Swift: Generalize subscript assignment storeStep.

Author: geoffw0

swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll

@@ -1075,12 +1075,12 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
     c.isSingleton(any(Content::CollectionContent ac))
   )
   or
-  // array assignment `a[n] = x`
+  // subscript assignment `a[n] = x`
   exists(AssignExpr assign, SubscriptExpr subscript |
     node1.asExpr() = assign.getSource() and
     node2.(PostUpdateNode).getPreUpdateNode().asExpr() = subscript.getBase() and
     subscript = assign.getDest() and
-    subscript.getBase().getType() instanceof ArrayType and
+    not any(DictionarySubscriptNode n).getExpr() = subscript and
     c.isSingleton(any(Content::CollectionContent ac))
   )
   or

swift/ql/test/library-tests/dataflow/taint/libraries/data.swift

@@ -310,13 +310,13 @@ func taintThroughData() {
 		buffer in
 
 		buffer[0] = source() as! UInt8
-		sink(arg: buffer)
-		sink(arg: buffer[0]) // $ MISSING: tainted=312
+		sink(arg: buffer) // $ tainted=312
+		sink(arg: buffer[0]) // $ tainted=312
 
 		return source() as! Int
 	})
 	sink(arg: result46!) // $ tainted=316
-	sink(arg: data46) // $ MISSING: tainted=312
+	sink(arg: data46) // $ tainted=312
 
 	let dataTainted47 = source() as! Data
 	let result47 = dataTainted47.withUnsafeBytes({
@@ -334,11 +334,11 @@ func taintThroughData() {
 		buffer in
 
 		buffer[0] = source() as! UInt8
-		sink(arg: buffer)
-		sink(arg: buffer[0]) // $ MISSING: tainted=336
+		sink(arg: buffer) // $ tainted=336
+		sink(arg: buffer[0]) // $ tainted=336
 
 		return source() as! Int
 	})
 	sink(arg: result48) // $ tainted=340
-	sink(arg: data48) // $ MISSING: tainted=336
+	sink(arg: data48) // $ tainted=336
 }

swift/ql/test/library-tests/dataflow/taint/libraries/int.swift

@@ -151,12 +151,12 @@ func taintCollections(array: inout Array<Int>, contiguousArray: inout Contiguous
   })
 
   contiguousArray[0] = source2()
-  sink(arg: contiguousArray)
-  sink(arg: contiguousArray[0]) // $ MISSING: tainted=153
+  sink(arg: contiguousArray) // $ tainted=153
+  sink(arg: contiguousArray[0]) // $ tainted=153
   contiguousArray.withContiguousStorageIfAvailable({
     buffer in
-    sink(arg: buffer)
-    sink(arg: buffer[0]) // $ MISSING: tainted=153
+    sink(arg: buffer) // $ tainted=153
+    sink(arg: buffer[0]) // $ tainted=153
   })
 
   dictionary[0] = source2()

swift/ql/test/library-tests/dataflow/taint/libraries/unsafepointer.swift

@@ -59,8 +59,8 @@ func taintBuffer(buffer: UnsafeMutableBufferPointer<UInt8>) {
 
   buffer[0] = sourceUInt8()
 
-  sink(arg: buffer[0]) // $ MISSING: tainted=60
-  sink(arg: buffer)
+  sink(arg: buffer[0]) // $ tainted=60
+  sink(arg: buffer) // $ tainted=60
 }
 
 func testMutatingBufferInCall(ptr: UnsafeMutablePointer<UInt8>) {
@@ -71,8 +71,8 @@ func testMutatingBufferInCall(ptr: UnsafeMutablePointer<UInt8>) {
 
   taintBuffer(buffer: buffer) // mutates `buffer` contents with a tainted value
 
-  sink(arg: buffer[0]) // $ MISSING: tainted=60
-  sink(arg: buffer)
+  sink(arg: buffer[0]) // $ tainted=60
+  sink(arg: buffer) // $ tainted=60
 
 }