Swift: Fix for autoclosure sinks.

geoffw0 · geoffw0 · commit 835967a33e6a · 2023-11-20T18:15:16.000Z
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
@@ -61,6 +61,11 @@ private module Cached {
       se = nodeTo.asExpr()
     )
     or
+    // flow through autoclosure expressions (which turn value arguments into closure arguments);
+    // if the value is tainted, it's helpful to consider the autoclosure itself to be tainted as
+    // well for the purposes of matching sink models.
+    nodeFrom.asExpr() = nodeTo.asExpr().(AutoClosureExpr).getExpr()
+    or
     // flow through the read of a content that inherits taint
     exists(DataFlow::ContentSet f |
       readStep(nodeFrom, f, nodeTo) and
diff --git a/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift b/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift
@@ -324,15 +324,15 @@ func test5(password: String, caseNum: Int) {
 
 	switch caseNum {
 	case 0:
-		assert(false, password) // $ MISSING: hasCleartextLogging=327
+		assert(false, password) // $ hasCleartextLogging=327
 	case 1:
-		assertionFailure(password) // $ MISSING: hasCleartextLogging=329
+		assertionFailure(password) // $ hasCleartextLogging=329
 	case 2:
-		precondition(false, password) // $ MISSING: hasCleartextLogging=331
+		precondition(false, password) // $ hasCleartextLogging=331
 	case 3:
-		preconditionFailure(password) // $ MISSING: hasCleartextLogging=333
+		preconditionFailure(password) // $ hasCleartextLogging=333
 	default:
-		fatalError(password) // $ MISSING: hasCleartextLogging=335
+		fatalError(password) // $ hasCleartextLogging=335
 	}
 }
 
