Merge pull request #17130 from geoffw0/oddsends3

Swift: Odds and ends

Author: geoffw0

swift/ql/lib/codeql/swift/security/ECBEncryptionQuery.qll

@@ -9,7 +9,7 @@ import codeql.swift.dataflow.TaintTracking
 import codeql.swift.security.ECBEncryptionExtensions
 
 /**
- * A taint configuration from a creation of an ECB mode instance to expressions that use
+ * A data flow configuration from a creation of an ECB mode instance to expressions that use
  * it to initialize a cipher.
  */
 module EcbEncryptionConfig implements DataFlow::ConfigSig {

swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected

@@ -448,6 +448,8 @@
 | simple.swift:146:7:146:7 | self | simple.swift:146:7:146:7 | SSA def(self) |
 | simple.swift:148:13:148:13 | [post] self | simple.swift:146:2:150:3 | self[return] |
 | simple.swift:148:13:148:13 | self | simple.swift:146:2:150:3 | self[return] |
+| simple.swift:158:12:158:24 | OpaqueValueExpr | simple.swift:158:12:158:24 | OpenExistentialExpr |
+| simple.swift:159:12:159:24 | OpaqueValueExpr | simple.swift:159:12:159:24 | OpenExistentialExpr |
 | stringinterpolation.swift:5:7:5:7 | SSA def(self) | stringinterpolation.swift:5:7:5:7 | self[return] |
 | stringinterpolation.swift:5:7:5:7 | SSA def(self) | stringinterpolation.swift:5:7:5:7 | self[return] |
 | stringinterpolation.swift:5:7:5:7 | self | stringinterpolation.swift:5:7:5:7 | SSA def(self) |

swift/ql/test/library-tests/dataflow/taint/core/Taint.expected

@@ -545,6 +545,8 @@ nodes
 | simple.swift:85:13:85:26 | ... .&>>(_:_:) ... | semmle.label | ... .&>>(_:_:) ... |
 | simple.swift:87:13:87:21 | call to ~(_:) | semmle.label | call to ~(_:) |
 | simple.swift:87:14:87:21 | call to source() | semmle.label | call to source() |
+| simple.swift:156:12:156:19 | call to source() | semmle.label | call to source() |
+| simple.swift:157:12:157:19 | call to source() | semmle.label | call to source() |
 | stringinterpolation.swift:6:6:6:6 | self [Return] [first] | semmle.label | self [Return] [first] |
 | stringinterpolation.swift:6:6:6:6 | self [first] | semmle.label | self [first] |
 | stringinterpolation.swift:6:6:6:6 | value | semmle.label | value |
@@ -724,6 +726,8 @@ subpaths
 | simple.swift:84:13:84:25 | ... .>>(_:_:) ... | simple.swift:84:13:84:20 | call to source() | simple.swift:84:13:84:25 | ... .>>(_:_:) ... | result |
 | simple.swift:85:13:85:26 | ... .&>>(_:_:) ... | simple.swift:85:13:85:20 | call to source() | simple.swift:85:13:85:26 | ... .&>>(_:_:) ... | result |
 | simple.swift:87:13:87:21 | call to ~(_:) | simple.swift:87:14:87:21 | call to source() | simple.swift:87:13:87:21 | call to ~(_:) | result |
+| simple.swift:156:12:156:19 | call to source() | simple.swift:156:12:156:19 | call to source() | simple.swift:156:12:156:19 | call to source() | result |
+| simple.swift:157:12:157:19 | call to source() | simple.swift:157:12:157:19 | call to source() | simple.swift:157:12:157:19 | call to source() | result |
 | stringinterpolation.swift:22:12:22:12 | "..." | stringinterpolation.swift:19:13:19:20 | call to source() | stringinterpolation.swift:22:12:22:12 | "..." | result |
 | stringinterpolation.swift:24:12:24:12 | "..." | stringinterpolation.swift:19:13:19:20 | call to source() | stringinterpolation.swift:24:12:24:12 | "..." | result |
 | stringinterpolation.swift:31:12:31:12 | "..." | stringinterpolation.swift:28:14:28:21 | call to source() | stringinterpolation.swift:31:12:31:12 | "..." | result |

swift/ql/test/library-tests/dataflow/taint/core/simple.swift

@@ -151,3 +151,10 @@ class MyClass2_NeverInstantiated {
 }
 
 // ---
+
+func taintThroughAs() {
+	sink(arg: source() as Int) // $ tainted=156
+	sink(arg: source() as Any) // $ tainted=157
+	sink(arg: source() as AnyObject) // $ MISSING: tainted=158
+	sink(arg: source() as Sendable) // $ MISSING: tainted=159
+}