Skip to content

Commit 06ae374

Browse files
geoffw0geoffw0
committed
Swift: Add a predicate for common code.
1 parent 012dc59 commit 06ae374

File tree

1 file changed

+21
-16
lines changed

1 file changed

+21
-16
lines changed

swift/ql/lib/codeql/swift/frameworks/Heuristic.qll

Lines changed: 21 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,25 @@ import swift
77
private import codeql.swift.dataflow.DataFlow
88
private import codeql.swift.dataflow.FlowSources
99

10+
/**
11+
* An initializer call `ce` that has a "contentsOf" argument, along with a
12+
* guess `isRemote` as to whether it is the contents of a remote source. For
13+
* example:
14+
* ```
15+
* let myObject = MyClass(contentsOf: url) // isRemote = true
16+
* let myObject = MyClass(contentsOfFile: "foo.txt") // isRemote = false
17+
* ```
18+
*/
19+
private predicate contentsOfInitializer(InitializerCallExpr ce, boolean isRemote) {
20+
exists(Argument arg |
21+
ce.getAnArgument() = arg and
22+
arg.getLabel() = ["contentsOf", "contentsOfFile", "contentsOfPath", "contentsOfDirectory"] and
23+
if arg.getExpr().getType().getUnderlyingType().getName() = ["URL", "NSURL"]
24+
then isRemote = true
25+
else isRemote = false
26+
)
27+
}
28+
1029
/**
1130
* An imprecise flow source for an initializer call with a "contentsOf"
1231
* argument that appears to be remote. For example:
@@ -15,14 +34,7 @@ private import codeql.swift.dataflow.FlowSources
1534
* ```
1635
*/
1736
private class InitializerContentsOfRemoteSource extends RemoteFlowSource {
18-
InitializerContentsOfRemoteSource() {
19-
exists(InitializerCallExpr ce, Argument arg |
20-
ce.getAnArgument() = arg and
21-
arg.getLabel() = ["contentsOf", "contentsOfFile", "contentsOfPath", "contentsOfDirectory"] and
22-
arg.getExpr().getType().getUnderlyingType().getName() = ["URL", "NSURL"] and
23-
this.asExpr() = ce
24-
)
25-
}
37+
InitializerContentsOfRemoteSource() { contentsOfInitializer(this.asExpr(), true) }
2638

2739
override string getSourceType() { result = "contentsOf initializer" }
2840
}
@@ -35,14 +47,7 @@ private class InitializerContentsOfRemoteSource extends RemoteFlowSource {
3547
* ```
3648
*/
3749
private class InitializerContentsOfLocalSource extends LocalFlowSource {
38-
InitializerContentsOfLocalSource() {
39-
exists(InitializerCallExpr ce, Argument arg |
40-
ce.getAnArgument() = arg and
41-
arg.getLabel() = ["contentsOf", "contentsOfFile", "contentsOfPath", "contentsOfDirectory"] and
42-
not arg.getExpr().getType().getUnderlyingType().getName() = ["URL", "NSURL"] and
43-
this.asExpr() = ce
44-
)
45-
}
50+
InitializerContentsOfLocalSource() { contentsOfInitializer(this.asExpr(), false) }
4651

4752
override string getSourceType() { result = "contentsOf initializer" }
4853
}

0 commit comments

Comments
 (0)