diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll index a8cf7b1dcd1c..2d1c83d0c811 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll @@ -15,18 +15,35 @@ private class CollectionSummaries extends SummaryModelCsv { row = [ ";Collection;true;prefix(_:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;prefix(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";Collection;true;prefix(through:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;prefix(through:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";Collection;true;prefix(upTo:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;prefix(upTo:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";Collection;true;prefix(while:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;prefix(while:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";Collection;true;suffix(_:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;suffix(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";Collection;true;suffix(from:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;suffix(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";Collection;true;dropFirst(_:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;dropFirst(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";Collection;true;dropLast(_:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;dropLast(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", + ";Collection;true;flatMap(_:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;flatMap(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", + ";Collection;true;map(_:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;map(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";Collection;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint", ";Collection;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint", ";Collection;true;removeFirst();;;Argument[-1];ReturnValue;taint", ";Collection;true;popFirst();;;Argument[-1];ReturnValue;taint", ";Collection;true;randomElement();;;Argument[-1].CollectionElement;ReturnValue.OptionalSome;value", + ";Collection;true;randomElement(using:);;;Argument[-1].CollectionElement;ReturnValue.OptionalSome;value", + ";Collection;true;trimmingPrefix(_:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;trimmingPrefix(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", + ";Collection;true;trimmingPrefix(while:);;;Argument[-1];ReturnValue;taint", + ";Collection;true;trimmingPrefix(while:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";RangeReplaceableCollection;true;init(_:);;;Argument[0];ReturnValue.CollectionElement;taint", ";RangeReplaceableCollection;true;init(_:);;;Argument[0].CollectionElement;ReturnValue.CollectionElement;value", ";RangeReplaceableCollection;true;init(repeating:count:);;;Argument[0];ReturnValue.CollectionElement;value", @@ -38,9 +55,19 @@ private class CollectionSummaries extends SummaryModelCsv { ";RangeReplaceableCollection;true;insert(_:at:);;;Argument[0];Argument[-1];taint", ";RangeReplaceableCollection;true;replaceSubrange(_:with:);;;Argument[1];Argument[-1];taint", ";RangeReplaceableCollection;true;replaceSubrange(_:with:);;;Argument[1].CollectionElement;Argument[-1].CollectionElement;value", + ";BidirectionalCollection;true;dropLast(_:);;;Argument[-1];ReturnValue;taint", + ";BidirectionalCollection;true;dropLast(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";BidirectionalCollection;true;joined(separator:);;;Argument[-1..0];ReturnValue;taint", + ";BidirectionalCollection;true;joined(separator:);;;Argument[-1].CollectionElement;ReturnValue;taint", + ";BidirectionalCollection;true;joined(separator:);;;Argument[-1].CollectionElement.CollectionElement;ReturnValue.CollectionElement;value", ";BidirectionalCollection;true;last(where:);;;Argument[-1];ReturnValue;taint", ";BidirectionalCollection;true;popLast();;;Argument[-1];ReturnValue;taint", + ";BidirectionalCollection;true;reversed();;;Argument[-1];ReturnValue;taint", + ";BidirectionalCollection;true;reversed();;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", + ";BidirectionalCollection;true;suffix(_:);;;Argument[-1];ReturnValue;taint", + ";BidirectionalCollection;true;suffix(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", + ";BidirectionalCollection;true;suffix(from:);;;Argument[-1];ReturnValue;taint", + ";BidirectionalCollection;true;suffix(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", ";MutableCollection;true;withContiguousMutableStorageIfAvailable(_:);;;Argument[-1];Argument[0].Parameter[0].CollectionElement;taint", ";MutableCollection;true;withContiguousMutableStorageIfAvailable(_:);;;Argument[-1].CollectionElement;Argument[0].Parameter[0].CollectionElement;value", ";MutableCollection;true;withContiguousMutableStorageIfAvailable(_:);;;Argument[0].Parameter[0].CollectionElement;Argument[-1].CollectionElement;value", diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll index 1c7774bc2640..efe8d785222c 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll @@ -45,6 +45,7 @@ private class SequenceSummaries extends SummaryModelCsv { ";Sequence;true;joined();;;Argument[-1].CollectionElement.CollectionElement;ReturnValue.CollectionElement;value", ";Sequence;true;joined(separator:);;;Argument[0..-1];ReturnValue;taint", ";Sequence;true;joined(separator:);;;Argument[-1].CollectionElement;ReturnValue;taint", + ";Sequence;true;joined(separator:);;;Argument[-1].CollectionElement.CollectionElement;ReturnValue.CollectionElement;value", ";Sequence;true;first(where:);;;Argument[-1].CollectionElement;ReturnValue;value", ";Sequence;true;withContiguousStorageIfAvailable(_:);;;Argument[-1];Argument[0].Parameter[0].CollectionElement;taint", ";Sequence;true;withContiguousStorageIfAvailable(_:);;;Argument[-1].CollectionElement;Argument[0].Parameter[0].CollectionElement;value", diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll index eae5f78bb7f5..b773177f1523 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll @@ -173,6 +173,12 @@ private class StringFieldsInheritTaint extends TaintInheritingContent, namedTypeDecl.getFullName() = "CustomDebugStringConvertible" and fieldDecl.getName() = "debugDescription" or + namedTypeDecl.getFullName() = "CustomTestStringConvertible" and + fieldDecl.getName() = "testDescription" + or + namedTypeDecl.getFullName() = "CustomURLRepresentationParameterConvertible" and + fieldDecl.getName() = "urlRepresentationParameter" + or namedTypeDecl.getFullName() = "Substring" and fieldDecl.getName() = "base" ) and diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected b/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected index b321acf94e33..bbe166c67ca4 100644 --- a/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected @@ -1,13 +1,6 @@ testFailures | optionset.swift:60:49:61:1 | // $ tainted=60\n | Missing result: tainted=60 | | optionset.swift:65:58:66:1 | // $ tainted=65\n | Missing result: tainted=65 | -| string.swift:237:35:238:1 | // $ tainted=217\n | Missing result: tainted=217 | -| string.swift:244:33:245:1 | // $ tainted=217\n | Missing result: tainted=217 | -| string.swift:270:40:271:1 | // $ tainted=217\n | Missing result: tainted=217 | -| string.swift:271:40:272:1 | // $ tainted=217\n | Missing result: tainted=217 | -| string.swift:272:42:273:1 | // $ tainted=217\n | Missing result: tainted=217 | -| string.swift:586:19:587:1 | // $ tainted=565\n | Missing result: tainted=565 | -| string.swift:587:27:588:1 | // $ tainted=565\n | Missing result: tainted=565 | | string.swift:599:35:600:1 | // $ tainted=599\n | Missing result: tainted=599 | | string.swift:605:30:606:1 | // $ tainted=605\n | Missing result: tainted=605 | failures