0:0:0:0 | self |
| test.swift:185:7:185:7 | self | file://:0:0:0:0 | self |
| test.swift:185:7:185:7 | self | file://:0:0:0:0 | self |
| test.swift:185:7:185:7 | value | file://:0:0:0:0 | value |
| test.swift:184:7:184:7 | self | test.swift:184:7:184:7 | self[return] |
| test.swift:187:3:187:3 | self | test.swift:188:5:188:5 | self |
| test.swift:188:5:188:5 | [post] self | test.swift:187:3:189:3 | self[return] |
| test.swift:188:5:188:5 | self | test.swift:187:3:189:3 | self[return] |
| test.swift:193:7:193:7 | WriteDef | test.swift:194:3:194:3 | b |
| test.swift:193:11:193:13 | call to init() | test.swift:193:7:193:7 | WriteDef |
| test.swift:194:3:194:3 | [post] b | test.swift:195:13:195:13 | b |
| test.swift:194:3:194:3 | b | test.swift:195:13:195:13 | b |
| test.swift:199:7:199:7 | WriteDef | test.swift:200:3:200:3 | a |
| test.swift:199:11:199:13 | call to init() | test.swift:199:7:199:7 | WriteDef |
| test.swift:200:3:200:3 | [post] a | test.swift:201:13:201:13 | a |
| test.swift:200:3:200:3 | a | test.swift:201:13:201:13 | a |
| test.swift:205:7:205:7 | WriteDef | test.swift:206:3:206:3 | a |
| test.swift:205:11:205:13 | call to init() | test.swift:205:7:205:7 | WriteDef |
| test.swift:206:3:206:3 | [post] a | test.swift:207:13:207:13 | a |
| test.swift:206:3:206:3 | a | test.swift:207:13:207:13 | a |
| test.swift:211:7:211:7 | WriteDef | test.swift:212:3:212:3 | a |
| test.swift:211:11:211:13 | call to init() | test.swift:211:7:211:7 | WriteDef |
| test.swift:212:3:212:3 | [post] a | test.swift:213:13:213:13 | a |
| test.swift:212:3:212:3 | a | test.swift:213:13:213:13 | a |
| test.swift:217:7:217:7 | WriteDef | test.swift:218:3:218:3 | b |
| test.swift:217:11:217:13 | call to init() | test.swift:217:7:217:7 | WriteDef |
| test.swift:218:3:218:3 | [post] b | test.swift:219:13:219:13 | b |
| test.swift:218:3:218:3 | b | test.swift:219:13:219:13 | b |
| test.swift:223:7:223:7 | self | file://:0:0:0:0 | self |
| test.swift:222:7:222:7 | self | test.swift:222:7:222:7 | self[return] |
| test.swift:222:7:222:7 | self | test.swift:222:7:222:7 | self[return] |
| test.swift:224:5:224:5 | self | test.swift:224:5:226:5 | self[return] |
| test.swift:227:5:227:5 | self | test.swift:227:5:229:5 | self[return] |
| test.swift:234:7:234:7 | WriteDef | test.swift:235:13:235:13 | a |
| test.swift:234:11:234:31 | call to init() | test.swift:234:7:234:7 | WriteDef |
| test.swift:235:13:235:13 | [post] a | test.swift:237:3:237:3 | a |
| test.swift:235:13:235:13 | a | test.swift:237:3:237:3 | a |
| test.swift:237:3:237:3 | [post] a | test.swift:238:13:238:13 | a |
| test.swift:237:3:237:3 | a | test.swift:238:13:238:13 | a |
| test.swift:242:9:242:9 | self | file://:0:0:0:0 | self |
| test.swift:242:9:242:9 | self | file://:0:0:0:0 | self |
| test.swift:242:9:242:9 | self | file://:0:0:0:0 | self |
| test.swift:242:9:242:9 | value | file://:0:0:0:0 | value |
| test.swift:243:9:243:9 | self | test.swift:243:18:243:18 | self |
| test.swift:243:18:243:18 | [post] self | test.swift:243:9:243:42 | self[return] |
| test.swift:243:18:243:18 | self | test.swift:243:9:243:42 | self[return] |
| test.swift:246:5:246:5 | self | test.swift:247:9:247:9 | self |
| test.swift:252:23:252:23 | value | file://:0:0:0:0 | value |
| test.swift:247:9:247:9 | [post] self | test.swift:246:5:248:5 | self[return] |
| test.swift:247:9:247:9 | self | test.swift:246:5:248:5 | self[return] |

5
swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.ql
View File

@@ -2,5 +2,8 @@ import swift
import codeql.swift.dataflow.DataFlow
from DataFlow::Node pred, DataFlow::Node succ
where DataFlow::localFlowStep(pred, succ)
where
DataFlow::localFlowStep(pred, succ) and
not pred.getLocation() instanceof UnknownLocation and
not succ.getLocation() instanceof UnknownLocation
select pred, succ

18
swift/ql/test/library-tests/dataflow/dataflow/test.swift
View File

@@ -73,7 +73,7 @@ func swapUser() {
var x: Int = source()
var y: Int = 0
inoutSwap(arg1: &x, arg2: &y)
sink(arg: x) // clean
sink(arg: x) // $ SPURIOUS: flow=73
sink(arg: y) // $ flow=73
}
@@ -178,7 +178,7 @@ class A {
func simple_field_flow() {
var a = A()
a.x = source()
sink(arg: a.x) // $ MISSING: flow=180
sink(arg: a.x) // $ flow=180
}
class B {
@@ -192,31 +192,31 @@ class B {
func reverse_read() {
var b = B()
b.a.x = source()
sink(arg: b.a.x) // $ MISSING: flow=194
sink(arg: b.a.x) // $ flow=194
}
func test_setter() {
var a = A()
a.set(source())
sink(arg: a.x) // $ MISSING: flow=200
sink(arg: a.x) // $ flow=200
}
func test_getter() {
var a = A()
a.x = source()
sink(arg: a.get()) // $ MISSING: flow=206
sink(arg: a.get()) // $ flow=206
}
func test_setter_getter() {
var a = A()
a.set(source())
sink(arg: a.get()) // $ MISSING: flow=212
sink(arg: a.get()) // $ flow=212
}
func flow_through(b : B) {
var b = B()
b.a.set(source())
sink(arg: b.a.x) // $ MISSING: flow=218
sink(arg: b.a.x) // $ flow=218
}
class HasComputedProperty {
@@ -232,10 +232,10 @@ class HasComputedProperty {
func test_computed_property() {
var a = HasComputedProperty()
sink(arg: a.source_value) // $ MISSING: flow=225
sink(arg: a.source_value) // $ flow=225
a.source_value = 0
sink(arg: a.source_value) // $ MISSING: flow=225
sink(arg: a.source_value) // $ flow=225
}
@propertyWrapper struct DidSetSource {

327
swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
View File

@@ -1,188 +1,139 @@
| data.swift:12:6:12:6 | WriteDef | data.swift:16:12:16:12 | dataClean |
| data.swift:12:18:12:36 | call to init(_:) | data.swift:12:6:12:6 | WriteDef |
| data.swift:13:6:13:6 | WriteDef | data.swift:14:26:14:26 | dataTainted |
| data.swift:13:20:13:38 | call to init(_:) | data.swift:13:6:13:6 | WriteDef |
| data.swift:14:6:14:6 | WriteDef | data.swift:18:12:18:12 | dataTainted2 |
| data.swift:14:21:14:37 | call to init(_:) | data.swift:14:6:14:6 | WriteDef |
| data.swift:14:26:14:26 | dataTainted | data.swift:17:12:17:12 | dataTainted |
| data.swift:16:12:16:12 | dataClean | data.swift:20:33:20:33 | dataClean |
| string.swift:5:7:5:7 | WriteDef | string.swift:7:16:7:16 | x |
| string.swift:5:11:5:18 | call to source() | string.swift:5:7:5:7 | WriteDef |
| string.swift:7:13:7:13 | WriteDef | string.swift:7:14:7:14 | Phi |
| string.swift:7:14:7:13 | WriteDef | string.swift:7:15:7:15 | $interpolation |
| string.swift:7:14:7:14 | $interpolation | string.swift:7:14:7:14 | &... |
| string.swift:7:14:7:14 | Phi | string.swift:7:14:7:14 | $interpolation |
| string.swift:7:15:7:15 | $interpolation | string.swift:7:15:7:15 | &... |
| string.swift:7:15:7:17 | WriteDef | string.swift:7:18:7:18 | $interpolation |
| string.swift:7:16:7:16 | x | string.swift:9:16:9:16 | x |
| string.swift:7:18:7:18 | $interpolation | string.swift:7:18:7:18 | &... |
| string.swift:7:18:7:18 | WriteDef | string.swift:7:13:7:13 | TapExpr |
| string.swift:9:13:9:13 | WriteDef | string.swift:9:14:9:14 | Phi |
| string.swift:9:14:9:13 | WriteDef | string.swift:9:15:9:15 | $interpolation |
| string.swift:9:14:9:14 | $interpolation | string.swift:9:14:9:14 | &... |
| string.swift:9:14:9:14 | Phi | string.swift:9:14:9:14 | $interpolation |
| string.swift:9:15:9:15 | $interpolation | string.swift:9:15:9:15 | &... |
| string.swift:9:15:9:17 | WriteDef | string.swift:9:18:9:18 | $interpolation |
| string.swift:9:16:9:16 | x | string.swift:9:21:9:21 | x |
| string.swift:9:18:9:18 | $interpolation | string.swift:9:18:9:18 | &... |
| string.swift:9:18:9:18 | WriteDef | string.swift:9:20:9:20 | $interpolation |
| string.swift:9:20:9:20 | $interpolation | string.swift:9:20:9:20 | &... |
| string.swift:9:20:9:22 | WriteDef | string.swift:9:23:9:23 | $interpolation |
| string.swift:9:21:9:21 | x | string.swift:11:16:11:16 | x |
| string.swift:9:23:9:23 | $interpolation | string.swift:9:23:9:23 | &... |
| string.swift:9:23:9:23 | WriteDef | string.swift:9:13:9:13 | TapExpr |
| string.swift:11:13:11:13 | WriteDef | string.swift:11:14:11:14 | Phi |
| string.swift:11:14:11:13 | WriteDef | string.swift:11:15:11:15 | $interpolation |
| string.swift:11:14:11:14 | $interpolation | string.swift:11:14:11:14 | &... |
| string.swift:11:14:11:14 | Phi | string.swift:11:14:11:14 | $interpolation |
| string.swift:11:15:11:15 | $interpolation | string.swift:11:15:11:15 | &... |
| string.swift:11:15:11:17 | WriteDef | string.swift:11:18:11:18 | $interpolation |
| string.swift:11:16:11:16 | x | string.swift:11:26:11:26 | x |
| string.swift:11:18:11:18 | $interpolation | string.swift:11:18:11:18 | &... |
| string.swift:11:18:11:18 | WriteDef | string.swift:11:20:11:20 | $interpolation |
| string.swift:11:20:11:20 | $interpolation | string.swift:11:20:11:20 | &... |
| string.swift:11:20:11:22 | WriteDef | string.swift:11:23:11:23 | $interpolation |
| string.swift:11:23:11:23 | $interpolation | string.swift:11:23:11:23 | &... |
| string.swift:11:23:11:23 | WriteDef | string.swift:11:25:11:25 | $interpolation |
| string.swift:11:25:11:25 | $interpolation | string.swift:11:25:11:25 | &... |
| string.swift:11:25:11:27 | WriteDef | string.swift:11:28:11:28 | $interpolation |
| string.swift:11:26:11:26 | x | string.swift:16:16:16:16 | x |
| string.swift:11:28:11:28 | $interpolation | string.swift:11:28:11:28 | &... |
| string.swift:11:28:11:28 | WriteDef | string.swift:11:13:11:13 | TapExpr |
| string.swift:13:7:13:7 | WriteDef | string.swift:14:16:14:16 | y |
| string.swift:13:11:13:11 | 42 | string.swift:13:7:13:7 | WriteDef |
| string.swift:14:13:14:13 | WriteDef | string.swift:14:14:14:14 | Phi |
| string.swift:14:14:14:13 | WriteDef | string.swift:14:15:14:15 | $interpolation |
| string.swift:14:14:14:14 | $interpolation | string.swift:14:14:14:14 | &... |
| string.swift:14:14:14:14 | Phi | string.swift:14:14:14:14 | $interpolation |
| string.swift:14:15:14:15 | $interpolation | string.swift:14:15:14:15 | &... |
| string.swift:14:15:14:17 | WriteDef | string.swift:14:18:14:18 | $interpolation |
| string.swift:14:16:14:16 | y | string.swift:16:27:16:27 | y |
| string.swift:14:18:14:18 | $interpolation | string.swift:14:18:14:18 | &... |
| string.swift:14:18:14:18 | WriteDef | string.swift:14:13:14:13 | TapExpr |
| string.swift:16:13:16:13 | WriteDef | string.swift:16:14:16:14 | Phi |
| string.swift:16:14:16:13 | WriteDef | string.swift:16:15:16:15 | $interpolation |
| string.swift:16:14:16:14 | $interpolation | string.swift:16:14:16:14 | &... |
| string.swift:16:14:16:14 | Phi | string.swift:16:14:16:14 | $interpolation |
| string.swift:16:15:16:15 | $interpolation | string.swift:16:15:16:15 | &... |
| string.swift:16:15:16:17 | WriteDef | string.swift:16:18:16:18 | $interpolation |
| string.swift:16:16:16:16 | x | string.swift:18:27:18:27 | x |
| string.swift:16:18:16:18 | $interpolation | string.swift:16:18:16:18 | &... |
| string.swift:16:18:16:18 | WriteDef | string.swift:16:26:16:26 | $interpolation |
| string.swift:16:26:16:26 | $interpolation | string.swift:16:26:16:26 | &... |
| string.swift:16:26:16:28 | WriteDef | string.swift:16:29:16:29 | $interpolation |
| string.swift:16:27:16:27 | y | string.swift:18:16:18:16 | y |
| string.swift:16:29:16:29 | $interpolation | string.swift:16:29:16:29 | &... |
| string.swift:16:29:16:29 | WriteDef | string.swift:16:13:16:13 | TapExpr |
| string.swift:18:13:18:13 | WriteDef | string.swift:18:14:18:14 | Phi |
| string.swift:18:14:18:13 | WriteDef | string.swift:18:15:18:15 | $interpolation |
| string.swift:18:14:18:14 | $interpolation | string.swift:18:14:18:14 | &... |
| string.swift:18:14:18:14 | Phi | string.swift:18:14:18:14 | $interpolation |
| string.swift:18:15:18:15 | $interpolation | string.swift:18:15:18:15 | &... |
| string.swift:18:15:18:17 | WriteDef | string.swift:18:18:18:18 | $interpolation |
| string.swift:18:18:18:18 | $interpolation | string.swift:18:18:18:18 | &... |
| string.swift:18:18:18:18 | WriteDef | string.swift:18:26:18:26 | $interpolation |
| string.swift:18:26:18:26 | $interpolation | string.swift:18:26:18:26 | &... |
| string.swift:18:26:18:28 | WriteDef | string.swift:18:29:18:29 | $interpolation |
| string.swift:18:29:18:29 | $interpolation | string.swift:18:29:18:29 | &... |
| string.swift:18:29:18:29 | WriteDef | string.swift:18:13:18:13 | TapExpr |
| string.swift:20:3:20:7 | WriteDef | string.swift:21:16:21:16 | x |
| string.swift:20:7:20:7 | 0 | string.swift:20:3:20:7 | WriteDef |
| string.swift:21:13:21:13 | WriteDef | string.swift:21:14:21:14 | Phi |
| string.swift:21:14:21:13 | WriteDef | string.swift:21:15:21:15 | $interpolation |
| string.swift:21:14:21:14 | $interpolation | string.swift:21:14:21:14 | &... |
| string.swift:21:14:21:14 | Phi | string.swift:21:14:21:14 | $interpolation |
| string.swift:21:15:21:15 | $interpolation | string.swift:21:15:21:15 | &... |
| string.swift:21:15:21:17 | WriteDef | string.swift:21:18:21:18 | $interpolation |
| string.swift:21:18:21:18 | $interpolation | string.swift:21:18:21:18 | &... |
| string.swift:21:18:21:18 | WriteDef | string.swift:21:13:21:13 | TapExpr |
| string.swift:27:7:27:7 | WriteDef | string.swift:30:13:30:13 | clean |
| string.swift:27:15:27:15 | abcdef | string.swift:27:7:27:7 | WriteDef |
| string.swift:28:7:28:7 | WriteDef | string.swift:31:13:31:13 | tainted |
| string.swift:28:17:28:25 | call to source2() | string.swift:28:7:28:7 | WriteDef |
| string.swift:30:13:30:13 | clean | string.swift:33:13:33:13 | clean |
| string.swift:31:13:31:13 | tainted | string.swift:34:21:34:21 | tainted |
| string.swift:33:13:33:13 | clean | string.swift:33:21:33:21 | clean |
| string.swift:33:21:33:21 | clean | string.swift:34:13:34:13 | clean |
| string.swift:34:13:34:13 | clean | string.swift:35:23:35:23 | clean |
| string.swift:34:21:34:21 | tainted | string.swift:35:13:35:13 | tainted |
| string.swift:35:13:35:13 | tainted | string.swift:36:13:36:13 | tainted |
| string.swift:35:23:35:23 | clean | string.swift:38:19:38:19 | clean |
| string.swift:36:13:36:13 | tainted | string.swift:36:23:36:23 | tainted |
| string.swift:36:23:36:23 | tainted | string.swift:39:19:39:19 | tainted |
| string.swift:41:7:41:7 | WriteDef | string.swift:43:13:43:13 | str |
| string.swift:41:13:41:13 | abc | string.swift:41:7:41:7 | WriteDef |
| string.swift:43:13:43:13 | str | string.swift:45:3:45:3 | str |
| string.swift:45:3:45:3 | : &... | string.swift:45:3:45:10 | WriteDef |
| string.swift:45:3:45:3 | str | string.swift:45:3:45:3 | &... |
| string.swift:45:3:45:10 | WriteDef | string.swift:46:13:46:13 | str |
| string.swift:46:13:46:13 | str | string.swift:48:3:48:3 | str |
| string.swift:48:3:48:3 | : &... | string.swift:48:3:48:18 | WriteDef |
| string.swift:48:3:48:3 | str | string.swift:48:3:48:3 | &... |
| string.swift:48:3:48:18 | WriteDef | string.swift:49:13:49:13 | str |
| string.swift:51:7:51:7 | WriteDef | string.swift:53:13:53:13 | str2 |
| string.swift:51:14:51:14 | abc | string.swift:51:7:51:7 | WriteDef |
| string.swift:53:13:53:13 | str2 | string.swift:55:3:55:3 | str2 |
| string.swift:55:3:55:3 | str2 | string.swift:55:3:55:3 | &... |
| string.swift:55:3:55:20 | WriteDef | string.swift:56:13:56:13 | str2 |
| string.swift:56:13:56:13 | str2 | string.swift:58:3:58:3 | str2 |
| string.swift:58:3:58:3 | str2 | string.swift:58:3:58:3 | &... |
| string.swift:58:3:58:24 | WriteDef | string.swift:59:13:59:13 | str2 |
| string.swift:59:13:59:13 | str2 | string.swift:69:13:69:13 | str2 |
| string.swift:61:7:61:7 | WriteDef | string.swift:63:13:63:13 | str3 |
| string.swift:61:14:61:14 | abc | string.swift:61:7:61:7 | WriteDef |
| string.swift:63:13:63:13 | str3 | string.swift:65:3:65:3 | str3 |
| string.swift:65:3:65:3 | str3 | string.swift:65:3:65:3 | &... |
| string.swift:65:3:65:32 | WriteDef | string.swift:66:13:66:13 | str3 |
| string.swift:66:13:66:13 | str3 | string.swift:68:3:68:3 | str3 |
| string.swift:68:3:68:3 | str3 | string.swift:68:3:68:3 | &... |
| string.swift:73:7:73:7 | WriteDef | string.swift:77:20:77:20 | clean |
| string.swift:73:15:73:15 | | string.swift:73:7:73:7 | WriteDef |
| string.swift:74:7:74:7 | WriteDef | string.swift:78:20:78:20 | tainted |
| string.swift:74:17:74:25 | call to source2() | string.swift:74:7:74:7 | WriteDef |
| string.swift:75:7:75:7 | WriteDef | string.swift:79:20:79:20 | taintedInt |
| string.swift:75:20:75:27 | call to source() | string.swift:75:7:75:7 | WriteDef |
| string.swift:77:20:77:20 | clean | string.swift:81:31:81:31 | clean |
| string.swift:78:20:78:20 | tainted | string.swift:82:31:82:31 | tainted |
| string.swift:81:31:81:31 | clean | string.swift:84:13:84:13 | clean |
| string.swift:82:31:82:31 | tainted | string.swift:85:13:85:13 | tainted |
| string.swift:84:13:84:13 | clean | string.swift:87:13:87:13 | clean |
| string.swift:85:13:85:13 | tainted | string.swift:88:13:88:13 | tainted |
| try.swift:8:17:8:23 | call to clean() | try.swift:8:13:8:23 | try ... |
| try.swift:9:17:9:24 | call to source() | try.swift:9:13:9:24 | try ... |
| try.swift:14:17:14:23 | call to clean() | try.swift:14:12:14:23 | try! ... |
| try.swift:15:17:15:24 | call to source() | try.swift:15:12:15:24 | try! ... |
| try.swift:17:13:17:24 | try? ... | try.swift:17:12:17:26 | ...! |
| try.swift:17:18:17:24 | call to clean() | try.swift:17:13:17:24 | try? ... |
| try.swift:18:13:18:25 | try? ... | try.swift:18:12:18:27 | ...! |
| try.swift:18:18:18:25 | call to source() | try.swift:18:13:18:25 | try? ... |
| url.swift:12:6:12:6 | WriteDef | url.swift:14:29:14:29 | clean |
| url.swift:12:14:12:14 | http://example.com/ | url.swift:12:6:12:6 | WriteDef |
| url.swift:13:6:13:6 | WriteDef | url.swift:15:31:15:31 | tainted |
| url.swift:13:16:13:23 | call to source() | url.swift:13:6:13:6 | WriteDef |
| url.swift:14:6:14:6 | WriteDef | url.swift:17:12:17:12 | urlClean |
| url.swift:14:17:14:34 | call to init(string:) | url.swift:14:17:14:35 | ...! |
| url.swift:14:17:14:35 | ...! | url.swift:14:6:14:6 | WriteDef |
| url.swift:14:29:14:29 | clean | url.swift:20:24:20:24 | clean |
| url.swift:15:6:15:6 | WriteDef | url.swift:18:12:18:12 | urlTainted |
| url.swift:15:19:15:38 | call to init(string:) | url.swift:15:19:15:39 | ...! |
| url.swift:15:19:15:39 | ...! | url.swift:15:6:15:6 | WriteDef |
| url.swift:15:31:15:31 | tainted | url.swift:21:24:21:24 | tainted |
| url.swift:17:12:17:12 | urlClean | url.swift:22:43:22:43 | urlClean |
| url.swift:18:12:18:12 | urlTainted | url.swift:23:43:23:43 | urlTainted |
| url.swift:20:12:20:46 | call to init(string:relativeTo:) | url.swift:20:12:20:47 | ...! |
| url.swift:20:24:20:24 | clean | url.swift:22:24:22:24 | clean |
| url.swift:21:12:21:48 | call to init(string:relativeTo:) | url.swift:21:12:21:49 | ...! |
| url.swift:21:24:21:24 | tainted | url.swift:29:25:29:25 | tainted |
| url.swift:22:12:22:51 | call to init(string:relativeTo:) | url.swift:22:12:22:52 | ...! |
| url.swift:22:24:22:24 | clean | url.swift:23:24:23:24 | clean |
| url.swift:23:12:23:53 | call to init(string:relativeTo:) | url.swift:23:12:23:54 | ...! |
| url.swift:23:24:23:24 | clean | url.swift:25:25:25:25 | clean |
| url.swift:25:25:25:25 | clean | url.swift:34:26:34:26 | clean |
| url.swift:29:25:29:25 | tainted | url.swift:38:28:38:28 | tainted |
| url.swift:34:2:34:31 | WriteDef | url.swift:35:12:35:12 | urlClean2 |
| url.swift:34:14:34:31 | call to init(string:) | url.swift:34:2:34:31 | WriteDef |
| url.swift:35:12:35:12 | urlClean2 | url.swift:35:12:35:12 | ...! |
| url.swift:38:2:38:35 | WriteDef | url.swift:39:12:39:12 | urlTainted2 |
| url.swift:38:16:38:35 | call to init(string:) | url.swift:38:2:38:35 | WriteDef |
| url.swift:39:12:39:12 | urlTainted2 | url.swift:39:12:39:12 | ...! |
| string.swift:7:13:7:13 | | string.swift:7:13:7:13 | [post] |
| string.swift:7:13:7:13 | | string.swift:7:14:7:14 | [post] &... |
| string.swift:7:13:7:13 | TapExpr | string.swift:7:13:7:13 | "..." |
| string.swift:7:14:7:14 | &... | string.swift:7:13:7:13 | [post] |
| string.swift:7:14:7:14 | &... | string.swift:7:14:7:14 | [post] &... |
| string.swift:7:15:7:15 | &... | string.swift:7:15:7:15 | [post] &... |
| string.swift:7:16:7:16 | x | string.swift:7:15:7:15 | [post] &... |
| string.swift:7:18:7:18 | | string.swift:7:18:7:18 | [post] |
| string.swift:7:18:7:18 | | string.swift:7:18:7:18 | [post] &... |
| string.swift:7:18:7:18 | &... | string.swift:7:18:7:18 | [post] |
| string.swift:7:18:7:18 | &... | string.swift:7:18:7:18 | [post] &... |
| string.swift:9:13:9:13 | | string.swift:9:13:9:13 | [post] |
| string.swift:9:13:9:13 | | string.swift:9:14:9:14 | [post] &... |
| string.swift:9:13:9:13 | TapExpr | string.swift:9:13:9:13 | "..." |
| string.swift:9:14:9:14 | &... | string.swift:9:13:9:13 | [post] |
| string.swift:9:14:9:14 | &... | string.swift:9:14:9:14 | [post] &... |
| string.swift:9:15:9:15 | &... | string.swift:9:15:9:15 | [post] &... |
| string.swift:9:16:9:16 | x | string.swift:9:15:9:15 | [post] &... |
| string.swift:9:18:9:18 | | string.swift:9:18:9:18 | [post] |
| string.swift:9:18:9:18 | | string.swift:9:18:9:18 | [post] &... |
| string.swift:9:18:9:18 | &... | string.swift:9:18:9:18 | [post] |
| string.swift:9:18:9:18 | &... | string.swift:9:18:9:18 | [post] &... |
| string.swift:9:20:9:20 | &... | string.swift:9:20:9:20 | [post] &... |
| string.swift:9:21:9:21 | x | string.swift:9:20:9:20 | [post] &... |
| string.swift:9:23:9:23 | | string.swift:9:23:9:23 | [post] |
| string.swift:9:23:9:23 | | string.swift:9:23:9:23 | [post] &... |
| string.swift:9:23:9:23 | &... | string.swift:9:23:9:23 | [post] |
| string.swift:9:23:9:23 | &... | string.swift:9:23:9:23 | [post] &... |
| string.swift:11:13:11:13 | | string.swift:11:13:11:13 | [post] |
| string.swift:11:13:11:13 | | string.swift:11:14:11:14 | [post] &... |
| string.swift:11:13:11:13 | TapExpr | string.swift:11:13:11:13 | "..." |
| string.swift:11:14:11:14 | &... | string.swift:11:13:11:13 | [post] |
| string.swift:11:14:11:14 | &... | string.swift:11:14:11:14 | [post] &... |
| string.swift:11:15:11:15 | &... | string.swift:11:15:11:15 | [post] &... |
| string.swift:11:16:11:16 | x | string.swift:11:15:11:15 | [post] &... |
| string.swift:11:18:11:18 | | string.swift:11:18:11:18 | [post] |
| string.swift:11:18:11:18 | | string.swift:11:18:11:18 | [post] &... |
| string.swift:11:18:11:18 | &... | string.swift:11:18:11:18 | [post] |
| string.swift:11:18:11:18 | &... | string.swift:11:18:11:18 | [post] &... |
| string.swift:11:20:11:20 | &... | string.swift:11:20:11:20 | [post] &... |
| string.swift:11:20:11:20 | &... | string.swift:11:21:11:21 | [post] 0 |
| string.swift:11:21:11:21 | 0 | string.swift:11:20:11:20 | [post] &... |
| string.swift:11:21:11:21 | 0 | string.swift:11:21:11:21 | [post] 0 |
| string.swift:11:23:11:23 | | string.swift:11:23:11:23 | [post] |
| string.swift:11:23:11:23 | | string.swift:11:23:11:23 | [post] &... |
| string.swift:11:23:11:23 | &... | string.swift:11:23:11:23 | [post] |
| string.swift:11:23:11:23 | &... | string.swift:11:23:11:23 | [post] &... |
| string.swift:11:25:11:25 | &... | string.swift:11:25:11:25 | [post] &... |
| string.swift:11:26:11:26 | x | string.swift:11:25:11:25 | [post] &... |
| string.swift:11:28:11:28 | | string.swift:11:28:11:28 | [post] |
| string.swift:11:28:11:28 | | string.swift:11:28:11:28 | [post] &... |
| string.swift:11:28:11:28 | &... | string.swift:11:28:11:28 | [post] |
| string.swift:11:28:11:28 | &... | string.swift:11:28:11:28 | [post] &... |
| string.swift:14:13:14:13 | | string.swift:14:13:14:13 | [post] |
| string.swift:14:13:14:13 | | string.swift:14:14:14:14 | [post] &... |
| string.swift:14:13:14:13 | TapExpr | string.swift:14:13:14:13 | "..." |
| string.swift:14:14:14:14 | &... | string.swift:14:13:14:13 | [post] |
| string.swift:14:14:14:14 | &... | string.swift:14:14:14:14 | [post] &... |
| string.swift:14:15:14:15 | &... | string.swift:14:15:14:15 | [post] &... |
| string.swift:14:16:14:16 | y | string.swift:14:15:14:15 | [post] &... |
| string.swift:14:18:14:18 | | string.swift:14:18:14:18 | [post] |
| string.swift:14:18:14:18 | | string.swift:14:18:14:18 | [post] &... |
| string.swift:14:18:14:18 | &... | string.swift:14:18:14:18 | [post] |
| string.swift:14:18:14:18 | &... | string.swift:14:18:14:18 | [post] &... |
| string.swift:16:13:16:13 | | string.swift:16:13:16:13 | [post] |
| string.swift:16:13:16:13 | | string.swift:16:14:16:14 | [post] &... |
| string.swift:16:13:16:13 | TapExpr | string.swift:16:13:16:13 | "..." |
| string.swift:16:14:16:14 | &... | string.swift:16:13:16:13 | [post] |
| string.swift:16:14:16:14 | &... | string.swift:16:14:16:14 | [post] &... |
| string.swift:16:15:16:15 | &... | string.swift:16:15:16:15 | [post] &... |
| string.swift:16:16:16:16 | x | string.swift:16:15:16:15 | [post] &... |
| string.swift:16:18:16:18 | hello | string.swift:16:18:16:18 | [post] hello |
| string.swift:16:18:16:18 | hello | string.swift:16:18:16:18 | [post] &... |
| string.swift:16:18:16:18 | &... | string.swift:16:18:16:18 | [post] hello |
| string.swift:16:18:16:18 | &... | string.swift:16:18:16:18 | [post] &... |
| string.swift:16:26:16:26 | &... | string.swift:16:26:16:26 | [post] &... |
| string.swift:16:27:16:27 | y | string.swift:16:26:16:26 | [post] &... |
| string.swift:16:29:16:29 | | string.swift:16:29:16:29 | [post] |
| string.swift:16:29:16:29 | | string.swift:16:29:16:29 | [post] &... |
| string.swift:16:29:16:29 | &... | string.swift:16:29:16:29 | [post] |
| string.swift:16:29:16:29 | &... | string.swift:16:29:16:29 | [post] &... |
| string.swift:18:13:18:13 | | string.swift:18:13:18:13 | [post] |
| string.swift:18:13:18:13 | | string.swift:18:14:18:14 | [post] &... |
| string.swift:18:13:18:13 | TapExpr | string.swift:18:13:18:13 | "..." |
| string.swift:18:14:18:14 | &... | string.swift:18:13:18:13 | [post] |
| string.swift:18:14:18:14 | &... | string.swift:18:14:18:14 | [post] &... |
| string.swift:18:15:18:15 | &... | string.swift:18:15:18:15 | [post] &... |
| string.swift:18:16:18:16 | y | string.swift:18:15:18:15 | [post] &... |
| string.swift:18:18:18:18 | world | string.swift:18:18:18:18 | [post] world |
| string.swift:18:18:18:18 | world | string.swift:18:18:18:18 | [post] &... |
| string.swift:18:18:18:18 | &... | string.swift:18:18:18:18 | [post] world |
| string.swift:18:18:18:18 | &... | string.swift:18:18:18:18 | [post] &... |
| string.swift:18:26:18:26 | &... | string.swift:18:26:18:26 | [post] &... |
| string.swift:18:27:18:27 | x | string.swift:18:26:18:26 | [post] &... |
| string.swift:18:29:18:29 | | string.swift:18:29:18:29 | [post] |
| string.swift:18:29:18:29 | | string.swift:18:29:18:29 | [post] &... |
| string.swift:18:29:18:29 | &... | string.swift:18:29:18:29 | [post] |
| string.swift:18:29:18:29 | &... | string.swift:18:29:18:29 | [post] &... |
| string.swift:21:13:21:13 | | string.swift:21:13:21:13 | [post] |
| string.swift:21:13:21:13 | | string.swift:21:14:21:14 | [post] &... |
| string.swift:21:13:21:13 | TapExpr | string.swift:21:13:21:13 | "..." |
| string.swift:21:14:21:14 | &... | string.swift:21:13:21:13 | [post] |
| string.swift:21:14:21:14 | &... | string.swift:21:14:21:14 | [post] &... |
| string.swift:21:15:21:15 | &... | string.swift:21:15:21:15 | [post] &... |
| string.swift:21:16:21:16 | x | string.swift:21:15:21:15 | [post] &... |
| string.swift:21:18:21:18 | | string.swift:21:18:21:18 | [post] |
| string.swift:21:18:21:18 | | string.swift:21:18:21:18 | [post] &... |
| string.swift:21:18:21:18 | &... | string.swift:21:18:21:18 | [post] |
| string.swift:21:18:21:18 | &... | string.swift:21:18:21:18 | [post] &... |
| string.swift:33:13:33:13 | clean | string.swift:33:13:33:21 | ... .+(_:_:) ... |
| string.swift:33:21:33:21 | clean | string.swift:33:13:33:21 | ... .+(_:_:) ... |
| string.swift:34:13:34:13 | clean | string.swift:34:13:34:21 | ... .+(_:_:) ... |
| string.swift:34:21:34:21 | tainted | string.swift:34:13:34:21 | ... .+(_:_:) ... |
| string.swift:35:13:35:13 | tainted | string.swift:35:13:35:23 | ... .+(_:_:) ... |
| string.swift:35:23:35:23 | clean | string.swift:35:13:35:23 | ... .+(_:_:) ... |
| string.swift:36:13:36:13 | tainted | string.swift:36:13:36:23 | ... .+(_:_:) ... |
| string.swift:36:23:36:23 | tainted | string.swift:36:13:36:23 | ... .+(_:_:) ... |
| string.swift:38:13:38:13 | > | string.swift:38:13:38:19 | ... .+(_:_:) ... |
| string.swift:38:13:38:19 | ... .+(_:_:) ... | string.swift:38:13:38:27 | ... .+(_:_:) ... |
| string.swift:38:19:38:19 | clean | string.swift:38:13:38:19 | ... .+(_:_:) ... |
| string.swift:38:27:38:27 | < | string.swift:38:13:38:27 | ... .+(_:_:) ... |
| string.swift:39:13:39:13 | > | string.swift:39:13:39:19 | ... .+(_:_:) ... |
| string.swift:39:13:39:19 | ... .+(_:_:) ... | string.swift:39:13:39:29 | ... .+(_:_:) ... |
| string.swift:39:19:39:19 | tainted | string.swift:39:13:39:19 | ... .+(_:_:) ... |
| string.swift:39:29:39:29 | < | string.swift:39:13:39:29 | ... .+(_:_:) ... |
| url.swift:14:29:14:29 | clean | url.swift:14:17:14:34 | call to init(string:) |
| url.swift:15:31:15:31 | tainted | url.swift:15:19:15:38 | call to init(string:) |
| url.swift:20:24:20:24 | clean | url.swift:20:12:20:46 | call to init(string:relativeTo:) |
| url.swift:20:43:20:43 | nil | url.swift:20:12:20:46 | call to init(string:relativeTo:) |
| url.swift:21:24:21:24 | tainted | url.swift:21:12:21:48 | call to init(string:relativeTo:) |
| url.swift:21:45:21:45 | nil | url.swift:21:12:21:48 | call to init(string:relativeTo:) |
| url.swift:22:24:22:24 | clean | url.swift:22:12:22:51 | call to init(string:relativeTo:) |
| url.swift:22:43:22:43 | urlClean | url.swift:22:12:22:51 | call to init(string:relativeTo:) |
| url.swift:23:24:23:24 | clean | url.swift:23:12:23:53 | call to init(string:relativeTo:) |
| url.swift:23:43:23:43 | urlTainted | url.swift:23:12:23:53 | call to init(string:relativeTo:) |
| url.swift:25:25:25:25 | clean | url.swift:25:13:25:30 | call to init(string:) |
| url.swift:29:25:29:25 | tainted | url.swift:29:13:29:32 | call to init(string:) |
| url.swift:34:26:34:26 | clean | url.swift:34:14:34:31 | call to init(string:) |
| url.swift:38:28:38:28 | tainted | url.swift:38:16:38:35 | call to init(string:) |

6
swift/ql/test/library-tests/dataflow/taint/LocalTaint.ql
View File

@@ -1,6 +1,10 @@
import swift
import codeql.swift.dataflow.DataFlow
import codeql.swift.dataflow.TaintTracking
from DataFlow::Node pred, DataFlow::Node succ
where DataFlow::localFlowStep(pred, succ)
where
TaintTracking::localTaintStep(pred, succ) and
not pred.getLocation() instanceof UnknownLocation and
not succ.getLocation() instanceof UnknownLocation
select pred, succ

19
swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected
View File

@@ -17,6 +17,15 @@ edges
| StringLengthConflation.swift:137:34:137:36 | .count : | StringLengthConflation.swift:137:34:137:44 | ... .-(_:_:) ... |
| StringLengthConflation.swift:138:36:138:38 | .count : | StringLengthConflation.swift:138:36:138:46 | ... .-(_:_:) ... |
| StringLengthConflation.swift:144:28:144:30 | .count : | StringLengthConflation.swift:144:28:144:38 | ... .-(_:_:) ... |
| file://:0:0:0:0 | .length : | StringLengthConflation.swift:53:43:53:46 | .length |
| file://:0:0:0:0 | .length : | StringLengthConflation.swift:60:47:60:50 | .length : |
| file://:0:0:0:0 | .length : | StringLengthConflation.swift:66:33:66:36 | .length : |
| file://:0:0:0:0 | .length : | StringLengthConflation.swift:96:28:96:31 | .length : |
| file://:0:0:0:0 | .length : | StringLengthConflation.swift:100:27:100:30 | .length : |
| file://:0:0:0:0 | .length : | StringLengthConflation.swift:104:25:104:28 | .length : |
| file://:0:0:0:0 | .length : | StringLengthConflation.swift:108:25:108:28 | .length : |
| file://:0:0:0:0 | .length : | StringLengthConflation.swift:114:23:114:26 | .length : |
| file://:0:0:0:0 | .length : | StringLengthConflation.swift:120:22:120:25 | .length : |
nodes
| StringLengthConflation2.swift:37:34:37:36 | .count : | semmle.label | .count : |
| StringLengthConflation2.swift:37:34:37:44 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
@@ -61,26 +70,36 @@ nodes
| StringLengthConflation.swift:138:36:138:46 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
| StringLengthConflation.swift:144:28:144:30 | .count : | semmle.label | .count : |
| StringLengthConflation.swift:144:28:144:38 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... |
| file://:0:0:0:0 | .length : | semmle.label | .length : |
subpaths
#select
| StringLengthConflation2.swift:37:34:37:44 | ... .-(_:_:) ... | StringLengthConflation2.swift:37:34:37:36 | .count : | StringLengthConflation2.swift:37:34:37:44 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
| StringLengthConflation.swift:36:93:36:93 | len | StringLengthConflation.swift:72:33:72:35 | .count : | StringLengthConflation.swift:36:93:36:93 | len | This String length is used in an NSString, but it may not be equivalent. |
| StringLengthConflation.swift:53:43:53:46 | .length | StringLengthConflation.swift:53:43:53:46 | .length | StringLengthConflation.swift:53:43:53:46 | .length | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:53:43:53:46 | .length | file://:0:0:0:0 | .length : | StringLengthConflation.swift:53:43:53:46 | .length | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:54:43:54:50 | .count | StringLengthConflation.swift:54:43:54:50 | .count | StringLengthConflation.swift:54:43:54:50 | .count | This String.utf8 length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:55:43:55:51 | .count | StringLengthConflation.swift:55:43:55:51 | .count | StringLengthConflation.swift:55:43:55:51 | .count | This String.utf16 length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:56:43:56:60 | .count | StringLengthConflation.swift:56:43:56:60 | .count | StringLengthConflation.swift:56:43:56:60 | .count | This String.unicodeScalars length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:60:47:60:59 | ... ./(_:_:) ... | StringLengthConflation.swift:60:47:60:50 | .length : | StringLengthConflation.swift:60:47:60:59 | ... ./(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:60:47:60:59 | ... ./(_:_:) ... | file://:0:0:0:0 | .length : | StringLengthConflation.swift:60:47:60:59 | ... ./(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:66:33:66:45 | ... ./(_:_:) ... | StringLengthConflation.swift:66:33:66:36 | .length : | StringLengthConflation.swift:66:33:66:45 | ... ./(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:66:33:66:45 | ... ./(_:_:) ... | file://:0:0:0:0 | .length : | StringLengthConflation.swift:66:33:66:45 | ... ./(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | This String length is used in an NSString, but it may not be equivalent. |
| StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | This String length is used in an NSString, but it may not be equivalent. |
| StringLengthConflation.swift:79:47:79:54 | .count | StringLengthConflation.swift:79:47:79:54 | .count | StringLengthConflation.swift:79:47:79:54 | .count | This String.utf8 length is used in an NSString, but it may not be equivalent. |
| StringLengthConflation.swift:81:47:81:64 | .count | StringLengthConflation.swift:81:47:81:64 | .count | StringLengthConflation.swift:81:47:81:64 | .count | This String.unicodeScalars length is used in an NSString, but it may not be equivalent. |
| StringLengthConflation.swift:96:28:96:40 | ... .-(_:_:) ... | StringLengthConflation.swift:96:28:96:31 | .length : | StringLengthConflation.swift:96:28:96:40 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:96:28:96:40 | ... .-(_:_:) ... | file://:0:0:0:0 | .length : | StringLengthConflation.swift:96:28:96:40 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:100:27:100:39 | ... .-(_:_:) ... | StringLengthConflation.swift:100:27:100:30 | .length : | StringLengthConflation.swift:100:27:100:39 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:100:27:100:39 | ... .-(_:_:) ... | file://:0:0:0:0 | .length : | StringLengthConflation.swift:100:27:100:39 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:104:25:104:37 | ... .-(_:_:) ... | StringLengthConflation.swift:104:25:104:28 | .length : | StringLengthConflation.swift:104:25:104:37 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:104:25:104:37 | ... .-(_:_:) ... | file://:0:0:0:0 | .length : | StringLengthConflation.swift:104:25:104:37 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:108:25:108:37 | ... .-(_:_:) ... | StringLengthConflation.swift:108:25:108:28 | .length : | StringLengthConflation.swift:108:25:108:37 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:108:25:108:37 | ... .-(_:_:) ... | file://:0:0:0:0 | .length : | StringLengthConflation.swift:108:25:108:37 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:114:23:114:35 | ... .-(_:_:) ... | StringLengthConflation.swift:114:23:114:26 | .length : | StringLengthConflation.swift:114:23:114:35 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:114:23:114:35 | ... .-(_:_:) ... | file://:0:0:0:0 | .length : | StringLengthConflation.swift:114:23:114:35 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:120:22:120:34 | ... .-(_:_:) ... | StringLengthConflation.swift:120:22:120:25 | .length : | StringLengthConflation.swift:120:22:120:34 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:120:22:120:34 | ... .-(_:_:) ... | file://:0:0:0:0 | .length : | StringLengthConflation.swift:120:22:120:34 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. |
| StringLengthConflation.swift:125:34:125:44 | ... .-(_:_:) ... | StringLengthConflation.swift:125:34:125:36 | .count : | StringLengthConflation.swift:125:34:125:44 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
| StringLengthConflation.swift:126:36:126:46 | ... .-(_:_:) ... | StringLengthConflation.swift:126:36:126:38 | .count : | StringLengthConflation.swift:126:36:126:46 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |
| StringLengthConflation.swift:131:36:131:46 | ... .-(_:_:) ... | StringLengthConflation.swift:131:36:131:38 | .count : | StringLengthConflation.swift:131:36:131:46 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. |