Merge pull request github#13017 from MathiasVP/fix-todos-in-flow-summary-2

MathiasVP · web-flow · commit 8ef961b776ed · 2023-05-03T16:48:58.000+01:00
Swift: Fix TODO by reorganizing model imports
diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
@@ -73,37 +73,7 @@ private import internal.DataFlowPublic
 private import internal.FlowSummaryImpl::Public
 private import internal.FlowSummaryImpl::Private::External
 private import internal.FlowSummaryImplSpecific
-
-/**
- * A module importing the frameworks that provide external flow data,
- * ensuring that they are visible to the taint tracking / data flow library.
- */
-private module Frameworks {
-  private import codeql.swift.frameworks.StandardLibrary.Collection
-  private import codeql.swift.frameworks.StandardLibrary.CustomUrlSchemes
-  private import codeql.swift.frameworks.StandardLibrary.Data
-  private import codeql.swift.frameworks.StandardLibrary.FileManager
-  private import codeql.swift.frameworks.StandardLibrary.FilePath
-  private import codeql.swift.frameworks.StandardLibrary.InputStream
-  private import codeql.swift.frameworks.StandardLibrary.NsData
-  private import codeql.swift.frameworks.StandardLibrary.NsObject
-  private import codeql.swift.frameworks.StandardLibrary.NsString
-  private import codeql.swift.frameworks.StandardLibrary.NsUrl
-  private import codeql.swift.frameworks.StandardLibrary.Sequence
-  private import codeql.swift.frameworks.StandardLibrary.String
-  private import codeql.swift.frameworks.StandardLibrary.Url
-  private import codeql.swift.frameworks.StandardLibrary.UrlSession
-  private import codeql.swift.frameworks.StandardLibrary.WebView
-  private import codeql.swift.frameworks.Alamofire.Alamofire
-  private import codeql.swift.security.CleartextLoggingExtensions
-  private import codeql.swift.security.CleartextStorageDatabaseExtensions
-  private import codeql.swift.security.ECBEncryptionExtensions
-  private import codeql.swift.security.HardcodedEncryptionKeyExtensions
-  private import codeql.swift.security.PathInjectionExtensions
-  private import codeql.swift.security.PredicateInjectionExtensions
-  private import codeql.swift.security.StringLengthConflationExtensions
-  private import codeql.swift.security.WeakSensitiveDataHashingExtensions
-}
+private import FlowSummary as FlowSummary
 
 /**
  * A unit class for adding additional source model rows.
diff --git a/swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll b/swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll
@@ -10,7 +10,7 @@ class ArgumentPosition = DataFlowDispatch::ArgumentPosition;
 
 // import all instances below
 private module Summaries {
-  /* TODO */
+  private import codeql.swift.frameworks.Frameworks
 }
 
 class SummaryComponent = Impl::Public::SummaryComponent;
diff --git a/swift/ql/lib/codeql/swift/frameworks/Frameworks.qll b/swift/ql/lib/codeql/swift/frameworks/Frameworks.qll
@@ -0,0 +1,7 @@
+/**
+ * This file imports all models of frameworks and libraries.
+ */
+
+private import StandardLibrary.StandardLibrary
+private import Xml.Xml
+private import Alamofire.Alamofire
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/StandardLibrary.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/StandardLibrary.qll
@@ -0,0 +1,19 @@
+/**
+ * This file imports all models related to the Swift standard library.
+ */
+
+private import Collection
+private import CustomUrlSchemes
+private import Data
+private import FileManager
+private import FilePath
+private import InputStream
+private import NsData
+private import NsObject
+private import NsString
+private import NsUrl
+private import Sequence
+private import String
+private import Url
+private import UrlSession
+private import WebView
diff --git a/swift/ql/lib/codeql/swift/frameworks/Xml/AEXML.qll b/swift/ql/lib/codeql/swift/frameworks/Xml/AEXML.qll
diff --git a/swift/ql/lib/codeql/swift/frameworks/Xml/Libxml2.qll b/swift/ql/lib/codeql/swift/frameworks/Xml/Libxml2.qll
diff --git a/swift/ql/lib/codeql/swift/frameworks/Xml/Xml.qll b/swift/ql/lib/codeql/swift/frameworks/Xml/Xml.qll
@@ -0,0 +1,6 @@
+/**
+ * This file imports all models of XML-related frameworks and libraries.
+ */
+
+import AEXML
+import Libxml2
diff --git a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll
@@ -3,8 +3,7 @@
 import swift
 private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.dataflow.TaintTracking
-private import codeql.swift.frameworks.AEXML
-private import codeql.swift.frameworks.Libxml2
+private import codeql.swift.frameworks.Xml.Xml
 private import codeql.swift.dataflow.ExternalFlow
 
 /** A data flow sink for XML external entities (XXE) vulnerabilities. */

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ class ArgumentPosition = DataFlowDispatch::ArgumentPosition;`
`10`	`10`
`11`	`11`	`// import all instances below`
`12`	`12`	`private module Summaries {`
`13`		`- /* TODO */`
	`13`	`+ private import codeql.swift.frameworks.Frameworks`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`class SummaryComponent = Impl::Public::SummaryComponent;`