Merge pull request #11514 from geoffw0/generics

geoffw0 · web-flow · commit 6cb69c907d18 · 2022-12-05T13:02:35.000Z
Swift: Fix for MaD with generics
diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list
@@ -34,11 +34,9 @@ ql/lib/codeql/swift/elements/decl/IfConfigDeclConstructor.qll ebd945f0a081421bd7
 ql/lib/codeql/swift/elements/decl/ImportDeclConstructor.qll f2f09df91784d7a6d348d67eaf3429780ac820d2d3a08f66e1922ea1d4c8c60d 4496865a26be2857a335cbc00b112beb78a319ff891d0c5d2ad41a4d299f0457
 ql/lib/codeql/swift/elements/decl/InfixOperatorDecl.qll ca3af3b403b9d456029cb4f4b94b610a93d2d70ea71a3d6c4532088ebc83bd0b 5dec87f0c43948f38e942b204583043eb4f7386caa80cec8bf2857a2fd933ed4
 ql/lib/codeql/swift/elements/decl/InfixOperatorDeclConstructor.qll ca6c5c477e35e2d6c45f8e7a08577c43e151d3e16085f1eae5c0a69081714b04 73543543dff1f9847f3299091979fdf3d105a84e2bcdb890ce5d72ea18bba6c8
-ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll 7b27fe02dca453d5bdb5f10be07978d98308e466bad5585b3040ed9c1a817737 fed59974e47c3011d4bddefb959f5cacaa3b770ad5a6db15558334ef02ad04e9
 ql/lib/codeql/swift/elements/decl/MissingMemberDeclConstructor.qll 82738836fa49447262e184d781df955429c5e3697d39bf3689397d828f04ce65 8ef82ed7c4f641dc8b4d71cd83944582da539c34fb3d946c2377883abada8578
 ql/lib/codeql/swift/elements/decl/ModuleDecl.qll 0d39d88c926d5633f467ab7a1db0101e8d61250ee5e4847de862232f997de783 410311bf3ae1efac53d8fd6515c2fe69d9ab79902c1048780e87d478cd200e26
 ql/lib/codeql/swift/elements/decl/ModuleDeclConstructor.qll 9b18b6d3517fd0c524ac051fd5dea288e8f923ada00fe4cc809cbebce036f890 0efc90492417089b0982a9a6d60310faba7a1fce5c1749396e3a29b3aac75dc5
-ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll 0b101f879e48e000074971d6412183f6be98fe99512037967ee650ffd82ec7a3 9faf5bd4e51b47a75edb67e9115281ca5b20ab6c0d8f6882f043734495bb399f
 ql/lib/codeql/swift/elements/decl/OpaqueTypeDecl.qll 7c4a5fda798c9b44e481905f28e6c105ab3f8ab5567c2c336b24d27102fd7d66 e84e0dd1a3175ad29123def00e71efbd6f4526a12601fc027b0892930602046b
 ql/lib/codeql/swift/elements/decl/OpaqueTypeDeclConstructor.qll f707aab3627801e94c63aedcded21eab14d3617c35da5cf317692eeb39c84710 20888ae6e386ae31e3cb9ff78155cb408e781ef1e7b6d687c2705843bcac0340
 ql/lib/codeql/swift/elements/decl/ParamDeclConstructor.qll cfa0ba73a9727b8222efbf65845d6df0d01800646feaf7b407b8ffe21a6691d8 916ff2d3e96546eac6828e1b151d4b045ce5f7bcd5d7dbb074f82ecf126b0e09
diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
@@ -390,18 +390,6 @@ predicate matchesSignature(AbstractFunctionDecl func, string signature) {
   paramsString(func) = signature
 }
 
-private NominalType getDeclType(IterableDeclContext decl) {
-  result = decl.(ClassDecl).getType()
-  or
-  result = decl.(StructDecl).getType()
-  or
-  result = getDeclType(decl.(ExtensionDecl).getExtendedTypeDecl())
-  or
-  result = decl.(EnumDecl).getType()
-  or
-  result = decl.(ProtocolDecl).getType()
-}
-
 /**
  * Gets the element in module `namespace` that satisfies the following properties:
  * 1. If the element is a member of a class-like type, then the class-like type has name `type`
@@ -430,32 +418,33 @@ private Element interpretElement0(
     )
     or
     // Member functions
-    exists(NominalType nomType, IterableDeclContext decl, MethodDecl method |
+    exists(NominalTypeDecl nomTypeDecl, IterableDeclContext decl, MethodDecl method |
       method.getName() = name and
       method = decl.getAMember() and
-      nomType.getFullName() = type and
+      nomTypeDecl.getFullName() = type and
       matchesSignature(method, signature) and
       result = method
     |
       subtypes = true and
-      getDeclType(decl) = nomType.getADerivedType*()
+      decl.getNominalTypeDecl() = nomTypeDecl.getADerivedTypeDecl*()
       or
       subtypes = false and
-      getDeclType(decl) = nomType
+      decl.getNominalTypeDecl() = nomTypeDecl
     )
     or
+    // Fields
     signature = "" and
-    exists(NominalType nomType, IterableDeclContext decl, FieldDecl field |
+    exists(NominalTypeDecl nomTypeDecl, IterableDeclContext decl, FieldDecl field |
       field.getName() = name and
       field = decl.getAMember() and
-      nomType.getFullName() = type and
+      nomTypeDecl.getFullName() = type and
       result = field
     |
       subtypes = true and
-      getDeclType(decl) = nomType.getADerivedType*()
+      decl.getNominalTypeDecl() = nomTypeDecl.getADerivedTypeDecl*()
       or
       subtypes = false and
-      getDeclType(decl) = nomType
+      decl.getNominalTypeDecl() = nomTypeDecl
     )
   )
 }
diff --git a/swift/ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll b/swift/ql/lib/codeql/swift/elements/decl/IterableDeclContext.qll
@@ -1,4 +1,18 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
 private import codeql.swift.generated.decl.IterableDeclContext
+private import codeql.swift.elements.decl.NominalTypeDecl
+private import codeql.swift.elements.decl.ExtensionDecl
 
-class IterableDeclContext extends Generated::IterableDeclContext { }
+/**
+ * A nominal type (class, struct, enum or protocol) or extension.
+ */
+class IterableDeclContext extends Generated::IterableDeclContext {
+  /**
+   * Gets the `NominalTypeDecl` corresponding to this `IterableDeclContext`
+   * resolving an extension to the extended type declaration.
+   */
+  NominalTypeDecl getNominalTypeDecl() {
+    result = this.(NominalTypeDecl)
+    or
+    result = this.(ExtensionDecl).getExtendedTypeDecl()
+  }
+}
diff --git a/swift/ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/NominalTypeDecl.qll
@@ -1,4 +1,6 @@
-// generated by codegen/codegen.py, remove this comment if you wish to edit this file
 private import codeql.swift.generated.decl.NominalTypeDecl
 
+/**
+ * A class, struct, enum or protocol.
+ */
 class NominalTypeDecl extends Generated::NominalTypeDecl { }
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.expected
@@ -5,6 +5,43 @@
 | customurlschemes.swift:48:9:48:28 | ...[...] | Remote URL in UIApplicationDelegate.application.launchOptions |
 | data.swift:18:20:18:20 | call to init(contentsOf:options:) | external |
 | data.swift:18:20:18:54 | call to init(contentsOf:options:) | external |
+| file://:0:0:0:0 | .source1 | external |
+| file://:0:0:0:0 | .source1 | external |
+| file://:0:0:0:0 | .source4 | external |
+| file://:0:0:0:0 | .source9 | external |
+| generics.swift:10:9:10:16 | .source1 | external |
+| generics.swift:11:9:11:16 | .source2 | external |
+| generics.swift:12:9:12:24 | call to source3() | external |
+| generics.swift:48:9:48:17 | .source1 | external |
+| generics.swift:49:9:49:17 | .source2 | external |
+| generics.swift:50:9:50:25 | call to source3() | external |
+| generics.swift:51:9:51:18 | .source1 | external |
+| generics.swift:52:9:52:18 | .source2 | external |
+| generics.swift:53:9:53:26 | call to source3() | external |
+| generics.swift:54:9:54:17 | .source1 | external |
+| generics.swift:55:9:55:17 | .source2 | external |
+| generics.swift:56:9:56:25 | call to source3() | external |
+| generics.swift:57:9:57:17 | .source4 | external |
+| generics.swift:58:9:58:17 | .source5 | external |
+| generics.swift:59:9:59:25 | call to source6() | external |
+| generics.swift:60:9:60:17 | .source7 | external |
+| generics.swift:61:9:61:25 | call to source8() | external |
+| generics.swift:62:9:62:18 | .source1 | external |
+| generics.swift:63:9:63:18 | .source2 | external |
+| generics.swift:64:9:64:26 | call to source3() | external |
+| generics.swift:65:9:65:18 | .source9 | external |
+| generics.swift:66:9:66:18 | .source10 | external |
+| generics.swift:67:9:67:27 | call to source11() | external |
+| generics.swift:68:9:68:18 | .source12 | external |
+| generics.swift:69:9:69:27 | call to source13() | external |
+| generics.swift:88:9:88:15 | .source1 | external |
+| generics.swift:89:9:89:15 | .source2 | external |
+| generics.swift:90:9:90:14 | .source1 | external |
+| generics.swift:91:9:91:14 | .source2 | external |
+| generics.swift:92:9:92:15 | .source1 | external |
+| generics.swift:93:9:93:15 | .source2 | external |
+| generics.swift:112:9:112:15 | .source1 | external |
+| generics.swift:113:9:113:15 | .source2 | external |
 | nsdata.swift:18:17:18:17 | call to init(contentsOf:) | external |
 | nsdata.swift:18:17:18:40 | call to init(contentsOf:) | external |
 | nsdata.swift:19:17:19:17 | call to init(contentsOf:options:) | external |
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.ql b/swift/ql/test/library-tests/dataflow/flowsources/FlowSources.ql
@@ -1,5 +1,33 @@
 import swift
 import codeql.swift.dataflow.FlowSources
+import codeql.swift.dataflow.ExternalFlow
+
+/**
+ * A models-as-data class expressing custom flow sources for this test. These
+ * cases ensure that MaD source definitions are able to successfully match a
+ * range of class fields and member functions.
+ */
+class CustomTestSourcesCsv extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";MySimpleClass;true;source1;;;;remote", ";MySimpleClass;true;source2;;;;remote",
+        ";MySimpleClass;true;source3();;;ReturnValue;remote",
+        // ---
+        ";MyGeneric;true;source1;;;;remote", ";MyGeneric;true;source2;;;;remote",
+        ";MyGeneric;true;source3();;;ReturnValue;remote", ";MyDerived;true;source4;;;;remote",
+        ";MyDerived;true;source5;;;;remote", ";MyDerived;true;source6();;;ReturnValue;remote",
+        ";MyDerived;true;source7;;;;remote", ";MyDerived;true;source8();;;ReturnValue;remote",
+        ";MyDerived2;true;source9;;;;remote", ";MyDerived2;true;source10;;;;remote",
+        ";MyDerived2;true;source11();;;ReturnValue;remote", ";MyDerived2;true;source12;;;;remote",
+        ";MyDerived2;true;source13();;;ReturnValue;remote",
+        // ---
+        ";MyProtocol;true;source1;;;;remote", ";MyProtocol;true;source2;;;;remote",
+        // ---
+        ";MyProtocol2;true;source1;;;;remote", ";MyProtocol2;true;source2;;;;remote",
+      ]
+  }
+}
 
 from RemoteFlowSource source
 select source, concat(source.getSourceType(), ", ")
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/generics.swift b/swift/ql/test/library-tests/dataflow/flowsources/generics.swift
@@ -0,0 +1,118 @@
+
+class MySimpleClass
+{
+    let source1: Int = 0
+    var source2: Int { get { return 0 } }
+    func source3() -> Int { return 0 }
+}
+
+func useMySimpleClass(simple: MySimpleClass) {
+    _ = simple.source1 // SOURCE
+    _ = simple.source2 // SOURCE
+    _ = simple.source3() // SOURCE
+}
+
+// ---
+
+class MyGeneric<T> {
+    let source1: Int = 0
+    var source2: T? { get { return nil } }
+    func source3() -> Int { return 0 }
+}
+
+class MyDerived<T> : MyGeneric<T> {
+    let source4: Int = 0
+    var source5: T? { get { return nil } }
+    func source6() -> Int { return 0 }
+}
+
+extension MyDerived
+{
+    var source7: Int { get { return 0 } }
+    func source8() -> Int { return 0 }
+}
+
+class MyDerived2 : MyGeneric<Int> {
+    let source9: Int = 0
+    var source10: Int { get { return 0 } }
+    func source11() -> Int { return 0 }
+}
+
+extension MyDerived2
+{
+    var source12: Int { get { return 0 } }
+    func source13() -> Int { return 0 }
+}
+
+func useDerived(generic: MyGeneric<Int>, generic2: MyGeneric<Any>, derived: MyDerived<Int>, derived2: MyDerived2) {
+    _ = generic.source1 // SOURCE
+    _ = generic.source2 // SOURCE
+    _ = generic.source3() // SOURCE
+    _ = generic2.source1 // SOURCE
+    _ = generic2.source2 // SOURCE
+    _ = generic2.source3() // SOURCE
+    _ = derived.source1 // SOURCE
+    _ = derived.source2 // SOURCE
+    _ = derived.source3() // SOURCE
+    _ = derived.source4 // SOURCE
+    _ = derived.source5 // SOURCE
+    _ = derived.source6() // SOURCE
+    _ = derived.source7 // SOURCE
+    _ = derived.source8() // SOURCE
+    _ = derived2.source1 // SOURCE
+    _ = derived2.source2 // SOURCE
+    _ = derived2.source3() // SOURCE
+    _ = derived2.source9 // SOURCE
+    _ = derived2.source10 // SOURCE
+    _ = derived2.source11() // SOURCE
+    _ = derived2.source12 // SOURCE
+    _ = derived2.source13() // SOURCE
+}
+
+// ---
+
+protocol MyProtocol {
+    var source1: Int { get }
+    var source2: Int { get }
+}
+
+class MyImpl<T> : MyProtocol {
+    var source1: Int { get { return 0 } }
+}
+
+extension MyImpl {
+    var source2: Int { get { return 0 } }
+}
+
+func useProtocol(proto: MyProtocol, impl: MyImpl<Int>, impl2: MyImpl<Any>) {
+    _ = proto.source1 // SOURCE
+    _ = proto.source2 // SOURCE
+    _ = impl.source1 // SOURCE
+    _ = impl.source2 // SOURCE
+    _ = impl2.source1 // SOURCE
+    _ = impl2.source2 // SOURCE
+}
+
+// ---
+
+protocol MyProtocol2 {
+    var source1: Int { get }
+    var source2: Int { get }
+}
+
+class MyImpl2<T> {
+    var source1: Int { get { return 0 } }
+}
+
+extension MyImpl2 : MyProtocol2 {
+    var source2: Int { get { return 0 } }
+}
+
+func useProtocol2(proto: MyProtocol2, impl: MyImpl2<Int>, impl2: MyImpl2<Any>) {
+    _ = proto.source1 // SOURCE
+    _ = proto.source2 // SOURCE
+    _ = impl.source1 // SOURCE [NOT DETECTED]
+    _ = impl.source2 // SOURCE [NOT DETECTED]
+    _ = impl2.source1 // SOURCE [NOT DETECTED]
+    _ = impl2.source2 // SOURCE [NOT DETECTED]
+}
