Swift: Dataflow through ? :.

geoffw0 · geoffw0 · commit 4c806a442aa6 · 2022-11-15T12:01:09.000Z
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
@@ -167,6 +167,15 @@ private module Cached {
       nodeTo.asExpr() = nco
     )
     or
+    // flow through ternary operator `? :`
+    exists(IfExpr ie |
+      nodeTo.asExpr() = ie and
+      (
+        nodeFrom.asExpr() = ie.getThenExpr() or
+        nodeFrom.asExpr() = ie.getElseExpr()
+      )
+    )
+    or
     // flow through a flow summary (extension of `SummaryModelCsv`)
     FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, true)
   }
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
@@ -105,11 +105,15 @@ edges
 | test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:271:15:271:16 | ...? :  |
 | test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:274:15:274:20 | ... ??(_:_:) ... |
 | test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:275:15:275:27 | ... ??(_:_:) ... |
+| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:279:15:279:31 | ... ? ... : ... |
+| test.swift:263:13:263:28 | call to optionalSource() :  | test.swift:280:15:280:38 | ... ? ... : ... |
 | test.swift:270:15:270:22 | call to source() :  | file://:0:0:0:0 | [summary param] this in signum() :  |
 | test.swift:270:15:270:22 | call to source() :  | test.swift:270:15:270:31 | call to signum() |
 | test.swift:271:15:271:16 | ...? :  | file://:0:0:0:0 | [summary param] this in signum() :  |
 | test.swift:271:15:271:16 | ...? :  | test.swift:271:15:271:25 | call to signum() :  |
 | test.swift:271:15:271:25 | call to signum() :  | test.swift:271:15:271:25 | OptionalEvaluationExpr |
+| test.swift:280:31:280:38 | call to source() :  | test.swift:280:15:280:38 | ... ? ... : ... |
+| test.swift:282:31:282:38 | call to source() :  | test.swift:282:15:282:38 | ... ? ... : ... |
 | test.swift:302:14:302:26 | (...) [Tuple element at index 1] :  | test.swift:306:15:306:15 | t1 [Tuple element at index 1] :  |
 | test.swift:302:18:302:25 | call to source() :  | test.swift:302:14:302:26 | (...) [Tuple element at index 1] :  |
 | test.swift:306:15:306:15 | t1 [Tuple element at index 1] :  | test.swift:306:15:306:18 | .1 |
@@ -249,6 +253,11 @@ nodes
 | test.swift:271:15:271:25 | call to signum() :  | semmle.label | call to signum() :  |
 | test.swift:274:15:274:20 | ... ??(_:_:) ... | semmle.label | ... ??(_:_:) ... |
 | test.swift:275:15:275:27 | ... ??(_:_:) ... | semmle.label | ... ??(_:_:) ... |
+| test.swift:279:15:279:31 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| test.swift:280:15:280:38 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| test.swift:280:31:280:38 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:282:15:282:38 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| test.swift:282:31:282:38 | call to source() :  | semmle.label | call to source() :  |
 | test.swift:302:14:302:26 | (...) [Tuple element at index 1] :  | semmle.label | (...) [Tuple element at index 1] :  |
 | test.swift:302:18:302:25 | call to source() :  | semmle.label | call to source() :  |
 | test.swift:306:15:306:15 | t1 [Tuple element at index 1] :  | semmle.label | t1 [Tuple element at index 1] :  |
@@ -332,6 +341,10 @@ subpaths
 | test.swift:271:15:271:25 | OptionalEvaluationExpr | test.swift:259:12:259:19 | call to source() :  | test.swift:271:15:271:25 | OptionalEvaluationExpr | result |
 | test.swift:274:15:274:20 | ... ??(_:_:) ... | test.swift:259:12:259:19 | call to source() :  | test.swift:274:15:274:20 | ... ??(_:_:) ... | result |
 | test.swift:275:15:275:27 | ... ??(_:_:) ... | test.swift:259:12:259:19 | call to source() :  | test.swift:275:15:275:27 | ... ??(_:_:) ... | result |
+| test.swift:279:15:279:31 | ... ? ... : ... | test.swift:259:12:259:19 | call to source() :  | test.swift:279:15:279:31 | ... ? ... : ... | result |
+| test.swift:280:15:280:38 | ... ? ... : ... | test.swift:259:12:259:19 | call to source() :  | test.swift:280:15:280:38 | ... ? ... : ... | result |
+| test.swift:280:15:280:38 | ... ? ... : ... | test.swift:280:31:280:38 | call to source() :  | test.swift:280:15:280:38 | ... ? ... : ... | result |
+| test.swift:282:15:282:38 | ... ? ... : ... | test.swift:282:31:282:38 | call to source() :  | test.swift:282:15:282:38 | ... ? ... : ... | result |
 | test.swift:306:15:306:18 | .1 | test.swift:302:18:302:25 | call to source() :  | test.swift:306:15:306:18 | .1 | result |
 | test.swift:317:15:317:18 | .0 | test.swift:314:12:314:19 | call to source() :  | test.swift:317:15:317:18 | .0 | result |
 | test.swift:327:15:327:18 | .0 | test.swift:322:18:322:25 | call to source() :  | test.swift:327:15:327:18 | .0 | result |
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
@@ -216,18 +216,26 @@
 | test.swift:279:15:279:15 | x | test.swift:280:15:280:15 | x |
 | test.swift:279:26:279:26 | x | test.swift:279:26:279:27 | ...! |
 | test.swift:279:26:279:26 | x | test.swift:280:15:280:15 | x |
+| test.swift:279:26:279:27 | ...! | test.swift:279:15:279:31 | ... ? ... : ... |
+| test.swift:279:31:279:31 | 0 | test.swift:279:15:279:31 | ... ? ... : ... |
 | test.swift:280:15:280:15 | x | test.swift:280:26:280:26 | x |
 | test.swift:280:15:280:15 | x | test.swift:284:16:284:16 | x |
 | test.swift:280:26:280:26 | x | test.swift:280:26:280:27 | ...! |
 | test.swift:280:26:280:26 | x | test.swift:284:16:284:16 | x |
+| test.swift:280:26:280:27 | ...! | test.swift:280:15:280:38 | ... ? ... : ... |
+| test.swift:280:31:280:38 | call to source() | test.swift:280:15:280:38 | ... ? ... : ... |
 | test.swift:281:15:281:15 | y | test.swift:281:26:281:26 | y |
 | test.swift:281:15:281:15 | y | test.swift:282:15:282:15 | y |
 | test.swift:281:26:281:26 | y | test.swift:281:26:281:27 | ...! |
 | test.swift:281:26:281:26 | y | test.swift:282:15:282:15 | y |
+| test.swift:281:26:281:27 | ...! | test.swift:281:15:281:31 | ... ? ... : ... |
+| test.swift:281:31:281:31 | 0 | test.swift:281:15:281:31 | ... ? ... : ... |
 | test.swift:282:15:282:15 | y | test.swift:282:26:282:26 | y |
 | test.swift:282:15:282:15 | y | test.swift:287:16:287:16 | y |
 | test.swift:282:26:282:26 | y | test.swift:282:26:282:27 | ...! |
 | test.swift:282:26:282:26 | y | test.swift:287:16:287:16 | y |
+| test.swift:282:26:282:27 | ...! | test.swift:282:15:282:38 | ... ? ... : ... |
+| test.swift:282:31:282:38 | call to source() | test.swift:282:15:282:38 | ... ? ... : ... |
 | test.swift:284:16:284:16 | x | test.swift:290:16:290:16 | x |
 | test.swift:287:16:287:16 | y | test.swift:293:16:293:16 | y |
 | test.swift:290:16:290:16 | x | test.swift:290:16:290:17 | ...? |
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/test.swift b/swift/ql/test/library-tests/dataflow/dataflow/test.swift
@@ -276,10 +276,10 @@ func test_optionals(y: Int?) {
     sink(arg: y ?? 0)
     sink(arg: y ?? source()) // $ MISSING: flow=278
 
-    sink(arg: x != nil ? x! : 0) // $ MISSING: flow=259
-    sink(arg: x != nil ? x! : source()) // $ MISSING: flow=259, 281
+    sink(arg: x != nil ? x! : 0) // $ flow=259
+    sink(arg: x != nil ? x! : source()) // $ flow=259 flow=280
     sink(arg: y != nil ? y! : 0)
-    sink(arg: y != nil ? y! : source()) // $ MISSING: flow=283
+    sink(arg: y != nil ? y! : source()) // $ flow=282
 
     if let z = x {
         sink(arg: z) // $ MISSING: flow=259
