Swift: Content-based dataflow through case let

d10c · d10c · commit 052a008926b2 · 2023-03-27T23:01:24.000+02:00
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
@@ -201,7 +201,8 @@ private module Cached {
   cached
   newtype TContent =
     TFieldContent(FieldDecl f) or
-    TTupleContent(int index) { exists(any(TupleExpr te).getElement(index)) }
+    TTupleContent(int index) { exists(any(TupleExpr te).getElement(index)) } or
+    TEnumContent(ParamDecl f) { exists(EnumElementDecl d | d.getAParam() = f) }
 }
 
 /**
@@ -558,6 +559,13 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
     c.isSingleton(any(Content::TupleContent tc | tc.getIndex() = tuple.getIndex()))
   )
   or
+  // creation of an enum `.variant(v1, v2)`
+  exists(EnumElementExpr enum, int pos |
+    node1.asExpr() = enum.getArgument(pos).getExpr() and
+    node2.asExpr() = enum and
+    c.isSingleton(any(Content::EnumContent ec | ec.getField() = enum.getElement().getParam(pos)))
+  )
+  or
   FlowSummaryImpl::Private::Steps::summaryStoreStep(node1, c, node2)
 }
 
@@ -578,6 +586,20 @@ predicate readStep(Node node1, ContentSet c, Node node2) {
     node2.asExpr() = tuple and
     c.isSingleton(any(Content::TupleContent tc | tc.getIndex() = tuple.getIndex()))
   )
+  or
+  // read of an enum member via `case let .variant(v1, v2)` pattern matching
+  exists(Expr enumExpr, ParamDecl enumField, VarDecl boundVar |
+    node1.asExpr() = enumExpr and
+    node2.asDefinition().getSourceVariable() = boundVar and
+    c.isSingleton(any(Content::EnumContent ec | ec.getField() = enumField))
+  |
+    exists(EnumElementPattern enumPat, NamedPattern namePat, int idx |
+      enumPat.getMatchingExpr() = enumExpr and
+      enumPat.getElement().getParam(idx) = enumField and
+      namePat.getIdentityPreservingEnclosingPattern*() = enumPat.getSubPattern(idx) and
+      namePat.getVarDecl() = boundVar
+    )
+  )
 }
 
 /**
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll
@@ -171,6 +171,20 @@ module Content {
 
     override string toString() { result = "Tuple element at index " + index.toString() }
   }
+
+  /** A field of an enum element. */
+  class EnumContent extends Content, TEnumContent {
+    private ParamDecl f;
+
+    EnumContent() { this = TEnumContent(f) }
+
+    /** Gets the declaration of the enum field. */
+    ParamDecl getField() { result = f }
+
+    override string toString() {
+      exists(EnumElementDecl d, int pos | d.getParam(pos) = f | result = d.toString() + ":" + pos)
+    }
+  }
 }
 
 /**
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
@@ -145,6 +145,26 @@ edges
 | test.swift:357:15:357:15 | t1 [Tuple element at index 1] :  | test.swift:357:15:357:18 | .1 |
 | test.swift:360:15:360:15 | t2 [Tuple element at index 0] :  | test.swift:360:15:360:18 | .0 |
 | test.swift:361:15:361:15 | t2 [Tuple element at index 1] :  | test.swift:361:15:361:18 | .1 |
+| test.swift:398:9:398:27 | call to ... [mySingle:0] :  | test.swift:400:12:400:12 | a [mySingle:0] :  |
+| test.swift:398:9:398:27 | call to ... [mySingle:0] :  | test.swift:412:32:412:32 | a [mySingle:0] :  |
+| test.swift:398:19:398:26 | call to source() :  | test.swift:398:9:398:27 | call to ... [mySingle:0] :  |
+| test.swift:400:12:400:12 | a [mySingle:0] :  | test.swift:403:10:403:25 | SSA def(a) :  |
+| test.swift:403:10:403:25 | SSA def(a) :  | test.swift:404:19:404:19 | a |
+| test.swift:412:13:412:28 | SSA def(x) :  | test.swift:413:19:413:19 | x |
+| test.swift:412:32:412:32 | a [mySingle:0] :  | test.swift:412:13:412:28 | SSA def(x) :  |
+| test.swift:420:9:420:34 | call to ... [myPair:1] :  | test.swift:422:12:422:12 | a [myPair:1] :  |
+| test.swift:420:9:420:34 | call to ... [myPair:1] :  | test.swift:437:37:437:37 | a [myPair:1] :  |
+| test.swift:420:9:420:34 | call to ... [myPair:1] :  | test.swift:471:13:471:13 | a [myPair:1] :  |
+| test.swift:420:26:420:33 | call to source() :  | test.swift:420:9:420:34 | call to ... [myPair:1] :  |
+| test.swift:422:12:422:12 | a [myPair:1] :  | test.swift:427:10:427:30 | SSA def(b) :  |
+| test.swift:427:10:427:30 | SSA def(b) :  | test.swift:429:19:429:19 | b |
+| test.swift:437:13:437:33 | SSA def(y) :  | test.swift:439:19:439:19 | y |
+| test.swift:437:37:437:37 | a [myPair:1] :  | test.swift:437:13:437:33 | SSA def(y) :  |
+| test.swift:463:13:463:39 | SSA def(x) :  | test.swift:464:19:464:19 | x |
+| test.swift:463:43:463:62 | call to ... [myPair:0] :  | test.swift:463:13:463:39 | SSA def(x) :  |
+| test.swift:463:51:463:58 | call to source() :  | test.swift:463:43:463:62 | call to ... [myPair:0] :  |
+| test.swift:471:13:471:13 | a [myPair:1] :  | test.swift:472:14:472:55 | SSA def(b) :  |
+| test.swift:472:14:472:55 | SSA def(b) :  | test.swift:474:19:474:19 | b |
 | test.swift:486:13:486:28 | call to optionalSource() :  | test.swift:489:19:489:19 | a |
 | test.swift:509:9:509:9 | self [x] :  | file://:0:0:0:0 | self [x] :  |
 | test.swift:509:9:509:9 | value :  | file://:0:0:0:0 | value :  |
@@ -334,6 +354,29 @@ nodes
 | test.swift:360:15:360:18 | .0 | semmle.label | .0 |
 | test.swift:361:15:361:15 | t2 [Tuple element at index 1] :  | semmle.label | t2 [Tuple element at index 1] :  |
 | test.swift:361:15:361:18 | .1 | semmle.label | .1 |
+| test.swift:398:9:398:27 | call to ... [mySingle:0] :  | semmle.label | call to ... [mySingle:0] :  |
+| test.swift:398:19:398:26 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:400:12:400:12 | a [mySingle:0] :  | semmle.label | a [mySingle:0] :  |
+| test.swift:403:10:403:25 | SSA def(a) :  | semmle.label | SSA def(a) :  |
+| test.swift:404:19:404:19 | a | semmle.label | a |
+| test.swift:412:13:412:28 | SSA def(x) :  | semmle.label | SSA def(x) :  |
+| test.swift:412:32:412:32 | a [mySingle:0] :  | semmle.label | a [mySingle:0] :  |
+| test.swift:413:19:413:19 | x | semmle.label | x |
+| test.swift:420:9:420:34 | call to ... [myPair:1] :  | semmle.label | call to ... [myPair:1] :  |
+| test.swift:420:26:420:33 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:422:12:422:12 | a [myPair:1] :  | semmle.label | a [myPair:1] :  |
+| test.swift:427:10:427:30 | SSA def(b) :  | semmle.label | SSA def(b) :  |
+| test.swift:429:19:429:19 | b | semmle.label | b |
+| test.swift:437:13:437:33 | SSA def(y) :  | semmle.label | SSA def(y) :  |
+| test.swift:437:37:437:37 | a [myPair:1] :  | semmle.label | a [myPair:1] :  |
+| test.swift:439:19:439:19 | y | semmle.label | y |
+| test.swift:463:13:463:39 | SSA def(x) :  | semmle.label | SSA def(x) :  |
+| test.swift:463:43:463:62 | call to ... [myPair:0] :  | semmle.label | call to ... [myPair:0] :  |
+| test.swift:463:51:463:58 | call to source() :  | semmle.label | call to source() :  |
+| test.swift:464:19:464:19 | x | semmle.label | x |
+| test.swift:471:13:471:13 | a [myPair:1] :  | semmle.label | a [myPair:1] :  |
+| test.swift:472:14:472:55 | SSA def(b) :  | semmle.label | SSA def(b) :  |
+| test.swift:474:19:474:19 | b | semmle.label | b |
 | test.swift:486:13:486:28 | call to optionalSource() :  | semmle.label | call to optionalSource() :  |
 | test.swift:489:19:489:19 | a | semmle.label | a |
 | test.swift:509:9:509:9 | self [x] :  | semmle.label | self [x] :  |
@@ -448,6 +491,12 @@ subpaths
 | test.swift:357:15:357:18 | .1 | test.swift:351:31:351:38 | call to source() :  | test.swift:357:15:357:18 | .1 | result |
 | test.swift:360:15:360:18 | .0 | test.swift:351:18:351:25 | call to source() :  | test.swift:360:15:360:18 | .0 | result |
 | test.swift:361:15:361:18 | .1 | test.swift:351:31:351:38 | call to source() :  | test.swift:361:15:361:18 | .1 | result |
+| test.swift:404:19:404:19 | a | test.swift:398:19:398:26 | call to source() :  | test.swift:404:19:404:19 | a | result |
+| test.swift:413:19:413:19 | x | test.swift:398:19:398:26 | call to source() :  | test.swift:413:19:413:19 | x | result |
+| test.swift:429:19:429:19 | b | test.swift:420:26:420:33 | call to source() :  | test.swift:429:19:429:19 | b | result |
+| test.swift:439:19:439:19 | y | test.swift:420:26:420:33 | call to source() :  | test.swift:439:19:439:19 | y | result |
+| test.swift:464:19:464:19 | x | test.swift:463:51:463:58 | call to source() :  | test.swift:464:19:464:19 | x | result |
+| test.swift:474:19:474:19 | b | test.swift:420:26:420:33 | call to source() :  | test.swift:474:19:474:19 | b | result |
 | test.swift:489:19:489:19 | a | test.swift:259:12:259:19 | call to source() :  | test.swift:489:19:489:19 | a | result |
 | test.swift:520:15:520:15 | z1 | test.swift:259:12:259:19 | call to source() :  | test.swift:520:15:520:15 | z1 | result |
 | test.swift:526:13:526:21 | call to +(_:) | test.swift:526:14:526:21 | call to source() :  | test.swift:526:13:526:21 | call to +(_:) | result |
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/test.swift b/swift/ql/test/library-tests/dataflow/dataflow/test.swift
@@ -401,7 +401,7 @@ func testEnums() {
     case .myNone:
         ()
     case .mySingle(let a):
-        sink(arg: a) // $ MISSING: flow=398
+        sink(arg: a) // $ flow=398
     case .myPair(let a, let b):
         sink(arg: a)
         sink(arg: b)
@@ -410,7 +410,7 @@ func testEnums() {
     }
 
     if case .mySingle(let x) = a {
-        sink(arg: x) // $ MISSING: flow=398
+        sink(arg: x) // $ flow=398
     }
     if case .myPair(let x, let y) = a {
         sink(arg: x)
@@ -426,7 +426,7 @@ func testEnums() {
         sink(arg: a)
     case .myPair(let a, let b):
         sink(arg: a)
-        sink(arg: b) // $ MISSING: flow=420
+        sink(arg: b) // $ flow=420
     case let .myCons(a, _):
         sink(arg: a)
     }
@@ -436,7 +436,7 @@ func testEnums() {
     }
     if case .myPair(let x, let y) = a {
         sink(arg: x)
-        sink(arg: y) // $ MISSING: flow=420
+        sink(arg: y) // $ flow=420
     }
 
     let b: MyEnum = .myCons(42, a)
@@ -461,7 +461,7 @@ func testEnums() {
         sink(arg: x)
     }
     if case MyEnum.myPair(let x, let y) = .myPair(source(), 0) {
-        sink(arg: x) // $ MISSING: flow=463
+        sink(arg: x) // $ flow=463
         sink(arg: y)
     }
     if case let .myCons(_, .myPair(_, c)) = b {
@@ -471,7 +471,7 @@ func testEnums() {
     switch (a, b) {
     case let (.myPair(a, b), .myCons(c, .myPair(d, e))):
         sink(arg: a)
-        sink(arg: b) // $ MISSING: flow=420
+        sink(arg: b) // $ flow=420
         sink(arg: c)
         sink(arg: d)
         sink(arg: e) // $ MISSING: flow=420
