Merge pull request github#12415 from github/rdmarsh2/swift/constructor-flow

Author: MathiasVP

swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll

@@ -400,6 +400,19 @@ private module ReturnNodes {
     override ReturnKind getKind() { result instanceof NormalReturnKind }
   }
 
+  /**
+   * A data-flow node that represents the `self` value in a constructor being
+   * implicitly returned as the newly-constructed object
+   */
+  class SelfReturnNode extends InoutReturnNodeImpl {
+    SelfReturnNode() {
+      exit.getScope() instanceof ConstructorDecl and
+      param instanceof SelfParamDecl
+    }
+
+    override ReturnKind getKind() { result instanceof NormalReturnKind }
+  }
+
   class InoutReturnNodeImpl extends ReturnNode, TInoutReturnNode, NodeImpl {
     ParamDecl param;
     ControlFlowNode exit;

swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected

@@ -1,6 +1,7 @@
 edges
 | file://:0:0:0:0 | [summary param] this in signum() :  | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  |
 | file://:0:0:0:0 | self [a, x] :  | file://:0:0:0:0 | .a [x] :  |
+| file://:0:0:0:0 | self [str] :  | file://:0:0:0:0 | .str :  |
 | file://:0:0:0:0 | self [x] :  | file://:0:0:0:0 | .x :  |
 | file://:0:0:0:0 | self [x] :  | file://:0:0:0:0 | .x :  |
 | file://:0:0:0:0 | value :  | file://:0:0:0:0 | [post] self [x] :  |
@@ -155,15 +156,33 @@ edges
 | test.swift:472:20:472:20 | cx [x] :  | test.swift:472:20:472:23 | .x :  |
 | test.swift:472:20:472:23 | .x :  | test.swift:473:15:473:15 | z1 |
 | test.swift:479:14:479:21 | call to source() :  | test.swift:479:13:479:21 | call to +(_:) |
+| test.swift:488:9:488:9 | self [str] :  | file://:0:0:0:0 | self [str] :  |
+| test.swift:489:10:489:13 | s :  | test.swift:490:13:490:13 | s :  |
+| test.swift:490:7:490:7 | [post] self [str] :  | test.swift:489:5:491:5 | self[return] [str] :  |
+| test.swift:490:13:490:13 | s :  | test.swift:490:7:490:7 | [post] self [str] :  |
+| test.swift:495:17:498:5 | self[return] [str] :  | test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  |
+| test.swift:496:7:496:7 | [post] self [str] :  | test.swift:495:17:498:5 | self[return] [str] :  |
+| test.swift:496:7:496:7 | [post] self [str] :  | test.swift:497:17:497:17 | self [str] :  |
+| test.swift:496:20:496:28 | call to source3() :  | test.swift:489:10:489:13 | s :  |
+| test.swift:496:20:496:28 | call to source3() :  | test.swift:496:7:496:7 | [post] self [str] :  |
+| test.swift:497:17:497:17 | self [str] :  | test.swift:497:17:497:17 | .str |
+| test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  | test.swift:488:9:488:9 | self [str] :  |
+| test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  | test.swift:502:13:502:35 | .str |
+| test.swift:502:24:502:32 | call to source3() :  | test.swift:489:10:489:13 | s :  |
+| test.swift:502:24:502:32 | call to source3() :  | test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  |
+| test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  | test.swift:488:9:488:9 | self [str] :  |
+| test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  | test.swift:503:13:503:43 | .str |
 nodes
 | file://:0:0:0:0 | .a [x] :  | semmle.label | .a [x] :  |
+| file://:0:0:0:0 | .str :  | semmle.label | .str :  |
 | file://:0:0:0:0 | .x :  | semmle.label | .x :  |
 | file://:0:0:0:0 | .x :  | semmle.label | .x :  |
 | file://:0:0:0:0 | [post] self [x] :  | semmle.label | [post] self [x] :  |
 | file://:0:0:0:0 | [post] self [x] :  | semmle.label | [post] self [x] :  |
 | file://:0:0:0:0 | [summary param] this in signum() :  | semmle.label | [summary param] this in signum() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  | semmle.label | [summary] to write: return (return) in signum() :  |
 | file://:0:0:0:0 | self [a, x] :  | semmle.label | self [a, x] :  |
+| file://:0:0:0:0 | self [str] :  | semmle.label | self [str] :  |
 | file://:0:0:0:0 | self [x] :  | semmle.label | self [x] :  |
 | file://:0:0:0:0 | self [x] :  | semmle.label | self [x] :  |
 | file://:0:0:0:0 | value :  | semmle.label | value :  |
@@ -328,6 +347,21 @@ nodes
 | test.swift:479:13:479:21 | call to +(_:) | semmle.label | call to +(_:) |
 | test.swift:479:14:479:21 | call to source() :  | semmle.label | call to source() :  |
 | test.swift:480:14:480:21 | call to source() | semmle.label | call to source() |
+| test.swift:488:9:488:9 | self [str] :  | semmle.label | self [str] :  |
+| test.swift:489:5:491:5 | self[return] [str] :  | semmle.label | self[return] [str] :  |
+| test.swift:489:10:489:13 | s :  | semmle.label | s :  |
+| test.swift:490:7:490:7 | [post] self [str] :  | semmle.label | [post] self [str] :  |
+| test.swift:490:13:490:13 | s :  | semmle.label | s :  |
+| test.swift:495:17:498:5 | self[return] [str] :  | semmle.label | self[return] [str] :  |
+| test.swift:496:7:496:7 | [post] self [str] :  | semmle.label | [post] self [str] :  |
+| test.swift:496:20:496:28 | call to source3() :  | semmle.label | call to source3() :  |
+| test.swift:497:17:497:17 | .str | semmle.label | .str |
+| test.swift:497:17:497:17 | self [str] :  | semmle.label | self [str] :  |
+| test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  | semmle.label | call to MyClass.init(s:) [str] :  |
+| test.swift:502:13:502:35 | .str | semmle.label | .str |
+| test.swift:502:24:502:32 | call to source3() :  | semmle.label | call to source3() :  |
+| test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  | semmle.label | call to Self.init(contentsOfFile:) [str] :  |
+| test.swift:503:13:503:43 | .str | semmle.label | .str |
 subpaths
 | test.swift:75:21:75:22 | &... :  | test.swift:65:16:65:28 | arg1 :  | test.swift:65:1:70:1 | arg2[return] :  | test.swift:75:31:75:32 | [post] &... :  |
 | test.swift:114:19:114:19 | arg :  | test.swift:109:9:109:14 | arg :  | test.swift:110:12:110:12 | arg :  | test.swift:114:12:114:22 | call to ... :  |
@@ -360,6 +394,10 @@ subpaths
 | test.swift:303:15:303:16 | ...! :  | file://:0:0:0:0 | [summary param] this in signum() :  | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  | test.swift:303:15:303:25 | call to signum() |
 | test.swift:468:12:468:12 | x :  | test.swift:462:9:462:9 | value :  | file://:0:0:0:0 | [post] self [x] :  | test.swift:468:5:468:5 | [post] cx [x] :  |
 | test.swift:472:20:472:20 | cx [x] :  | test.swift:462:9:462:9 | self [x] :  | file://:0:0:0:0 | .x :  | test.swift:472:20:472:23 | .x :  |
+| test.swift:496:20:496:28 | call to source3() :  | test.swift:489:10:489:13 | s :  | test.swift:490:7:490:7 | [post] self [str] :  | test.swift:496:7:496:7 | [post] self [str] :  |
+| test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  | test.swift:488:9:488:9 | self [str] :  | file://:0:0:0:0 | .str :  | test.swift:502:13:502:35 | .str |
+| test.swift:502:24:502:32 | call to source3() :  | test.swift:489:10:489:13 | s :  | test.swift:489:5:491:5 | self[return] [str] :  | test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  |
+| test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  | test.swift:488:9:488:9 | self [str] :  | file://:0:0:0:0 | .str :  | test.swift:503:13:503:43 | .str |
 #select
 | test.swift:7:15:7:15 | t1 | test.swift:6:19:6:26 | call to source() :  | test.swift:7:15:7:15 | t1 | result |
 | test.swift:9:15:9:15 | t1 | test.swift:6:19:6:26 | call to source() :  | test.swift:9:15:9:15 | t1 | result |
@@ -414,3 +452,6 @@ subpaths
 | test.swift:473:15:473:15 | z1 | test.swift:259:12:259:19 | call to source() :  | test.swift:473:15:473:15 | z1 | result |
 | test.swift:479:13:479:21 | call to +(_:) | test.swift:479:14:479:21 | call to source() :  | test.swift:479:13:479:21 | call to +(_:) | result |
 | test.swift:480:14:480:21 | call to source() | test.swift:480:14:480:21 | call to source() | test.swift:480:14:480:21 | call to source() | result |
+| test.swift:497:17:497:17 | .str | test.swift:496:20:496:28 | call to source3() :  | test.swift:497:17:497:17 | .str | result |
+| test.swift:502:13:502:35 | .str | test.swift:502:24:502:32 | call to source3() :  | test.swift:502:13:502:35 | .str | result |
+| test.swift:503:13:503:43 | .str | test.swift:496:20:496:28 | call to source3() :  | test.swift:503:13:503:43 | .str | result |

swift/ql/test/library-tests/dataflow/dataflow/FlowConfig.qll

@@ -15,7 +15,7 @@ class TestConfiguration extends DataFlow::Configuration {
 
   override predicate isSink(DataFlow::Node sink) {
     exists(CallExpr sinkCall |
-      sinkCall.getStaticTarget().getName() = ["sink(arg:)", "sink(opt:)"] and
+      sinkCall.getStaticTarget().getName() = ["sink(arg:)", "sink(opt:)", "sink(str:)"] and
       sinkCall.getAnArgument().getExpr() = sink.asExpr()
     )
   }

swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected

@@ -391,3 +391,32 @@
 | test.swift:474:11:474:15 | SSA def(z2) | test.swift:475:15:475:15 | z2 |
 | test.swift:474:20:474:23 | .x | test.swift:474:11:474:15 | SSA def(z2) |
 | test.swift:479:14:479:21 | call to source() | test.swift:479:13:479:21 | call to +(_:) |
+| test.swift:487:7:487:7 | SSA def(self) | test.swift:487:7:487:7 | self[return] |
+| test.swift:487:7:487:7 | self | test.swift:487:7:487:7 | SSA def(self) |
+| test.swift:488:9:488:9 | self | test.swift:488:9:488:9 | SSA def(self) |
+| test.swift:488:9:488:9 | self | test.swift:488:9:488:9 | SSA def(self) |
+| test.swift:488:9:488:9 | self | test.swift:488:9:488:9 | SSA def(self) |
+| test.swift:488:9:488:9 | value | test.swift:488:9:488:9 | SSA def(value) |
+| test.swift:489:5:489:5 | SSA def(self) | test.swift:490:7:490:7 | self |
+| test.swift:489:5:489:5 | self | test.swift:489:5:489:5 | SSA def(self) |
+| test.swift:489:10:489:13 | SSA def(s) | test.swift:490:13:490:13 | s |
+| test.swift:489:10:489:13 | s | test.swift:489:10:489:13 | SSA def(s) |
+| test.swift:490:7:490:7 | [post] self | test.swift:489:5:491:5 | self[return] |
+| test.swift:490:7:490:7 | self | test.swift:489:5:491:5 | self[return] |
+| test.swift:495:17:495:17 | SSA def(self) | test.swift:496:7:496:7 | self |
+| test.swift:495:17:495:17 | self | test.swift:495:17:495:17 | SSA def(self) |
+| test.swift:496:7:496:7 | [post] self | test.swift:497:17:497:17 | self |
+| test.swift:496:7:496:7 | self | test.swift:497:17:497:17 | self |
+| test.swift:497:17:497:17 | [post] self | test.swift:495:17:498:5 | self[return] |
+| test.swift:497:17:497:17 | self | test.swift:495:17:498:5 | self[return] |
+| test.swift:501:21:501:27 | SSA def(path) | test.swift:503:37:503:37 | path |
+| test.swift:501:21:501:27 | path | test.swift:501:21:501:27 | SSA def(path) |
+| test.swift:506:7:506:7 | SSA def(self) | test.swift:506:7:506:7 | self[return] |
+| test.swift:506:7:506:7 | self | test.swift:506:7:506:7 | SSA def(self) |
+| test.swift:507:3:507:3 | SSA def(self) | test.swift:507:3:507:40 | self[return] |
+| test.swift:507:3:507:3 | self | test.swift:507:3:507:3 | SSA def(self) |
+| test.swift:507:27:507:38 | SSA def(n) | test.swift:507:3:507:40 | n[return] |
+| test.swift:507:31:507:38 | call to source() | test.swift:507:27:507:38 | SSA def(n) |
+| test.swift:513:7:513:7 | SSA def(n) | test.swift:514:36:514:36 | n |
+| test.swift:513:11:513:11 | 0 | test.swift:513:7:513:7 | SSA def(n) |
+| test.swift:514:36:514:36 | n | test.swift:514:35:514:36 | &... |

swift/ql/test/library-tests/dataflow/dataflow/test.swift

@@ -479,3 +479,37 @@ func testIdentityArithmetic() {
   sink(arg: +source()) // $ flow=479
   sink(arg: (source())) // $ flow=480
 }
+
+func sink(str: String) {}
+
+func source3() -> String { return "" }
+
+class MyClass {
+    var str: String
+    init(s: String) {
+      str = s
+    }
+}
+
+extension MyClass {
+    convenience init(contentsOfFile: String) {
+      self.init(s: source3()) 
+      sink(str: str) // $ flow=496
+    }
+}
+
+func extensionInits(path: String) {
+  sink(str: MyClass(s: source3()).str) // $ flow=502
+  sink(str: MyClass(contentsOfFile: path).str) // $ flow=496
+}
+
+class InoutConstructorClass {
+  init(_ n : inout Int) { n = source() }
+}
+
+func sink(arg: InoutConstructorClass) {}
+
+func inoutConstructor() {
+  var n = 0
+  sink(arg: InoutConstructorClass(&n))
+}