Merge pull request github#12307 from geoffw0/stringconflationtaint

geoffw0 · web-flow · commit 9aaf30691c15 · 2023-03-03T17:27:15.000Z
Swift: Update swift/string-length-conflation to taint tracking
diff --git a/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql b/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
@@ -12,6 +12,7 @@
 
 import swift
 import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.TaintTracking
 import DataFlow::PathGraph
 
 /**
@@ -52,7 +53,7 @@ class StringLengthConflationFlowState extends string {
  * a `String` or an `NSString` object, to a sink of a different kind that
  * expects an incompatible measure of length.
  */
-class StringLengthConflationConfiguration extends DataFlow::Configuration {
+class StringLengthConflationConfiguration extends TaintTracking::Configuration {
   StringLengthConflationConfiguration() { this = "StringLengthConflationConfiguration" }
 
   override predicate isSource(DataFlow::Node node, string flowstate) {
@@ -177,11 +178,6 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration {
         correctFlowState.(StringLengthConflationFlowState).getEquivClass()
     )
   }
-
-  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    // allow flow through `+`, `-`, `*` etc.
-    node2.asExpr().(ArithmeticOperation).getAnOperand() = node1.asExpr()
-  }
 }
 
 from
