Swift: Model mainDocumentURL.

Author: geoffw0

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll

@@ -22,16 +22,18 @@ private class UriFieldsInheritTaint extends TaintInheritingContent, DataFlow::Co
 }
 
 /**
- * A content implying that, if a `URLRequest` is tainted, then its fields `url`, `httpBody`,
- * `httpBodyStream`, `mainDocument` and `allHTTPHeaderFields` are tainted.
+ * A content implying that, if a `URLRequest` is tainted, then certain fields tainted.
  */
 private class UrlRequestFieldsInheritTaint extends TaintInheritingContent,
   DataFlow::Content::FieldContent
 {
   UrlRequestFieldsInheritTaint() {
     this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "URLRequest" and
     this.getField().getName() =
-      ["url", "httpBody", "httpBodyStream", "mainDocument", "allHTTPHeaderFields"]
+      [
+        "url", "httpBody", "httpBodyStream", "mainDocument", "mainDocumentURL",
+        "allHTTPHeaderFields"
+      ]
   }
 }
 

swift/ql/test/library-tests/dataflow/taint/libraries/url.swift

@@ -445,7 +445,7 @@ func taintThroughUrlRequest() {
 	sink(any: clean.mainDocument)
 	sink(any: tainted.mainDocument) // $ tainted=431
 	sink(any: clean.mainDocumentURL!)
-	sink(any: tainted.mainDocumentURL!) // $ MISSING: tainted=431
+	sink(any: tainted.mainDocumentURL!) // $ tainted=431
 	sink(any: clean.allHTTPHeaderFields!)
 	sink(any: tainted.allHTTPHeaderFields!) // $ tainted=431
 	sink(any: clean.timeoutInterval)