Apply code review suggestions

atorralba · atorralba · commit 25354d2dd888 · 2022-11-24T12:35:51.000+01:00
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll
@@ -37,9 +37,13 @@ private class DataSummaries extends SummaryModelCsv {
         ";Data;true;replaceSubrange(_:with:count:);;;Argument[1];Argument[-1];taint",
         ";Data;true;replacing(_:with:maxReplacements:);;;Argument[1];Argument[-1];taint",
         ";Data;true;replacing(_:with:subrange:maxReplacements:);;;Argument[1];Argument[-1];taint",
+        // TODO: this should be implemented by a model of BidirectionalCollection
+        // ";Data;true;reversed();;;Argument[-1];ReturnValue;taint",
+        ";Data;true;sorted();;;Argument[-1];ReturnValue;taint",
+        ";Data;true;sorted(by:);;;Argument[-1];ReturnValue;taint",
+        ";Data;true;sorted(using:);;;Argument[-1];ReturnValue;taint",
         ";Data;true;shuffled();;;Argument[-1];ReturnValue;taint",
         ";Data;true;shuffled(using:);;;Argument[-1];ReturnValue;taint",
-        ";Data;true;sorted(using:);;;Argument[-1];ReturnValue;taint",
         ";Data;true;trimmingPrefix(_:);;;Argument[-1];ReturnValue;taint",
         ";Data;true;trimmingPrefix(while:);;;Argument[-1];ReturnValue;taint"
       ]
diff --git a/swift/ql/test/library-tests/dataflow/taint/data.swift b/swift/ql/test/library-tests/dataflow/taint/data.swift
@@ -6,13 +6,21 @@ class NSData {}
 protocol SortComparator {
 	associatedtype Compared
 }
-struct Data
+
+struct Data : BidirectionalCollection
 {
 	struct Base64EncodingOptions : OptionSet { let rawValue: Int }
 	struct Base64DecodingOptions : OptionSet { let rawValue: Int }
-	enum Deallocator { case none }
 	struct ReadingOptions : OptionSet { let rawValue: Int }
+	enum Deallocator { case none }
 	typealias Index = Int
+	typealias Element = UInt8
+	var startIndex: Self.Index { get { return 0 } }
+	var endIndex: Self.Index { get { return 0 } }
+	func index(after: Self.Index) -> Self.Index { return 0 }
+	func index(before: Self.Index) -> Self.Index { return 0 }
+	subscript(position: Self.Index) -> Self.Element { get { return 0 } }
+
     init<S>(_ elements: S) {}
 	init(base64Encoded: Data, options: Data.Base64DecodingOptions) {}
 	init<SourceType>(buffer: UnsafeBufferPointer<SourceType>) {}
@@ -47,9 +55,11 @@ struct Data
 	func replaceSubrange<C, R>(_: R, with: C) where C : Collection, R : RangeExpression, UInt8 == C.Element, Int == R.Bound {}
 	func replacing<C, Replacement>(_: C, with: Replacement, maxReplacements: Int = .max) -> Data where C : Collection, Replacement : Collection, UInt8 == C.Element, C.Element == Replacement.Element { return Data("") }
 	func replacing<C, Replacement>(_: C, with: Replacement, subrange: Range<Int>, maxReplacements: Int = .max) -> Data where C : Collection, Replacement : Collection, UInt8 == C.Element, C.Element == Replacement.Element { return Data("") }
+	func sorted() -> [UInt8] { return [] }
+	func sorted(by: (UInt8, UInt8) throws -> Bool) rethrows -> [UInt8] { return [] }
+	func sorted<Comparator>(using: Comparator) -> [UInt8] where Comparator : SortComparator, UInt8 == Comparator.Compared { return [] }
 	func shuffled() -> [UInt8] { return [] }
 	func shuffled<T>(using: inout T) -> [UInt8] { return [] }
-	func sorted<Comparator>(using: Comparator) -> [UInt8] where Comparator : SortComparator, UInt8 == Comparator.Compared { return [] }
 	func trimmingPrefix<Prefix>(_ prefix: Prefix) -> Data where Prefix : Sequence, UInt8 == Prefix.Element { return Data("") }
 	func trimmingPrefix(while: (UInt8) -> Bool) -> Data { return Data("") }
 }
@@ -72,170 +82,182 @@ func taintThroughData() {
 	let dataTainted2 = Data(dataTainted)
 
 	sink(arg: dataClean)
-	sink(arg: dataTainted) // $ MISSING: tainted=71
-	sink(arg: dataTainted2) // $ MISSING: tainted=71
+	sink(arg: dataTainted) // $ MISSING: tainted=81
+	sink(arg: dataTainted2) // $ MISSING: tainted=81
 
 	// ";Data;true;init(base64Encoded:options:);;;Argument[0];ReturnValue;taint",
 	let dataTainted3 = Data(base64Encoded: source() as! Data, options: [])
-	sink(arg: dataTainted3) // $ tainted=79
+	sink(arg: dataTainted3) // $ tainted=89
 
 	// ";Data;true;init(buffer:);;;Argument[0];ReturnValue;taint",
 	let dataTainted4 = Data(buffer: source() as! UnsafeBufferPointer<UInt8>)
-	sink(arg: dataTainted4)  // $ tainted=83
+	sink(arg: dataTainted4)  // $ tainted=93
 	let dataTainted5 = Data(buffer: source() as! UnsafeMutablePointer<UInt8>)
-	sink(arg: dataTainted5)  // $ tainted=85
+	sink(arg: dataTainted5)  // $ tainted=95
 
 	// ";Data;true;init(bytes:count:);;;Argument[0];ReturnValue;taint",
 	let dataTainted6 = Data(bytes: source() as! UnsafeRawPointer, count: 0)
-	sink(arg: dataTainted6)  // $ tainted=89
+	sink(arg: dataTainted6)  // $ tainted=99
 
 	// ";Data;true;init(bytesNoCopy:count:deallocator:);;;Argument[0];ReturnValue;taint",
 	let dataTainted7 = Data(bytesNoCopy: source() as! UnsafeRawPointer, count: 0, deallocator: Data.Deallocator.none)
-	sink(arg: dataTainted7)  // $ tainted=93
+	sink(arg: dataTainted7)  // $ tainted=103
 
 	// ";Data;true;init(contentsOf:options:);;;Argument[0];ReturnValue;taint",
-	let dataTainted8 = Data(contentsOf: source() as! URL, options: [])
-	sink(arg: dataTainted8)  // $ tainted=97
+	let urlTainted8 = source() as! URL
+	let dataTainted8 = Data(contentsOf: urlTainted8, options: [])
+	sink(arg: dataTainted8)  // $ tainted=107
 
 	// ";Data;true;init(referencing:);;;Argument[0];ReturnValue;taint",
 	let dataTainted9 = Data(referencing: source() as! NSData)
-	sink(arg: dataTainted9)  // $ tainted=101
+	sink(arg: dataTainted9)  // $ tainted=112
 
 	// ";Data;true;append(_:);;;Argument[0];Argument[-1];taint",
 	let dataTainted10 = Data("")
 	dataTainted10.append(source() as! Data)
-	sink(arg: dataTainted10) // $ tainted=106
+	sink(arg: dataTainted10) // $ tainted=117
 
 	let dataTainted11 = Data("")
 	dataTainted11.append(source() as! UInt8)
-	sink(arg: dataTainted11) // $ tainted=110
+	sink(arg: dataTainted11) // $ tainted=121
 
 	let dataTainted12 = Data("")
 	dataTainted12.append(source() as! UnsafeBufferPointer<UInt8>)
-	sink(arg: dataTainted12) // $ tainted=114
+	sink(arg: dataTainted12) // $ tainted=125
 
 	// ";Data;true;append(_:count:);;;Argument[0];Argument[-1];taint",
 	let dataTainted13 = Data("")
 	dataTainted13.append(source() as! UnsafePointer<UInt8>, count: 0)
-	sink(arg: dataTainted13) // $ tainted=119
+	sink(arg: dataTainted13) // $ tainted=130
 
 	// ";Data;true;append(contentsOf:);;;Argument[0];Argument[-1];taint",
 	let dataTainted14 = Data("")
 	dataTainted14.append(contentsOf: source() as! [UInt8])
-	sink(arg: dataTainted14) // $ tainted=124
+	sink(arg: dataTainted14) // $ tainted=135
 
 	// ";Data;true;base64EncodedData(options:);;;Argument[-1];ReturnValue;taint",
 	let dataTainted15 = source() as! Data
-	sink(arg: dataTainted15.base64EncodedData(options: [])) // $ tainted=128
+	sink(arg: dataTainted15.base64EncodedData(options: [])) // $ tainted=139
 
 	// ";Data;true;base64EncodedString(options:);;;Argument[-1];ReturnValue;taint",
 	let dataTainted16 = source() as! Data
-	sink(arg: dataTainted16.base64EncodedString(options: [])) // $ tainted=132
+	sink(arg: dataTainted16.base64EncodedString(options: [])) // $ tainted=143
 
 	// ";Data;true;compactMap(_:);;;Argument[-1];ReturnValue;taint",
 	let dataTainted17 = source() as! Data
 	let compactMapped: [Int] = dataTainted17.compactMap { str in Int(str) }
-	sink(arg: compactMapped) // $ tainted=136
+	sink(arg: compactMapped) // $ tainted=147
 
 	// ";Data;true;copyBytes(to:);;;Argument[-1];Argument[0];taint",
 	let dataTainted18 = source() as! Data
 	let pointerTainted18 = UnsafeMutableRawBufferPointer.allocate(byteCount: 0, alignment: 0)
 	dataTainted18.copyBytes(to: pointerTainted18)
-	sink(arg: pointerTainted18) // $ tainted=141
+	sink(arg: pointerTainted18) // $ tainted=152
 
 	// ";Data;true;copyBytes(to:count:);;;Argument[-1];Argument[0];taint",
 	let dataTainted19 = source() as! Data
 	let pointerTainted19 = UnsafeMutablePointer<UInt8>.allocate(capacity: 0)
 	dataTainted19.copyBytes(to: pointerTainted19, count: 0)
-	sink(arg: pointerTainted19) // $ MISSING: tainted=147
+	sink(arg: pointerTainted19) // $ MISSING: tainted=158
 
 	// ";Data;true;copyBytes(to:from:);;;Argument[-1];Argument[0];taint",
 	let dataTainted20 = source() as! Data
 	let pointerTainted20 = UnsafeMutablePointer<UInt8>.allocate(capacity: 0)
 	dataTainted20.copyBytes(to: pointerTainted20, from: 0..<1)
-	sink(arg: pointerTainted20) // $ MISSING: tainted=153
+	sink(arg: pointerTainted20) // $ MISSING: tainted=164
 
 	// ";Data;true;flatMap(_:);;;Argument[-1];ReturnValue;taint",
 	let dataTainted21 = source() as! Data
 	let flatMapped = dataTainted21.flatMap { Array(repeating: $0, count: 0) }
-	sink(arg: flatMapped) // $ tainted=159
+	sink(arg: flatMapped) // $ tainted=170
 
 	let dataTainted22 = source() as! Data
 	let flatMapped2 = dataTainted22.flatMap { str in Int(str) }
-	sink(arg: flatMapped2) // $ tainted=163
+	sink(arg: flatMapped2) // $ tainted=174
 
 	// ";Data;true;insert(_:at:);;;Argument[0];Argument[-1];taint",
 	let dataTainted23 = Data("")
 	dataTainted23.insert(source() as! UInt8, at: 0)
-	sink(arg: dataTainted23) // $ tainted=169
+	sink(arg: dataTainted23) // $ tainted=180
 
 	// ";Data;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint",
 	let dataTainted24 = Data("")
 	dataTainted24.insert(contentsOf: source() as! [UInt8], at: 0)
-	sink(arg: dataTainted24) // $ tainted=174
+	sink(arg: dataTainted24) // $ tainted=185
 
 	// ";Data;true;map(_:);;;Argument[-1];ReturnValue;taint",
 	let dataTainted25 = source() as! Data
 	let mapped = dataTainted25.map { $0 }
-	sink(arg: mapped) // $ tainted=178
+	sink(arg: mapped) // $ tainted=189
 
 	// ";Data;true;reduce(into:_:);;;Argument[-1];ReturnValue;taint",
 	let dataTainted26 = source() as! Data
 	let reduced = dataTainted26.reduce(into: [:]) { c, i in c[i, default: 0] += 1 }
-	sink(arg: reduced) // $ tainted=183
+	sink(arg: reduced) // $ tainted=194
 
 	// ";Data;true;replace(_:with:maxReplacements:);;;Argument[1];Argument[-1];taint",
 	let dataTainted27 = Data("")
 	dataTainted27.replace([0], with: source() as! [UInt8], maxReplacements: .max)
-	sink(arg: dataTainted27) // $ tainted=189
+	sink(arg: dataTainted27) // $ tainted=200
 
 	// ";Data;true;replaceSubrange(_:with:);;;Argument[1];Argument[-1];taint",
 	let dataTainted28 = Data("")
 	dataTainted28.replaceSubrange(1..<3, with: source() as! Data)
-	sink(arg: dataTainted28) // $ tainted=194
+	sink(arg: dataTainted28) // $ tainted=205
 
 	let dataTainted29 = Data("")
 	dataTainted29.replaceSubrange(1..<3, with: source() as! [UInt8])
-	sink(arg: dataTainted29) // $ tainted=198
+	sink(arg: dataTainted29) // $ tainted=209
 
 	let dataTainted30 = Data("")
 	dataTainted30.replaceSubrange(1..<3, with: source() as! UnsafeBufferPointer<UInt8>)
-	sink(arg: dataTainted30) // $ tainted=202
+	sink(arg: dataTainted30) // $ tainted=213
 
 	// ";Data;true;replaceSubrange(_:with:count:);;;Argument[1];Argument[-1];taint",
 	let dataTainted31 = Data("")
 	dataTainted31.replaceSubrange(1..<3, with: source() as! UnsafeRawPointer, count: 0)
-	sink(arg: dataTainted31) // $ tainted=207
+	sink(arg: dataTainted31) // $ tainted=218
 
 	// ";Data;true;replacing(_:with:maxReplacements:);;;Argument[1];Argument[-1];taint",
 	let dataTainted32 = Data("")
-	dataTainted32.replacing([0], with: source() as! [UInt8], maxReplacements: 0)
-	sink(arg: dataTainted32) // $ tainted=212
+	let _ = dataTainted32.replacing([0], with: source() as! [UInt8], maxReplacements: 0)
+	sink(arg: dataTainted32) // $ tainted=223
 
 	// ";Data;true;replacing(_:with:subrange:maxReplacements:);;;Argument[1];Argument[-1];taint",
 	let dataTainted33 = Data("")
-	dataTainted33.replacing([0], with: source() as! [UInt8], subrange: 1..<3, maxReplacements: 0)
-	sink(arg: dataTainted33) // $ tainted=217
+	let _ = dataTainted33.replacing([0], with: source() as! [UInt8], subrange: 1..<3, maxReplacements: 0)
+	sink(arg: dataTainted33) // $ tainted=228
 
-	// ";Data;true;shuffled();;;Argument[-1];ReturnValue;taint",
+	// ";Data;true;reversed();;;Argument[-1];ReturnValue;taint",
 	let dataTainted34 = source() as! Data
-	sink(arg: dataTainted34.shuffled()) // $ tainted=221
-	
-	// ";Data;true;shuffled(using:);;;Argument[-1];ReturnValue;taint",
+	sink(arg: dataTainted34.reversed()) // $ MISSING: tainted=232 // Needs models for BidirectionalCollection
+
+	// ";Data;true;sorted();;;Argument[-1];ReturnValue;taint",
 	let dataTainted35 = source() as! Data
-	var rng = rng()!
-	sink(arg: dataTainted35.shuffled(using: &rng)) // $ tainted=225
+	sink(arg: dataTainted35.sorted()) // $ tainted=236
 
-	// ";Data;true;sorted(using:);;;Argument[-1];ReturnValue;taint",
+	// ";Data;true;sorted(by:);;;Argument[-1];ReturnValue;taint",
 	let dataTainted36 = source() as! Data
-	sink(arg: dataTainted36.sorted(using: cmp()!)) // $ tainted=230
+	sink(arg: dataTainted36.sorted{ _,_ in return false }) // $ tainted=240
 
-	// ";Data;true;trimmingPrefix(_:);;;Argument[-1];ReturnValue;taint",
+	// ";Data;true;sorted(using:);;;Argument[-1];ReturnValue;taint",
 	let dataTainted37 = source() as! Data
-	sink(arg: dataTainted37.trimmingPrefix([0])) // $ tainted=234
+	sink(arg: dataTainted37.sorted(using: cmp()!)) // $ tainted=244
 
-	// ";Data;true;trimmingPrefix(while:);;;Argument[-1];ReturnValue;taint"
+	// ";Data;true;shuffled();;;Argument[-1];ReturnValue;taint",
 	let dataTainted38 = source() as! Data
-	sink(arg: dataTainted38.trimmingPrefix { _ in false }) // $ tainted=238
+	sink(arg: dataTainted38.shuffled()) // $ tainted=248
+
+	// ";Data;true;shuffled(using:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted39 = source() as! Data
+	var rng = rng()!
+	sink(arg: dataTainted39.shuffled(using: &rng)) // $ tainted=252
 
+	// ";Data;true;trimmingPrefix(_:);;;Argument[-1];ReturnValue;taint",
+	let dataTainted40 = source() as! Data
+	sink(arg: dataTainted40.trimmingPrefix([0])) // $ tainted=257
+
+	// ";Data;true;trimmingPrefix(while:);;;Argument[-1];ReturnValue;taint"
+	let dataTainted41 = source() as! Data
+	sink(arg: dataTainted41.trimmingPrefix { _ in false }) // $ tainted=261
 }
