Swift: Make the 'completePath' models work.

Author: geoffw0

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll

@@ -103,8 +103,8 @@ private class NsStringSummaries extends SummaryModelCsv {
         ";NSString;true;data(using:);;;Argument[-1];ReturnValue;taint",
         ";NSString;true;data(using:allowLossyConversion:);;;Argument[-1];ReturnValue;taint",
         ";NSString;true;path(withComponents:);;;Argument[0];ReturnValue;taint",
-        ";NSString;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0];taint",
-        ";NSString;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2];taint",
+        ";NSString;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0].CollectionElement;taint",
+        ";NSString;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2].CollectionElement.CollectionElement;taint",
         ";NSString;true;getFileSystemRepresentation(_:maxLength:);;;Argument[-1];Argument[0];taint",
         ";NSString;true;appendingPathComponent(_:);;;Argument[-1..0];ReturnValue;taint",
         ";NSString;true;appendingPathComponent(_:conformingTo:);;;Argument[-1..0];ReturnValue;taint",

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll

@@ -45,8 +45,8 @@ private class StringSummaries extends SummaryModelCsv {
         ";StringProtocol;true;applyingTransform(_:reverse:);;;Argument[-1];ReturnValue;taint",
         ";StringProtocol;true;cString(using:);;;Argument[-1];ReturnValue;taint",
         ";StringProtocol;true;capitalized(with:);;;Argument[-1];ReturnValue;taint",
-        ";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0].OptionalSome.CollectionElement;taint",
-        ";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2].OptionalSome.CollectionElement.CollectionElement;taint",
+        ";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0].CollectionElement;taint",
+        ";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2].CollectionElement.CollectionElement;taint",
         ";StringProtocol;true;components(separatedBy:);;;Argument[-1];ReturnValue;taint",
         ";StringProtocol;true;data(using:allowLossyConversion:);;;Argument[-1];ReturnValue;taint",
         ";StringProtocol;true;folding(options:locale:);;;Argument[-1];ReturnValue;taint",

swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift

@@ -479,7 +479,7 @@ func testPathInjection2(s1: UnsafeMutablePointer<String>, s2: UnsafeMutablePoint
 
     _ = remoteString.completePath(into: s3, caseSensitive: false, matchesInto: nil, filterTypes: nil)
     _ = NSData().write(toFile: s3.pointee, atomically: true) // $ MISSING: hasPathInjection=445
-    _ = NSData().write(toFile: s3[0], atomically: true) // $ MISSING: hasPathInjection=445
+    _ = NSData().write(toFile: s3[0], atomically: true) // $ hasPathInjection=445
 
     _ = fm.fileAttributes(atPath: remoteString, traverseLink: true) // $ hasPathInjection=445
     _ = try fm.attributesOfItem(atPath: remoteString) // $ hasPathInjection=445