Swift: Generalize an SSA case for variables declared in Patterns.

geoffw0 · geoffw0 · commit c598d9b8828a · 2023-01-06T18:34:22.000Z
diff --git a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll
@@ -30,9 +30,16 @@ module Ssa {
         certain = true
       )
       or
-      exists(PatternBindingDecl decl, Pattern pattern |
+      // Any variable initialization through pattern matching. For example each `x*` in:
+      // ```
+      // var x1 = v
+      // let x2 = v
+      // let (x3, x4) = tuple
+      // if let x5 = optional { ... }
+      // guard let x6 = optional else { ... }
+      // ```
+      exists(Pattern pattern |
         bb.getNode(i).getNode().asAstNode() = pattern and
-        decl.getAPattern() = pattern and
         v.getParentPattern() = pattern and
         certain = true
       )
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
@@ -241,22 +241,32 @@
 | test.swift:282:26:282:26 | y | test.swift:287:16:287:16 | y |
 | test.swift:282:26:282:27 | ...! | test.swift:282:15:282:38 | ... ? ... : ... |
 | test.swift:282:31:282:38 | call to source() | test.swift:282:15:282:38 | ... ? ... : ... |
+| test.swift:284:8:284:12 | SSA def(z) | test.swift:285:19:285:19 | z |
 | test.swift:284:16:284:16 | x | test.swift:291:16:291:16 | x |
+| test.swift:287:8:287:12 | SSA def(z) | test.swift:288:19:288:19 | z |
 | test.swift:287:16:287:16 | y | test.swift:294:16:294:16 | y |
+| test.swift:291:8:291:12 | SSA def(z) | test.swift:292:19:292:19 | z |
 | test.swift:291:16:291:16 | x | test.swift:291:16:291:17 | ...? |
 | test.swift:291:16:291:16 | x | test.swift:298:20:298:20 | x |
 | test.swift:291:16:291:26 | call to signum() | test.swift:291:16:291:26 | OptionalEvaluationExpr |
+| test.swift:294:8:294:12 | SSA def(z) | test.swift:295:19:295:19 | z |
 | test.swift:294:16:294:16 | y | test.swift:294:16:294:17 | ...? |
 | test.swift:294:16:294:16 | y | test.swift:299:20:299:20 | y |
 | test.swift:294:16:294:26 | call to signum() | test.swift:294:16:294:26 | OptionalEvaluationExpr |
+| test.swift:298:11:298:15 | SSA def(z1) | test.swift:300:15:300:15 | z1 |
 | test.swift:298:20:298:20 | x | test.swift:303:15:303:15 | x |
+| test.swift:299:11:299:15 | SSA def(z2) | test.swift:301:15:301:15 | z2 |
 | test.swift:299:20:299:20 | y | test.swift:304:15:304:15 | y |
 | test.swift:303:15:303:15 | x | test.swift:303:15:303:16 | ...! |
 | test.swift:303:15:303:15 | x | test.swift:306:28:306:28 | x |
 | test.swift:304:15:304:15 | y | test.swift:304:15:304:16 | ...! |
 | test.swift:304:15:304:15 | y | test.swift:309:28:309:28 | y |
+| test.swift:306:13:306:24 | SSA def(z) | test.swift:307:19:307:19 | z |
 | test.swift:306:28:306:28 | x | test.swift:313:12:313:12 | x |
+| test.swift:309:13:309:24 | SSA def(z) | test.swift:310:19:310:19 | z |
 | test.swift:309:28:309:28 | y | test.swift:319:12:319:12 | y |
+| test.swift:314:10:314:21 | SSA def(z) | test.swift:315:19:315:19 | z |
+| test.swift:320:10:320:21 | SSA def(z) | test.swift:321:19:321:19 | z |
 | test.swift:331:9:331:9 | SSA def(t1) | test.swift:333:15:333:15 | t1 |
 | test.swift:331:14:331:26 | (...) | test.swift:331:9:331:9 | SSA def(t1) |
 | test.swift:333:15:333:15 | t1 | test.swift:334:15:334:15 | t1 |
@@ -300,7 +310,16 @@
 | test.swift:361:15:361:15 | t2 | test.swift:362:15:362:15 | t2 |
 | test.swift:375:9:375:13 | SSA def(a) | test.swift:377:12:377:12 | a |
 | test.swift:375:22:375:23 | .myNone | test.swift:375:9:375:13 | SSA def(a) |
+| test.swift:380:10:380:25 | SSA def(a) | test.swift:381:19:381:19 | a |
+| test.swift:382:10:382:30 | SSA def(a) | test.swift:383:19:383:19 | a |
+| test.swift:382:10:382:30 | SSA def(b) | test.swift:384:19:384:19 | b |
 | test.swift:387:9:387:13 | SSA def(b) | test.swift:389:12:389:12 | b |
 | test.swift:387:22:387:40 | call to ... | test.swift:387:9:387:13 | SSA def(b) |
+| test.swift:392:10:392:25 | SSA def(a) | test.swift:393:19:393:19 | a |
+| test.swift:394:10:394:30 | SSA def(a) | test.swift:395:19:395:19 | a |
+| test.swift:394:10:394:30 | SSA def(b) | test.swift:396:19:396:19 | b |
 | test.swift:399:9:399:9 | SSA def(c) | test.swift:401:12:401:12 | c |
 | test.swift:399:13:399:38 | call to ... | test.swift:399:9:399:9 | SSA def(c) |
+| test.swift:404:10:404:25 | SSA def(a) | test.swift:405:19:405:19 | a |
+| test.swift:406:10:406:30 | SSA def(a) | test.swift:407:19:407:19 | a |
+| test.swift:406:10:406:30 | SSA def(b) | test.swift:408:19:408:19 | b |
diff --git a/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected b/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
@@ -1276,9 +1276,11 @@
 | url.swift:102:46:102:46 | [post] urlTainted | url.swift:120:46:120:46 | urlTainted |
 | url.swift:102:46:102:46 | urlTainted | url.swift:102:15:102:56 | call to URL.init(string:relativeTo:) |
 | url.swift:102:46:102:46 | urlTainted | url.swift:120:46:120:46 | urlTainted |
+| url.swift:104:5:104:9 | SSA def(x) | url.swift:105:13:105:13 | x |
 | url.swift:104:25:104:25 | [post] clean | url.swift:113:26:113:26 | clean |
 | url.swift:104:25:104:25 | clean | url.swift:104:13:104:30 | call to URL.init(string:) |
 | url.swift:104:25:104:25 | clean | url.swift:113:26:113:26 | clean |
+| url.swift:108:5:108:9 | SSA def(y) | url.swift:109:13:109:13 | y |
 | url.swift:108:25:108:25 | [post] tainted | url.swift:117:28:117:28 | tainted |
 | url.swift:108:25:108:25 | tainted | url.swift:108:13:108:32 | call to URL.init(string:) |
 | url.swift:108:25:108:25 | tainted | url.swift:117:28:117:28 | tainted |
