Shared: add outdated Swift sink kinds

Jami Cogswell · Jami Cogswell · commit 3f1dc8e5c79e · 2023-06-05T12:18:34.000-04:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll
@@ -47,14 +47,16 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
   private string replacementKind() {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {
diff --git a/go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll b/go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll
@@ -47,14 +47,16 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
   private string replacementKind() {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {
diff --git a/java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll b/java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll
@@ -47,14 +47,16 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
   private string replacementKind() {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll
@@ -47,14 +47,16 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
   private string replacementKind() {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {
diff --git a/python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll b/python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll
@@ -47,14 +47,16 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
   private string replacementKind() {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll b/ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll
@@ -47,14 +47,16 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
   private string replacementKind() {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {
diff --git a/swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll b/swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll
@@ -47,14 +47,16 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
   private string replacementKind() {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {
