Swift: Add numeric barrier for command injection query.

geoffw0 · geoffw0 · commit f98de85e36b0 · 2023-09-19T14:33:23.000+01:00
diff --git a/swift/ql/lib/codeql/swift/security/CommandInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/CommandInjectionExtensions.qll
@@ -69,3 +69,13 @@ private class CommandInjectionSinks extends SinkModelCsv {
       ]
   }
 }
+
+/**
+ * A barrier for command injection vulnerabilities.
+ */
+private class CommandInjectionDefaultBarrier extends CommandInjectionBarrier {
+  CommandInjectionDefaultBarrier() {
+    // any numeric type
+    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -69,3 +69,13 @@ private class CommandInjectionSinks extends SinkModelCsv {`
`69`	`69`	`]`
`70`	`70`	`}`
`71`	`71`	`}`
	`72`	`+`
	`73`	`+/**`
	`74`	`+ * A barrier for command injection vulnerabilities.`
	`75`	`+ */`
	`76`	`+private class CommandInjectionDefaultBarrier extends CommandInjectionBarrier {`
	`77`	`+ CommandInjectionDefaultBarrier() {`
	`78`	`+ // any numeric type`
	`79`	`+ this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"`
	`80`	`+ }`
	`81`	`+}`