Swift: Update the taint aspect of the flowsources test to use sinks like the regular taint test.

Author: geoffw0

swift/ql/test/library-tests/dataflow/flowsources/FlowSourcesInline.ql

@@ -4,13 +4,18 @@ import FlowConfig
 import codeql.swift.dataflow.TaintTracking
 import codeql.swift.dataflow.DataFlow
 
-module TaintReachConfiguration implements DataFlow::ConfigSig {
+module TestConfiguration implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node src) { src instanceof FlowSource }
 
-  predicate isSink(DataFlow::Node sink) { any() }
+  predicate isSink(DataFlow::Node sink) {
+    exists(CallExpr sinkCall |
+      sinkCall.getStaticTarget().getName().matches("sink%") and
+      sinkCall.getAnArgument().getExpr() = sink.asExpr()
+    )
+  }
 }
 
-module TaintReachFlow = TaintTracking::Global<TaintReachConfiguration>;
+module TestFlow = TaintTracking::Global<TestConfiguration>;
 
 string describe(FlowSource source) {
   source instanceof RemoteFlowSource and result = "remote"
@@ -29,16 +34,13 @@ module FlowSourcesTest implements TestSig {
       tag = "source" and
       value = describe(source)
     )
-  }
-
-  predicate hasOptionalResult(Location location, string element, string tag, string value) {
-    // this is not really what the "flowsources" test is about, but sometimes it's helpful to
-    // confirm that taint reaches certain obvious points in the flow source test code.
-    exists(DataFlow::Node n |
-      TaintReachFlow::flowTo(n) and
-      location = n.getLocation() and
-      location.getFile().getBaseName() != "" and
-      element = n.toString() and
+    or
+    exists(DataFlow::Node source, DataFlow::Node sink |
+      // this is not really what the "flowsources" test is about, but sometimes it's helpful to
+      // have sinks and confirm that taint reaches obvious points in the flow source test code.
+      TestFlow::flow(source, sink) and
+      location = sink.getLocation() and
+      element = sink.toString() and
       tag = "tainted" and
       value = ""
     )

swift/ql/test/library-tests/dataflow/flowsources/customurlschemes.swift

@@ -62,6 +62,8 @@ protocol UISceneDelegate {
     func scene(_: UIScene, openURLContexts: Set<UIOpenURLContext>)
 }
 
+func sink(arg: Any) {}
+
 // --- tests ---
 
 class AppDelegate: UIApplicationDelegate {
@@ -92,35 +94,35 @@ class SceneDelegate : UISceneDelegate {
     func scene(_: UIScene, willConnectTo: UISceneSession, options: UIScene.ConnectionOptions) { // $ source=remote
       for userActivity in options.userActivities {
         let x = userActivity.webpageURL
-        x // $ MISSING: tainted
+        sink(arg: x) // $ MISSING: tainted
         let y = userActivity.referrerURL
-        y // $ MISSING: tainted
+        sink(arg: y) // $ MISSING: tainted
       }
 
       for urlContext in options.urlContexts {
         let z = urlContext.url
-        z // $ MISSING: tainted
+        sink(arg: z) // $ MISSING: tainted
       }
     }
 
     func scene(_: UIScene, continue: NSUserActivity) { // $ source=remote
       let x = `continue`.webpageURL
-      x // $ tainted
+      sink(arg: x) // $ tainted
       let y = `continue`.referrerURL
-      y // $ tainted
+      sink(arg: y) // $ tainted
     }
 
     func scene(_: UIScene, didUpdate: NSUserActivity) { // $ source=remote
       let x = didUpdate.webpageURL
-      x // $ tainted
+      sink(arg: x) // $ tainted
       let y = didUpdate.referrerURL
-      y // $ tainted
+      sink(arg: y) // $ tainted
     }
 
     func scene(_: UIScene, openURLContexts: Set<UIOpenURLContext>) { // $ source=remote
       for openURLContext in openURLContexts {
         let x = openURLContext.url
-        x // $ MISSING: tainted
+        sink(arg: x) // $ MISSING: tainted
       }
     }
 }
@@ -131,35 +133,35 @@ extension Extended : UISceneDelegate {
     func scene(_: UIScene, willConnectTo: UISceneSession, options: UIScene.ConnectionOptions) { // $ source=remote
       for userActivity in options.userActivities {
         let x = userActivity.webpageURL
-        x // $ MISSING: tainted
+        sink(arg: x) // $ MISSING: tainted
         let y = userActivity.referrerURL
-        y // $ MISSING: tainted
+        sink(arg: y) // $ MISSING: tainted
       }
 
       for urlContext in options.urlContexts {
         let z = urlContext.url
-        z // $ MISSING: tainted
+        sink(arg: z) // $ MISSING: tainted
       }
     }
 
     func scene(_: UIScene, continue: NSUserActivity) { // $ source=remote
       let x = `continue`.webpageURL
-      x // $ tainted
+      sink(arg: x) // $ tainted
       let y = `continue`.referrerURL
-      y // $ tainted
+      sink(arg: y) // $ tainted
     }
 
     func scene(_: UIScene, didUpdate: NSUserActivity) { // $ source=remote
       let x = didUpdate.webpageURL
-      x // $ tainted
+      sink(arg: x) // $ tainted
       let y = didUpdate.referrerURL
-      y // $ tainted
+      sink(arg: y) // $ tainted
     }
 
     func scene(_: UIScene, openURLContexts: Set<UIOpenURLContext>) { // $ source=remote
       for openURLContext in openURLContexts {
         let x = openURLContext.url
-        x // $ MISSING: tainted
+        sink(arg: x) // $ MISSING: tainted
       }
     }
 }