Merge pull request github#11273 from atorralba/atorralba/swift/string-utf8-step

atorralba · web-flow · commit 89a8ccb82861 · 2022-11-15T16:46:26.000+01:00
Swift: Add `AdditionalTaintStep`
diff --git a/swift/ql/lib/codeql/swift/dataflow/FlowSteps.qll b/swift/ql/lib/codeql/swift/dataflow/FlowSteps.qll
@@ -1,6 +1,20 @@
 import swift
 private import codeql.swift.dataflow.DataFlow
 
+/**
+ * A unit class for adding additional taint steps.
+ *
+ * Extend this class to add additional taint steps that should apply to all
+ * taint configurations.
+ */
+class AdditionalTaintStep extends Unit {
+  /**
+   * Holds if the step from `node1` to `node2` should be considered a taint
+   * step for all configurations.
+   */
+  abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
+}
+
 /**
  * A `Content` that should be implicitly regarded as tainted whenever an object with such `Content`
  * is itself tainted.
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
@@ -64,6 +64,8 @@ private module Cached {
     or
     // flow through a flow summary (extension of `SummaryModelCsv`)
     FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)
+    or
+    any(AdditionalTaintStep a).step(nodeFrom, nodeTo)
   }
 
   /**

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,8 @@ private module Cached {`
`64`	`64`	`or`
`65`	`65`	// flow through a flow summary (extension of `SummaryModelCsv`)
`66`	`66`	`FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)`
	`67`	`+ or`
	`68`	`+ any(AdditionalTaintStep a).step(nodeFrom, nodeTo)`
`67`	`69`	`}`
`68`	`70`
`69`	`71`	`/**`