Go/Swift: validate source/sink kinds

Jami Cogswell · Jami Cogswell · commit 76508d17c648 · 2023-06-05T12:18:33.000-04:00
diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
@@ -194,6 +194,16 @@ module ModelValidation {
       not kind instanceof ValidSummaryKind and
       result = "Invalid kind \"" + kind + "\" in summary model."
     )
+    or
+    exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) |
+      not kind instanceof ValidSinkKind and
+      result = "Invalid kind \"" + kind + "\" in sink model."
+    )
+    or
+    exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
+      not kind instanceof ValidSourceKind and
+      result = "Invalid kind \"" + kind + "\" in source model."
+    )
   }
 
   private string getInvalidModelSignature() {
diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
@@ -270,6 +270,16 @@ module CsvValidation {
       not kind instanceof ValidSummaryKind and
       result = "Invalid kind \"" + kind + "\" in summary model."
     )
+    or
+    exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) |
+      not kind instanceof ValidSinkKind and
+      result = "Invalid kind \"" + kind + "\" in sink model."
+    )
+    or
+    exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
+      not kind instanceof ValidSourceKind and
+      result = "Invalid kind \"" + kind + "\" in source model."
+    )
   }
 
   private string getInvalidModelSubtype() {
