Merge pull request github#11935 from geoffw0/protocol-extension

Swift: Flow sources through protocol extensions

Author: geoffw0

swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll

@@ -424,33 +424,53 @@ private Element interpretElement0(
     )
     or
     // Member functions
-    exists(NominalTypeDecl nomTypeDecl, Decl decl, MethodDecl method |
+    exists(NominalTypeDecl namedTypeDecl, Decl declWithMethod, MethodDecl method |
       method.getName() = name and
-      method = decl.getAMember() and
-      nomTypeDecl.getFullName() = type and
+      method = declWithMethod.getAMember() and
+      namedTypeDecl.getFullName() = type and
       matchesSignature(method, signature) and
       result = method
     |
+      // member declared in the named type or a subtype of it (or an extension of any)
       subtypes = true and
-      decl.asNominalTypeDecl() = nomTypeDecl.getADerivedTypeDecl*()
+      declWithMethod.asNominalTypeDecl() = namedTypeDecl.getADerivedTypeDecl*()
       or
+      // member declared in a type that's extended with a protocol that is the named type
+      exists(ExtensionDecl e |
+        e.getExtendedTypeDecl().getADerivedTypeDecl*() = declWithMethod.asNominalTypeDecl()
+      |
+        subtypes = true and
+        e.getAProtocol() = namedTypeDecl.getADerivedTypeDecl*()
+      )
+      or
+      // member declared directly in the named type (or an extension of it)
       subtypes = false and
-      decl.asNominalTypeDecl() = nomTypeDecl
+      declWithMethod.asNominalTypeDecl() = namedTypeDecl
     )
     or
     // Fields
     signature = "" and
-    exists(NominalTypeDecl nomTypeDecl, Decl decl, FieldDecl field |
+    exists(NominalTypeDecl namedTypeDecl, Decl declWithField, FieldDecl field |
       field.getName() = name and
-      field = decl.getAMember() and
-      nomTypeDecl.getFullName() = type and
+      field = declWithField.getAMember() and
+      namedTypeDecl.getFullName() = type and
       result = field
     |
+      // field declared in the named type or a subtype of it (or an extension of any)
       subtypes = true and
-      decl.asNominalTypeDecl() = nomTypeDecl.getADerivedTypeDecl*()
+      declWithField.asNominalTypeDecl() = namedTypeDecl.getADerivedTypeDecl*()
+      or
+      // field declared in a type that's extended with a protocol that is the named type
+      exists(ExtensionDecl e |
+        e.getExtendedTypeDecl().getADerivedTypeDecl*() = declWithField.asNominalTypeDecl()
+      |
+        subtypes = true and
+        e.getAProtocol() = namedTypeDecl.getADerivedTypeDecl*()
+      )
       or
+      // field declared directly in the named type (or an extension of it)
       subtypes = false and
-      decl.asNominalTypeDecl() = nomTypeDecl
+      declWithField.asNominalTypeDecl() = namedTypeDecl
     )
   )
 }

swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected

@@ -55,14 +55,26 @@
 | generics.swift:67:9:67:27 | call to source11() | external |
 | generics.swift:68:9:68:18 | .source12 | external |
 | generics.swift:69:9:69:27 | call to source13() | external |
-| generics.swift:88:9:88:15 | .source1 | external |
-| generics.swift:89:9:89:15 | .source2 | external |
-| generics.swift:90:9:90:14 | .source1 | external |
-| generics.swift:91:9:91:14 | .source2 | external |
-| generics.swift:92:9:92:15 | .source1 | external |
-| generics.swift:93:9:93:15 | .source2 | external |
-| generics.swift:112:9:112:15 | .source1 | external |
-| generics.swift:113:9:113:15 | .source2 | external |
+| generics.swift:93:9:93:15 | .source0 | external |
+| generics.swift:94:9:94:15 | .source1 | external |
+| generics.swift:95:9:95:15 | .source2 | external |
+| generics.swift:96:9:96:14 | .source0 | external |
+| generics.swift:97:9:97:14 | .source1 | external |
+| generics.swift:98:9:98:14 | .source2 | external |
+| generics.swift:99:9:99:15 | .source0 | external |
+| generics.swift:100:9:100:15 | .source1 | external |
+| generics.swift:101:9:101:15 | .source2 | external |
+| generics.swift:125:9:125:15 | .source0 | external |
+| generics.swift:126:9:126:15 | .source1 | external |
+| generics.swift:127:9:127:15 | .source2 | external |
+| generics.swift:128:9:128:14 | .source0 | external |
+| generics.swift:129:9:129:14 | .source1 | external |
+| generics.swift:130:9:130:14 | .source2 | external |
+| generics.swift:131:9:131:15 | .source0 | external |
+| generics.swift:132:9:132:15 | .source1 | external |
+| generics.swift:133:9:133:15 | .source2 | external |
+| generics.swift:162:9:162:22 | call to source2() | external |
+| generics.swift:163:9:163:22 | call to source3() | external |
 | nsdata.swift:18:17:18:40 | call to NSData.init(contentsOf:) | external |
 | nsdata.swift:19:17:19:53 | call to NSData.init(contentsOf:options:) | external |
 | string.swift:56:21:56:44 | call to String.init(contentsOf:) | external |

swift/ql/test/library-tests/dataflow/flowsources/FlowSources.ql

@@ -22,9 +22,15 @@ class CustomTestSourcesCsv extends SourceModelCsv {
         ";MyDerived2;true;source11();;;ReturnValue;remote", ";MyDerived2;true;source12;;;;remote",
         ";MyDerived2;true;source13();;;ReturnValue;remote",
         // ---
-        ";MyProtocol;true;source1;;;;remote", ";MyProtocol;true;source2;;;;remote",
+        ";MyParentProtocol;true;source0;;;;remote", ";MyProtocol;true;source1;;;;remote",
+        ";MyProtocol;true;source2;;;;remote",
         // ---
-        ";MyProtocol2;true;source1;;;;remote", ";MyProtocol2;true;source2;;;;remote",
+        ";MyParentProtocol2;true;source0;;;;remote", ";MyProtocol2;true;source1;;;;remote",
+        ";MyProtocol2;true;source2;;;;remote",
+        // ---
+        ";MyProtocol3;true;source1();;;ReturnValue;remote",
+        ";MyProtocol3;true;source2();;;ReturnValue;remote",
+        ";MyProtocol3;true;source3();;;ReturnValue;remote"
       ]
   }
 }

swift/ql/test/library-tests/dataflow/flowsources/generics.swift

@@ -71,7 +71,11 @@ func useDerived(generic: MyGeneric<Int>, generic2: MyGeneric<Any>, derived: MyDe
 
 // ---
 
-protocol MyProtocol {
+protocol MyParentProtocol {
+    var source0: Int { get }
+}
+
+protocol MyProtocol : MyParentProtocol {
     var source1: Int { get }
     var source2: Int { get }
 }
@@ -81,21 +85,29 @@ class MyImpl<T> : MyProtocol {
 }
 
 extension MyImpl {
+    var source0: Int { get { return 0 } }
     var source2: Int { get { return 0 } }
 }
 
 func useProtocol(proto: MyProtocol, impl: MyImpl<Int>, impl2: MyImpl<Any>) {
+    _ = proto.source0 // SOURCE
     _ = proto.source1 // SOURCE
     _ = proto.source2 // SOURCE
+    _ = impl.source0 // SOURCE
     _ = impl.source1 // SOURCE
     _ = impl.source2 // SOURCE
+    _ = impl2.source0 // SOURCE
     _ = impl2.source1 // SOURCE
     _ = impl2.source2 // SOURCE
 }
 
 // ---
 
-protocol MyProtocol2 {
+protocol MyParentProtocol2 {
+    var source0: Int { get }
+}
+
+protocol MyProtocol2 : MyParentProtocol2 {
     var source1: Int { get }
     var source2: Int { get }
 }
@@ -105,14 +117,48 @@ class MyImpl2<T> {
 }
 
 extension MyImpl2 : MyProtocol2 {
+    var source0: Int { get { return 0 } }
     var source2: Int { get { return 0 } }
 }
 
 func useProtocol2(proto: MyProtocol2, impl: MyImpl2<Int>, impl2: MyImpl2<Any>) {
+    _ = proto.source0 // SOURCE
     _ = proto.source1 // SOURCE
     _ = proto.source2 // SOURCE
-    _ = impl.source1 // SOURCE [NOT DETECTED]
-    _ = impl.source2 // SOURCE [NOT DETECTED]
-    _ = impl2.source1 // SOURCE [NOT DETECTED]
-    _ = impl2.source2 // SOURCE [NOT DETECTED]
+    _ = impl.source0 // SOURCE
+    _ = impl.source1 // SOURCE
+    _ = impl.source2 // SOURCE
+    _ = impl2.source0 // SOURCE
+    _ = impl2.source1 // SOURCE
+    _ = impl2.source2 // SOURCE
+}
+
+// ---
+
+protocol MyProtocol3 {
+    func source1() -> Int
+    func source2() -> Int
+    func source3() -> Int
+}
+
+class MyParentClass3 {
+    func source1() -> Int { return 0 }
+}
+
+class MyClass3 : MyParentClass3 {
+    func source2() -> Int { return 0 }
+    func source3() -> Int { return 0 }
+}
+
+extension MyClass3 : MyProtocol3 {
+}
+
+class MyChildClass3: MyClass3 {
+    override func source3() -> Int { return 0 }
+}
+
+func useProtocol3(impl: MyChildClass3) {
+    _ = impl.source1() // not a source (`MyProtocol3.source1` is the declared source and `MyParentClass3` doesn't extend it)
+    _ = impl.source2() // SOURCE
+    _ = impl.source3() // SOURCE
 }