Swift: Add CSV extension points.

geoffw0 · geoffw0 · commit ea4c2e432100 · 2023-02-27T23:01:05.000Z
diff --git a/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll
@@ -6,6 +6,7 @@
 import swift
 import codeql.swift.security.SensitiveExprs
 import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.ExternalFlow
 
 /**
  * A dataflow sink for cleartext database storage vulnerabilities. That is,
@@ -150,3 +151,10 @@ private class CleartextStorageDatabaseArrayAdditionalTaintStep extends Cleartext
     )
   }
 }
+
+/**
+ * A sink defined in a CSV model.
+ */
+private class DefaultCleartextStorageDatabaseSink extends CleartextStorageDatabaseSink {
+  DefaultCleartextStorageDatabaseSink() { sinkNode(this, "database-store") }
+}
diff --git a/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll
@@ -6,6 +6,7 @@
 import swift
 import codeql.swift.security.SensitiveExprs
 import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.ExternalFlow
 
 /**
  * A dataflow sink for cleartext preferences storage vulnerabilities. That is,
@@ -78,3 +79,10 @@ private class CleartextStoragePreferencesEncryptionSanitizer extends CleartextSt
     this.asExpr() instanceof EncryptedExpr
   }
 }
+
+/**
+ * A sink defined in a CSV model.
+ */
+private class DefaultCleartextStoragePreferencesSink extends CleartextStoragePreferencesSink {
+  DefaultCleartextStoragePreferencesSink() { sinkNode(this, "preferences-store") }
+}
diff --git a/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll
@@ -6,6 +6,7 @@
 import swift
 import codeql.swift.security.SensitiveExprs
 import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.ExternalFlow
 
 /**
  * A dataflow sink for cleartext transmission vulnerabilities. That is,
@@ -87,3 +88,10 @@ private class CleartextTransmissionEncryptionSanitizer extends CleartextTransmis
     this.asExpr() instanceof EncryptedExpr
   }
 }
+
+/**
+ * A sink defined in a CSV model.
+ */
+private class DefaultCleartextTransmissionSink extends CleartextTransmissionSink {
+  DefaultCleartextTransmissionSink() { sinkNode(this, "transmission") }
+}

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`import swift`
`7`	`7`	`import codeql.swift.security.SensitiveExprs`
`8`	`8`	`import codeql.swift.dataflow.DataFlow`
	`9`	`+import codeql.swift.dataflow.ExternalFlow`
`9`	`10`
`10`	`11`	`/**`
`11`	`12`	`* A dataflow sink for cleartext database storage vulnerabilities. That is,`
`@@ -150,3 +151,10 @@ private class CleartextStorageDatabaseArrayAdditionalTaintStep extends Cleartext`
`150`	`151`	`)`
`151`	`152`	`}`
`152`	`153`	`}`
	`154`	`+`
	`155`	`+/**`
	`156`	`+ * A sink defined in a CSV model.`
	`157`	`+ */`
	`158`	`+private class DefaultCleartextStorageDatabaseSink extends CleartextStorageDatabaseSink {`
	`159`	`+ DefaultCleartextStorageDatabaseSink() { sinkNode(this, "database-store") }`
	`160`	`+}`