Swift: {Method,Initializer}CallExpr + SelfRefExpr

d10c · d10c · commit 89cd082f0ad1 · 2022-12-14T14:28:01.000-05:00
Adds a bit of symmetry in the API.

Also, fix a couple of tests that were using the old types.
diff --git a/swift/ql/lib/codeql/swift/elements/expr/InitializerCallExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/InitializerCallExpr.qll
@@ -0,0 +1,9 @@
+private import codeql.swift.elements.expr.MethodCallExpr
+private import codeql.swift.elements.expr.InitializerLookupExpr
+private import codeql.swift.elements.decl.ConstructorDecl
+
+class InitializerCallExpr extends MethodCallExpr {
+  InitializerCallExpr() { this.getFunction() instanceof InitializerLookupExpr }
+
+  override ConstructorDecl getStaticTarget() { result = super.getStaticTarget() }
+}
diff --git a/swift/ql/lib/codeql/swift/elements/expr/MethodCallExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/MethodCallExpr.qll
@@ -0,0 +1,10 @@
+private import codeql.swift.elements.expr.CallExpr
+private import codeql.swift.elements.expr.ApplyExpr
+private import codeql.swift.elements.expr.SuperRefExpr
+private import codeql.swift.elements.expr.SelfRefExpr
+
+class MethodCallExpr extends CallExpr, MethodApplyExpr {
+  predicate isSelfCall() { this.getQualifier() instanceof SelfRefExpr }
+
+  predicate isSuperCall() { this.getQualifier() instanceof SuperRefExpr }
+}
diff --git a/swift/ql/lib/codeql/swift/elements/expr/MethodCallExprConstructor.qll b/swift/ql/lib/codeql/swift/elements/expr/MethodCallExprConstructor.qll
diff --git a/swift/ql/lib/codeql/swift/elements/expr/SelfRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/SelfRefExpr.qll
@@ -0,0 +1,14 @@
+private import codeql.swift.elements.expr.DeclRefExpr
+private import codeql.swift.elements.decl.MethodDecl
+private import codeql.swift.elements.decl.VarDecl
+
+/** A reference to `self`. */
+class SelfRefExpr extends DeclRefExpr {
+  MethodDecl methodDecl;
+
+  SelfRefExpr() { this.getDecl() = methodDecl.getSelfParam() }
+
+  VarDecl getSelf() { result = this.getDecl() }
+
+  MethodDecl getMethodDecl() { result = methodDecl }
+}
diff --git a/swift/ql/lib/codeql/swift/elements/expr/SuperRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/SuperRefExpr.qll
@@ -1,5 +1,9 @@
 private import codeql.swift.generated.expr.SuperRefExpr
+private import codeql.swift.elements.decl.MethodDecl
 
+/** A reference to `super`. */
 class SuperRefExpr extends Generated::SuperRefExpr {
   override string toString() { result = "super" }
+
+  MethodDecl getMethodDecl() { this.getSelf() = result.getSelfParam() }
 }
diff --git a/swift/ql/lib/codeql/swift/security/XXE.qll b/swift/ql/lib/codeql/swift/security/XXE.qll
@@ -31,7 +31,7 @@ private class XmlParserXxeSink extends XxeSink {
 /** The construction of a `XMLParser` that enables external entities. */
 private class VulnerableParser extends CallExpr {
   VulnerableParser() {
-    resolvesExternalEntities(this) and this.getFunction() instanceof ConstructorRefCallExpr
+    resolvesExternalEntities(this) and this.getFunction() instanceof InitializerLookupExpr
   }
 }
 
diff --git a/swift/ql/lib/swift.qll b/swift/ql/lib/swift.qll
@@ -5,6 +5,9 @@ import codeql.swift.elements.expr.ArithmeticOperation
 import codeql.swift.elements.expr.BitwiseOperation
 import codeql.swift.elements.expr.LogicalOperation
 import codeql.swift.elements.expr.InitializerLookupExpr
+import codeql.swift.elements.expr.MethodCallExpr
+import codeql.swift.elements.expr.InitializerCallExpr
+import codeql.swift.elements.expr.SelfRefExpr
 import codeql.swift.elements.decl.MethodDecl
 import codeql.swift.elements.decl.ClassOrStructDecl
 import codeql.swift.Unit
diff --git a/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql b/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
@@ -32,14 +32,15 @@ class StaticInitializationVectorSource extends Expr {
 class EncryptionInitializationSink extends Expr {
   EncryptionInitializationSink() {
     // `iv` arg in `init` is a sink
-    exists(CallExpr call, string fName |
+    exists(InitializerCallExpr call, string fName |
       call.getStaticTarget()
-          .(ConstructorDecl)
           .hasQualifiedName([
               "AES", "ChaCha20", "Blowfish", "Rabbit", "CBC", "CFB", "GCM", "OCB", "OFB", "PCBC",
               "CCM", "CTR"
             ], fName) and
-      call.getArgumentWithLabel("iv").getExpr() = this
+      call.getArgumentWithLabel("iv").getExpr() = this and
+      not call.isSelfCall() and
+      not call.isSuperCall()
     )
   }
 }
diff --git a/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql b/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql
@@ -26,7 +26,7 @@ class InsecureTlsConfig extends TaintTracking::Configuration {
    * Holds for enum values that represent an insecure version of TLS
    */
   override predicate isSource(DataFlow::Node node) {
-    node.asExpr().(MethodRefExpr).getMember().(EnumElementDecl).getName() =
+    node.asExpr().(MethodLookupExpr).getMember().(EnumElementDecl).getName() =
       ["TLSv10", "TLSv11", "tlsProtocol10", "tlsProtocol11"]
   }
 

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,9 @@`
`1`	`1`	`private import codeql.swift.generated.expr.SuperRefExpr`
	`2`	`+private import codeql.swift.elements.decl.MethodDecl`
`2`	`3`
	`4`	+/** A reference to `super`. */
`3`	`5`	`class SuperRefExpr extends Generated::SuperRefExpr {`
`4`	`6`	`override string toString() { result = "super" }`
	`7`	`+`
	`8`	`+ MethodDecl getMethodDecl() { this.getSelf() = result.getSelfParam() }`
`5`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ private class XmlParserXxeSink extends XxeSink {`
`31`	`31`	/** The construction of a `XMLParser` that enables external entities. */
`32`	`32`	`private class VulnerableParser extends CallExpr {`
`33`	`33`	`VulnerableParser() {`
`34`		`- resolvesExternalEntities(this) and this.getFunction() instanceof ConstructorRefCallExpr`
	`34`	`+ resolvesExternalEntities(this) and this.getFunction() instanceof InitializerLookupExpr`
`35`	`35`	`}`
`36`	`36`	`}`
`37`	`37`
Original file line number	Diff line number	Diff line change
`@@ -32,14 +32,15 @@ class StaticInitializationVectorSource extends Expr {`
`32`	`32`	`class EncryptionInitializationSink extends Expr {`
`33`	`33`	`EncryptionInitializationSink() {`
`34`	`34`	// `iv` arg in `init` is a sink
`35`		`- exists(CallExpr call, string fName \|`
	`35`	`+ exists(InitializerCallExpr call, string fName \|`
`36`	`36`	`call.getStaticTarget()`
`37`		`- .(ConstructorDecl)`
`38`	`37`	`.hasQualifiedName([`
`39`	`38`	`"AES", "ChaCha20", "Blowfish", "Rabbit", "CBC", "CFB", "GCM", "OCB", "OFB", "PCBC",`
`40`	`39`	`"CCM", "CTR"`
`41`	`40`	`], fName) and`
`42`		`- call.getArgumentWithLabel("iv").getExpr() = this`
	`41`	`+ call.getArgumentWithLabel("iv").getExpr() = this and`
	`42`	`+ not call.isSelfCall() and`
	`43`	`+ not call.isSuperCall()`
`43`	`44`	`)`
`44`	`45`	`}`
`45`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ class InsecureTlsConfig extends TaintTracking::Configuration {`
`26`	`26`	`* Holds for enum values that represent an insecure version of TLS`
`27`	`27`	`*/`
`28`	`28`	`override predicate isSource(DataFlow::Node node) {`
`29`		`- node.asExpr().(MethodRefExpr).getMember().(EnumElementDecl).getName() =`
	`29`	`+ node.asExpr().(MethodLookupExpr).getMember().(EnumElementDecl).getName() =`
`30`	`30`	`["TLSv10", "TLSv11", "tlsProtocol10", "tlsProtocol11"]`
`31`	`31`	`}`
`32`	`32`