Add missing SummaryPostUpdateNode

atorralba · atorralba · commit 2402504a4c09 · 2022-10-28T18:24:17.000+02:00
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
@@ -574,6 +574,14 @@ private module PostUpdateNodes {
 
     override DataFlowCallable getEnclosingCallable() { result = TDataFlowFunc(n.getScope()) }
   }
+
+  class SummaryPostUpdateNode extends SummaryNode, PostUpdateNodeImpl {
+    SummaryPostUpdateNode() { FlowSummaryImpl::Private::summaryPostUpdateNode(this, _) }
+
+    override Node getPreUpdateNode() {
+      FlowSummaryImpl::Private::summaryPostUpdateNode(this, result)
+    }
+  }
 }
 
 private import PostUpdateNodes
diff --git a/swift/ql/test/library-tests/dataflow/taint/Taint.expected b/swift/ql/test/library-tests/dataflow/taint/Taint.expected
@@ -144,7 +144,10 @@ edges
 | webview.swift:38:5:38:47 | [summary param] this in toRect() :  | file://:0:0:0:0 | [summary] to write: return (return) in toRect() :  |
 | webview.swift:39:5:39:47 | [summary param] this in toSize() :  | file://:0:0:0:0 | [summary] to write: return (return) in toSize() :  |
 | webview.swift:40:5:40:84 | [summary param] this in atIndex(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in atIndex(_:) :  |
+| webview.swift:41:5:41:53 | [summary param] 1 in defineProperty(_:descriptor:) :  | file://:0:0:0:0 | [summary] to write: argument this in defineProperty(_:descriptor:) :  |
 | webview.swift:42:5:42:89 | [summary param] this in forProperty(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in forProperty(_:) :  |
+| webview.swift:43:5:43:38 | [summary param] 0 in setValue(_:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:at:) :  |
+| webview.swift:44:5:44:48 | [summary param] 0 in setValue(_:forProperty:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:forProperty:) :  |
 | webview.swift:52:11:52:18 | call to source() :  | webview.swift:52:10:52:41 | .body |
 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:59:10:59:10 | source :  |
 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:60:10:60:10 | source :  |
@@ -172,6 +175,9 @@ edges
 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:84:25:84:25 | s :  |
 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:85:24:85:24 | s :  |
 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:86:24:86:24 | s :  |
+| webview.swift:56:13:56:20 | call to source() :  | webview.swift:89:39:89:39 | s :  |
+| webview.swift:56:13:56:20 | call to source() :  | webview.swift:93:17:93:17 | s :  |
+| webview.swift:56:13:56:20 | call to source() :  | webview.swift:97:17:97:17 | s :  |
 | webview.swift:59:10:59:10 | source :  | webview.swift:25:5:25:41 | [summary param] this in toObject() :  |
 | webview.swift:59:10:59:10 | source :  | webview.swift:59:10:59:26 | call to toObject() |
 | webview.swift:60:10:60:10 | source :  | webview.swift:26:5:26:55 | [summary param] this in toObjectOf(_:) :  |
@@ -224,8 +230,20 @@ edges
 | webview.swift:85:24:85:24 | s :  | webview.swift:85:10:85:49 | call to init(rect:in:) |
 | webview.swift:86:24:86:24 | s :  | webview.swift:24:5:24:40 | [summary param] 0 in init(size:in:) :  |
 | webview.swift:86:24:86:24 | s :  | webview.swift:86:10:86:49 | call to init(size:in:) |
+| webview.swift:89:5:89:5 | [post] v1 :  | webview.swift:90:10:90:10 | v1 |
+| webview.swift:89:39:89:39 | s :  | webview.swift:41:5:41:53 | [summary param] 1 in defineProperty(_:descriptor:) :  |
+| webview.swift:89:39:89:39 | s :  | webview.swift:89:5:89:5 | [post] v1 :  |
+| webview.swift:93:5:93:5 | [post] v2 :  | webview.swift:94:10:94:10 | v2 |
+| webview.swift:93:17:93:17 | s :  | webview.swift:43:5:43:38 | [summary param] 0 in setValue(_:at:) :  |
+| webview.swift:93:17:93:17 | s :  | webview.swift:93:5:93:5 | [post] v2 :  |
+| webview.swift:97:5:97:5 | [post] v3 :  | webview.swift:98:10:98:10 | v3 |
+| webview.swift:97:17:97:17 | s :  | webview.swift:44:5:44:48 | [summary param] 0 in setValue(_:forProperty:) :  |
+| webview.swift:97:17:97:17 | s :  | webview.swift:97:5:97:5 | [post] v3 :  |
 nodes
 | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  | semmle.label | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in defineProperty(_:descriptor:) :  | semmle.label | [summary] to write: argument this in defineProperty(_:descriptor:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in setValue(_:at:) :  | semmle.label | [summary] to write: argument this in setValue(_:at:) :  |
+| file://:0:0:0:0 | [summary] to write: argument this in setValue(_:forProperty:) :  | semmle.label | [summary] to write: argument this in setValue(_:forProperty:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in atIndex(_:) :  | semmle.label | [summary] to write: return (return) in atIndex(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in forProperty(_:) :  | semmle.label | [summary] to write: return (return) in forProperty(_:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(bool:in:) :  | semmle.label | [summary] to write: return (return) in init(bool:in:) :  |
@@ -387,7 +405,10 @@ nodes
 | webview.swift:38:5:38:47 | [summary param] this in toRect() :  | semmle.label | [summary param] this in toRect() :  |
 | webview.swift:39:5:39:47 | [summary param] this in toSize() :  | semmle.label | [summary param] this in toSize() :  |
 | webview.swift:40:5:40:84 | [summary param] this in atIndex(_:) :  | semmle.label | [summary param] this in atIndex(_:) :  |
+| webview.swift:41:5:41:53 | [summary param] 1 in defineProperty(_:descriptor:) :  | semmle.label | [summary param] 1 in defineProperty(_:descriptor:) :  |
 | webview.swift:42:5:42:89 | [summary param] this in forProperty(_:) :  | semmle.label | [summary param] this in forProperty(_:) :  |
+| webview.swift:43:5:43:38 | [summary param] 0 in setValue(_:at:) :  | semmle.label | [summary param] 0 in setValue(_:at:) :  |
+| webview.swift:44:5:44:48 | [summary param] 0 in setValue(_:forProperty:) :  | semmle.label | [summary param] 0 in setValue(_:forProperty:) :  |
 | webview.swift:52:10:52:41 | .body | semmle.label | .body |
 | webview.swift:52:11:52:18 | call to source() :  | semmle.label | call to source() :  |
 | webview.swift:56:13:56:20 | call to source() :  | semmle.label | call to source() :  |
@@ -443,6 +464,15 @@ nodes
 | webview.swift:85:24:85:24 | s :  | semmle.label | s :  |
 | webview.swift:86:10:86:49 | call to init(size:in:) | semmle.label | call to init(size:in:) |
 | webview.swift:86:24:86:24 | s :  | semmle.label | s :  |
+| webview.swift:89:5:89:5 | [post] v1 :  | semmle.label | [post] v1 :  |
+| webview.swift:89:39:89:39 | s :  | semmle.label | s :  |
+| webview.swift:90:10:90:10 | v1 | semmle.label | v1 |
+| webview.swift:93:5:93:5 | [post] v2 :  | semmle.label | [post] v2 :  |
+| webview.swift:93:17:93:17 | s :  | semmle.label | s :  |
+| webview.swift:94:10:94:10 | v2 | semmle.label | v2 |
+| webview.swift:97:5:97:5 | [post] v3 :  | semmle.label | [post] v3 :  |
+| webview.swift:97:17:97:17 | s :  | semmle.label | s :  |
+| webview.swift:98:10:98:10 | v3 | semmle.label | v3 |
 subpaths
 | url.swift:59:31:59:31 | tainted :  | url.swift:8:2:8:25 | [summary param] 0 in init(string:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | url.swift:59:19:59:38 | call to init(string:) :  |
 | url.swift:83:24:83:24 | tainted :  | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | url.swift:83:12:83:48 | call to init(string:relativeTo:) :  |
@@ -490,6 +520,9 @@ subpaths
 | webview.swift:84:25:84:25 | s :  | webview.swift:22:5:22:42 | [summary param] 0 in init(range:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(range:in:) :  | webview.swift:84:10:84:51 | call to init(range:in:) |
 | webview.swift:85:24:85:24 | s :  | webview.swift:23:5:23:40 | [summary param] 0 in init(rect:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(rect:in:) :  | webview.swift:85:10:85:49 | call to init(rect:in:) |
 | webview.swift:86:24:86:24 | s :  | webview.swift:24:5:24:40 | [summary param] 0 in init(size:in:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(size:in:) :  | webview.swift:86:10:86:49 | call to init(size:in:) |
+| webview.swift:89:39:89:39 | s :  | webview.swift:41:5:41:53 | [summary param] 1 in defineProperty(_:descriptor:) :  | file://:0:0:0:0 | [summary] to write: argument this in defineProperty(_:descriptor:) :  | webview.swift:89:5:89:5 | [post] v1 :  |
+| webview.swift:93:17:93:17 | s :  | webview.swift:43:5:43:38 | [summary param] 0 in setValue(_:at:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:at:) :  | webview.swift:93:5:93:5 | [post] v2 :  |
+| webview.swift:97:17:97:17 | s :  | webview.swift:44:5:44:48 | [summary param] 0 in setValue(_:forProperty:) :  | file://:0:0:0:0 | [summary] to write: argument this in setValue(_:forProperty:) :  | webview.swift:97:5:97:5 | [post] v3 :  |
 #select
 | string.swift:7:13:7:13 | "..." | string.swift:5:11:5:18 | call to source() :  | string.swift:7:13:7:13 | "..." | result |
 | string.swift:9:13:9:13 | "..." | string.swift:5:11:5:18 | call to source() :  | string.swift:9:13:9:13 | "..." | result |
@@ -571,3 +604,6 @@ subpaths
 | webview.swift:84:10:84:51 | call to init(range:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:84:10:84:51 | call to init(range:in:) | result |
 | webview.swift:85:10:85:49 | call to init(rect:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:85:10:85:49 | call to init(rect:in:) | result |
 | webview.swift:86:10:86:49 | call to init(size:in:) | webview.swift:56:13:56:20 | call to source() :  | webview.swift:86:10:86:49 | call to init(size:in:) | result |
+| webview.swift:90:10:90:10 | v1 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:90:10:90:10 | v1 | result |
+| webview.swift:94:10:94:10 | v2 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:94:10:94:10 | v2 | result |
+| webview.swift:98:10:98:10 | v3 | webview.swift:56:13:56:20 | call to source() :  | webview.swift:98:10:98:10 | v3 | result |
diff --git a/swift/ql/test/library-tests/dataflow/taint/webview.swift b/swift/ql/test/library-tests/dataflow/taint/webview.swift
@@ -87,13 +87,13 @@ func testJsValue() {
     
     let v1 = JSValue(object: "", in: context)
     v1.defineProperty("", descriptor: s as Any)
-    sink(v1) // $ MISSING: tainted=56
+    sink(v1) // $ tainted=56
 
     let v2 = JSValue(object: "", in: context)
     v2.setValue(s as Any, at: 0)
-    sink(v2) // $ MISSING: tainted=56
+    sink(v2) // $ tainted=56
 
     let v3 = JSValue(object: "", in: context)
-    v2.setValue(s as Any, forProperty: "")
-    sink(v3) // $ MISSING: tainted=56
+    v3.setValue(s as Any, forProperty: "")
+    sink(v3) // $ tainted=56
 }

Original file line number	Diff line number	Diff line change
`@@ -574,6 +574,14 @@ private module PostUpdateNodes {`
`574`	`574`
`575`	`575`	`override DataFlowCallable getEnclosingCallable() { result = TDataFlowFunc(n.getScope()) }`
`576`	`576`	`}`
	`577`	`+`
	`578`	`+ class SummaryPostUpdateNode extends SummaryNode, PostUpdateNodeImpl {`
	`579`	`+ SummaryPostUpdateNode() { FlowSummaryImpl::Private::summaryPostUpdateNode(this, _) }`
	`580`	`+`
	`581`	`+ override Node getPreUpdateNode() {`
	`582`	`+ FlowSummaryImpl::Private::summaryPostUpdateNode(this, result)`
	`583`	`+ }`
	`584`	`+ }`
`577`	`585`	`}`
`578`	`586`
`579`	`587`	`private import PostUpdateNodes`