Merge pull request github#12126 from geoffw0/append

Swift: Move some models into collections

Author: geoffw0

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll

@@ -25,10 +25,34 @@ private class CollectionSummaries extends SummaryModelCsv {
         ";Collection;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
         ";Collection;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint",
         ";Collection;true;removeFirst();;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;popFirst();;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;append(_:);;;Argument[0];Argument[-1];taint",
+        ";RangeReplaceableCollection;true;append(contentsOf:);;;Argument[0];Argument[-1];taint",
         ";RangeReplaceableCollection;true;remove(at:);;;Argument[-1];ReturnValue;taint",
         ";RangeReplaceableCollection;true;removeFirst();;;Argument[-1];ReturnValue;taint",
         ";RangeReplaceableCollection;true;removeLast();;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;insert(_:at:);;;Argument[0];Argument[-1];taint",
         ";BidirectionalCollection;true;joined(separator:);;;Argument[-1..0];ReturnValue;taint",
+        ";BidirectionalCollection;true;last(where:);;;Argument[-1];ReturnValue;taint",
+        ";BidirectionalCollection;true;popLast();;;Argument[-1];ReturnValue;taint",
       ]
   }
 }
+
+/**
+ * A content implying that, if a `Collection` is tainted, certain fields are also
+ * tainted.
+ */
+private class CollectionFieldsInheritTaint extends TaintInheritingContent,
+  DataFlow::Content::FieldContent {
+  CollectionFieldsInheritTaint() {
+    exists(FieldDecl f | this.getField() = f |
+      (
+        f.getEnclosingDecl().(NominalTypeDecl).getName() = ["Collection", "BidirectionalCollection"] or
+        f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getName() =
+          ["Collection", "BidirectionalCollection"]
+      ) and
+      f.getName() = ["first", "last"]
+    )
+  }
+}

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll

@@ -22,17 +22,14 @@ private class DataSummaries extends SummaryModelCsv {
         ";Data;true;init(contentsOf:options:);;;Argument[0];ReturnValue;taint",
         ";Data;true;init(bytesNoCopy:count:deallocator:);;;Argument[0];ReturnValue;taint",
         ";Data;true;init(referencing:);;;Argument[0];ReturnValue;taint",
-        ";Data;true;append(_:);;;Argument[0];Argument[-1];taint",
         ";Data;true;append(_:count:);;;Argument[0];Argument[-1];taint",
-        ";Data;true;append(contentsOf:);;;Argument[0];Argument[-1];taint",
         ";Data;true;base64EncodedData(options:);;;Argument[-1];ReturnValue;taint",
         ";Data;true;base64EncodedString(options:);;;Argument[-1];ReturnValue;taint",
         ";Data;true;compactMap(_:);;;Argument[-1];ReturnValue;taint",
         ";Data;true;copyBytes(to:);;;Argument[-1];Argument[0];taint",
         ";Data;true;copyBytes(to:count:);;;Argument[-1];Argument[0];taint",
         ";Data;true;copyBytes(to:from:);;;Argument[-1];Argument[0];taint",
         ";Data;true;flatMap(_:);;;Argument[-1];ReturnValue;taint",
-        ";Data;true;insert(_:at:);;;Argument[0];Argument[-1];taint",
         ";Data;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint",
         ";Data;true;map(_:);;;Argument[-1];ReturnValue;taint",
         ";Data;true;reduce(into:_:);;;Argument[-1];ReturnValue;taint",

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll

@@ -24,6 +24,7 @@ private class SequenceSummaries extends SummaryModelCsv {
         ";Sequence;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint",
         ";Sequence;true;joined();;;Argument[-1];ReturnValue;taint",
         ";Sequence;true;joined(separator:);;;Argument[-1..0];ReturnValue;taint",
+        ";Sequence;true;first(where:);;;Argument[-1];ReturnValue;taint",
       ]
   }
 }

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll

@@ -100,14 +100,8 @@ private class StringSummaries extends SummaryModelCsv {
         ";String;true;localizedStringWithFormat(_:_:);;;Argument[0..1];ReturnValue;taint",
         ";String;true;write(_:);;;Argument[0];Argument[-1];taint",
         ";String;true;write(to:);;;Argument[-1];Argument[0];taint",
-        ";String;true;append(_:);;;Argument[0];Argument[-1];taint",
-        ";String;true;append(contentsOf:);;;Argument[0];Argument[-1];taint",
-        ";String;true;insert(_:at:);;;Argument[0];Argument[-1];taint",
         ";String;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint",
         ";String;true;replaceSubrange(_:with::);;;Argument[1];Argument[-1];taint",
-        ";String;true;popLast();;;Argument[-1];ReturnValue;taint",
-        ";String;true;first(where:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;last(where:);;;Argument[-1];ReturnValue;taint",
         ";String;true;max();;;Argument[-1];ReturnValue;taint",
         ";String;true;max(by:);;;Argument[-1];ReturnValue;taint",
         ";String;true;min();;;Argument[-1];ReturnValue;taint",
@@ -137,7 +131,7 @@ private class StringFieldsInheritTaint extends TaintInheritingContent,
       ) and
       f.getName() =
         [
-          "first", "last", "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description",
+          "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description",
           "debugDescription", "dataValue", "identifierValue", "capitalized", "localizedCapitalized",
           "localizedLowercase", "localizedUppercase", "decomposedStringWithCanonicalMapping",
           "decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping",

swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected

@@ -17,33 +17,33 @@
 | data.swift:21:7:21:7 | self | data.swift:21:7:21:7 | SSA def(self) |
 | data.swift:22:52:22:52 | SSA def(self) | data.swift:22:52:22:67 | self[return] |
 | data.swift:22:52:22:52 | self | data.swift:22:52:22:52 | SSA def(self) |
-| data.swift:24:5:24:5 | SSA def(self) | data.swift:24:5:24:29 | self[return] |
-| data.swift:24:5:24:5 | self | data.swift:24:5:24:5 | SSA def(self) |
-| data.swift:25:2:25:2 | SSA def(self) | data.swift:25:2:25:66 | self[return] |
+| data.swift:24:3:24:3 | SSA def(self) | data.swift:24:3:24:11 | self[return] |
+| data.swift:24:3:24:3 | self | data.swift:24:3:24:3 | SSA def(self) |
+| data.swift:25:2:25:2 | SSA def(self) | data.swift:25:2:25:26 | self[return] |
 | data.swift:25:2:25:2 | self | data.swift:25:2:25:2 | SSA def(self) |
-| data.swift:26:2:26:2 | SSA def(self) | data.swift:26:2:26:61 | self[return] |
+| data.swift:26:2:26:2 | SSA def(self) | data.swift:26:2:26:66 | self[return] |
 | data.swift:26:2:26:2 | self | data.swift:26:2:26:2 | SSA def(self) |
-| data.swift:27:2:27:2 | SSA def(self) | data.swift:27:2:27:62 | self[return] |
+| data.swift:27:2:27:2 | SSA def(self) | data.swift:27:2:27:61 | self[return] |
 | data.swift:27:2:27:2 | self | data.swift:27:2:27:2 | SSA def(self) |
-| data.swift:28:2:28:2 | SSA def(self) | data.swift:28:2:28:45 | self[return] |
+| data.swift:28:2:28:2 | SSA def(self) | data.swift:28:2:28:62 | self[return] |
 | data.swift:28:2:28:2 | self | data.swift:28:2:28:2 | SSA def(self) |
-| data.swift:29:2:29:2 | SSA def(self) | data.swift:29:2:29:82 | self[return] |
+| data.swift:29:2:29:2 | SSA def(self) | data.swift:29:2:29:45 | self[return] |
 | data.swift:29:2:29:2 | self | data.swift:29:2:29:2 | SSA def(self) |
-| data.swift:30:2:30:2 | SSA def(self) | data.swift:30:2:30:50 | self[return] |
+| data.swift:30:2:30:2 | SSA def(self) | data.swift:30:2:30:82 | self[return] |
 | data.swift:30:2:30:2 | self | data.swift:30:2:30:2 | SSA def(self) |
-| data.swift:31:2:31:2 | SSA def(self) | data.swift:31:2:31:29 | self[return] |
+| data.swift:31:2:31:2 | SSA def(self) | data.swift:31:2:31:50 | self[return] |
 | data.swift:31:2:31:2 | self | data.swift:31:2:31:2 | SSA def(self) |
-| data.swift:32:7:32:7 | SSA def(self) | data.swift:32:2:32:24 | self[return] |
-| data.swift:32:7:32:7 | self | data.swift:32:7:32:7 | SSA def(self) |
-| data.swift:33:7:33:7 | SSA def(self) | data.swift:33:2:33:25 | self[return] |
+| data.swift:32:2:32:2 | SSA def(self) | data.swift:32:2:32:29 | self[return] |
+| data.swift:32:2:32:2 | self | data.swift:32:2:32:2 | SSA def(self) |
+| data.swift:33:7:33:7 | SSA def(self) | data.swift:33:2:33:24 | self[return] |
 | data.swift:33:7:33:7 | self | data.swift:33:7:33:7 | SSA def(self) |
-| data.swift:34:7:34:7 | SSA def(self) | data.swift:34:2:34:63 | self[return] |
+| data.swift:34:7:34:7 | SSA def(self) | data.swift:34:2:34:25 | self[return] |
 | data.swift:34:7:34:7 | self | data.swift:34:7:34:7 | SSA def(self) |
-| data.swift:35:7:35:7 | SSA def(self) | data.swift:35:2:35:52 | self[return] |
+| data.swift:35:7:35:7 | SSA def(self) | data.swift:35:2:35:63 | self[return] |
 | data.swift:35:7:35:7 | self | data.swift:35:7:35:7 | SSA def(self) |
-| data.swift:36:7:36:7 | SSA def(self) | data.swift:36:2:36:36 | self[return] |
+| data.swift:36:7:36:7 | SSA def(self) | data.swift:36:2:36:52 | self[return] |
 | data.swift:36:7:36:7 | self | data.swift:36:7:36:7 | SSA def(self) |
-| data.swift:37:7:37:7 | SSA def(self) | data.swift:37:2:37:33 | self[return] |
+| data.swift:37:7:37:7 | SSA def(self) | data.swift:37:2:37:36 | self[return] |
 | data.swift:37:7:37:7 | self | data.swift:37:7:37:7 | SSA def(self) |
 | data.swift:38:7:38:7 | SSA def(self) | data.swift:38:2:38:88 | self[return] |
 | data.swift:38:7:38:7 | self | data.swift:38:7:38:7 | SSA def(self) |