Swift: Add a partial model of Collection.

Author: geoffw0

swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll

@@ -78,6 +78,7 @@ private import internal.FlowSummaryImplSpecific
  * ensuring that they are visible to the taint tracking / data flow library.
  */
 private module Frameworks {
+  private import codeql.swift.frameworks.StandardLibrary.Collection
   private import codeql.swift.frameworks.StandardLibrary.CustomUrlSchemes
   private import codeql.swift.frameworks.StandardLibrary.Data
   private import codeql.swift.frameworks.StandardLibrary.FilePath

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll

@@ -0,0 +1,35 @@
+/**
+ * Provides models for the `Collection` and related Swift class.
+ */
+
+import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.dataflow.ExternalFlow
+private import codeql.swift.dataflow.FlowSteps
+
+
+/**
+ * A model for `Collection` members that permit taint flow.
+ */
+private class CollectionSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";Collection;true;prefix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(through:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(upTo:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(while:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;suffix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;suffix(from:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;dropFirst(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;dropLast(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;removeFirst();;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;remove(at:);;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;removeLast();;;Argument[-1];ReturnValue;taint",
+        ";RangeReplaceableCollection;true;removeLast();;;Argument[-1];ReturnValue;taint",
+        ";BidirectionalCollection;true;joined(separator:);;;Argument[-1..0];ReturnValue;taint",
+      ]
+  }
+}

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll

@@ -109,12 +109,6 @@ private class StringSummaries extends SummaryModelCsv {
         ";String;true;min();;;Argument[-1];ReturnValue;taint",
         ";String;true;min(by:);;;Argument[-1];ReturnValue;taint",
         ";String;true;subscript(_:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;prefix(_:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;prefix(through:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;prefix(upTo:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;prefix(while:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;suffix(_:);;;Argument[-1];ReturnValue;taint",
-        ";String;true;suffix(from:);;;Argument[-1];ReturnValue;taint",
         ";String;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
         ";String;true;randomElement();;;Argument[-1];ReturnValue;taint",
         ";String;true;randomElement(using:);;;Argument[-1];ReturnValue;taint",

swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected

@@ -1189,8 +1189,10 @@
 | string.swift:228:31:228:31 | tainted | string.swift:228:13:228:48 | call to String.init(repeating:count:) |
 | string.swift:228:31:228:31 | tainted | string.swift:230:13:230:13 | tainted |
 | string.swift:230:13:230:13 | [post] tainted | string.swift:231:13:231:13 | tainted |
+| string.swift:230:13:230:13 | tainted | string.swift:230:13:230:33 | call to dropFirst(_:) |
 | string.swift:230:13:230:13 | tainted | string.swift:231:13:231:13 | tainted |
 | string.swift:231:13:231:13 | [post] tainted | string.swift:232:13:232:13 | tainted |
+| string.swift:231:13:231:13 | tainted | string.swift:231:13:231:32 | call to dropLast(_:) |
 | string.swift:231:13:231:13 | tainted | string.swift:232:13:232:13 | tainted |
 | string.swift:232:13:232:13 | [post] tainted | string.swift:232:37:232:37 | tainted |
 | string.swift:232:13:232:13 | tainted | string.swift:232:13:232:55 | call to substring(from:) |
@@ -1216,8 +1218,10 @@
 | string.swift:239:13:239:13 | tainted | string.swift:239:13:239:30 | call to reversed() |
 | string.swift:239:13:239:13 | tainted | string.swift:241:13:241:13 | tainted |
 | string.swift:241:13:241:13 | [post] tainted | string.swift:242:13:242:13 | tainted |
+| string.swift:241:13:241:13 | tainted | string.swift:241:13:241:41 | call to split(separator:maxSplits:omittingEmptySubsequences:) |
 | string.swift:241:13:241:13 | tainted | string.swift:242:13:242:13 | tainted |
 | string.swift:242:13:242:13 | [post] tainted | string.swift:245:13:245:13 | tainted |
+| string.swift:242:13:242:13 | tainted | string.swift:242:13:244:4 | call to split(maxSplits:omittingEmptySubsequences:whereSeparator:) |
 | string.swift:242:13:242:13 | tainted | string.swift:245:13:245:13 | tainted |
 | string.swift:243:5:243:5 | SSA def(c) | string.swift:243:18:243:18 | c |
 | string.swift:243:5:243:5 | c | string.swift:243:5:243:5 | SSA def(c) |
@@ -1258,14 +1262,22 @@
 | string.swift:259:5:259:5 | line | string.swift:259:5:259:5 | SSA def(line) |
 | string.swift:259:11:259:11 | SSA def(stop) | string.swift:261:15:261:15 | stop |
 | string.swift:259:11:259:11 | stop | string.swift:259:11:259:11 | SSA def(stop) |
+| string.swift:264:13:264:26 | [...] | string.swift:264:13:264:35 | call to joined(separator:) |
 | string.swift:264:14:264:14 | clean | string.swift:264:21:264:21 | clean |
 | string.swift:264:21:264:21 | clean | string.swift:265:23:265:23 | clean |
+| string.swift:264:34:264:34 | default separator | string.swift:264:13:264:35 | call to joined(separator:) |
+| string.swift:265:13:265:28 | [...] | string.swift:265:13:265:37 | call to joined(separator:) |
 | string.swift:265:14:265:14 | tainted | string.swift:266:21:266:21 | tainted |
 | string.swift:265:23:265:23 | clean | string.swift:266:14:266:14 | clean |
+| string.swift:265:36:265:36 | default separator | string.swift:265:13:265:37 | call to joined(separator:) |
+| string.swift:266:13:266:28 | [...] | string.swift:266:13:266:37 | call to joined(separator:) |
 | string.swift:266:14:266:14 | clean | string.swift:269:13:269:13 | clean |
 | string.swift:266:21:266:21 | tainted | string.swift:267:14:267:14 | tainted |
+| string.swift:266:36:266:36 | default separator | string.swift:266:13:266:37 | call to joined(separator:) |
+| string.swift:267:13:267:30 | [...] | string.swift:267:13:267:39 | call to joined(separator:) |
 | string.swift:267:14:267:14 | tainted | string.swift:267:23:267:23 | tainted |
 | string.swift:267:23:267:23 | tainted | string.swift:270:13:270:13 | tainted |
+| string.swift:267:38:267:38 | default separator | string.swift:267:13:267:39 | call to joined(separator:) |
 | string.swift:269:13:269:13 | [post] clean | string.swift:271:13:271:13 | clean |
 | string.swift:269:13:269:13 | clean | string.swift:269:13:269:19 | .description |
 | string.swift:269:13:269:13 | clean | string.swift:271:13:271:13 | clean |
@@ -1352,6 +1364,7 @@
 | string.swift:300:14:300:22 | call to source2() | string.swift:300:7:300:7 | SSA def(str1) |
 | string.swift:301:13:301:13 | [post] str1 | string.swift:302:13:302:13 | str1 |
 | string.swift:301:13:301:13 | str1 | string.swift:302:13:302:13 | str1 |
+| string.swift:302:13:302:13 | &... | string.swift:302:13:302:44 | call to remove(at:) |
 | string.swift:302:13:302:13 | &... | string.swift:302:29:302:29 | str1 |
 | string.swift:302:13:302:13 | [post] &... | string.swift:302:29:302:29 | str1 |
 | string.swift:302:13:302:13 | str1 | string.swift:302:13:302:13 | &... |
@@ -1375,6 +1388,7 @@
 | string.swift:315:14:315:22 | call to source2() | string.swift:315:7:315:7 | SSA def(str4) |
 | string.swift:316:13:316:13 | [post] str4 | string.swift:317:13:317:13 | str4 |
 | string.swift:316:13:316:13 | str4 | string.swift:317:13:317:13 | str4 |
+| string.swift:317:13:317:13 | &... | string.swift:317:13:317:30 | call to removeFirst() |
 | string.swift:317:13:317:13 | &... | string.swift:318:13:318:13 | str4 |
 | string.swift:317:13:317:13 | [post] &... | string.swift:318:13:318:13 | str4 |
 | string.swift:317:13:317:13 | str4 | string.swift:317:13:317:13 | &... |
@@ -1385,6 +1399,7 @@
 | string.swift:319:3:319:3 | str4 | string.swift:319:3:319:3 | &... |
 | string.swift:320:13:320:13 | [post] str4 | string.swift:321:13:321:13 | str4 |
 | string.swift:320:13:320:13 | str4 | string.swift:321:13:321:13 | str4 |
+| string.swift:321:13:321:13 | &... | string.swift:321:13:321:29 | call to removeLast() |
 | string.swift:321:13:321:13 | &... | string.swift:322:13:322:13 | str4 |
 | string.swift:321:13:321:13 | [post] &... | string.swift:322:13:322:13 | str4 |
 | string.swift:321:13:321:13 | str4 | string.swift:321:13:321:13 | &... |
@@ -1691,12 +1706,14 @@
 | string.swift:546:20:546:20 | sub1 | string.swift:546:13:546:24 | call to String.init(_:) |
 | string.swift:548:7:548:7 | SSA def(sub2) | string.swift:549:13:549:13 | sub2 |
 | string.swift:548:14:548:14 | [post] tainted | string.swift:552:14:552:14 | tainted |
+| string.swift:548:14:548:14 | tainted | string.swift:548:14:548:31 | call to prefix(_:) |
 | string.swift:548:14:548:14 | tainted | string.swift:552:14:552:14 | tainted |
 | string.swift:548:14:548:31 | call to prefix(_:) | string.swift:548:7:548:7 | SSA def(sub2) |
 | string.swift:549:13:549:13 | sub2 | string.swift:550:20:550:20 | sub2 |
 | string.swift:550:20:550:20 | sub2 | string.swift:550:13:550:24 | call to String.init(_:) |
 | string.swift:552:7:552:7 | SSA def(sub3) | string.swift:553:13:553:13 | sub3 |
 | string.swift:552:14:552:14 | [post] tainted | string.swift:552:38:552:38 | tainted |
+| string.swift:552:14:552:14 | tainted | string.swift:552:14:552:54 | call to prefix(through:) |
 | string.swift:552:14:552:14 | tainted | string.swift:552:38:552:38 | tainted |
 | string.swift:552:14:552:54 | call to prefix(through:) | string.swift:552:7:552:7 | SSA def(sub3) |
 | string.swift:552:38:552:38 | [post] tainted | string.swift:556:14:556:14 | tainted |
@@ -1705,6 +1722,7 @@
 | string.swift:554:20:554:20 | sub3 | string.swift:554:13:554:24 | call to String.init(_:) |
 | string.swift:556:7:556:7 | SSA def(sub4) | string.swift:557:13:557:13 | sub4 |
 | string.swift:556:14:556:14 | [post] tainted | string.swift:556:35:556:35 | tainted |
+| string.swift:556:14:556:14 | tainted | string.swift:556:14:556:51 | call to prefix(upTo:) |
 | string.swift:556:14:556:14 | tainted | string.swift:556:35:556:35 | tainted |
 | string.swift:556:14:556:51 | call to prefix(upTo:) | string.swift:556:7:556:7 | SSA def(sub4) |
 | string.swift:556:35:556:35 | [post] tainted | string.swift:560:14:560:14 | tainted |
@@ -1713,12 +1731,14 @@
 | string.swift:558:20:558:20 | sub4 | string.swift:558:13:558:24 | call to String.init(_:) |
 | string.swift:560:7:560:7 | SSA def(sub5) | string.swift:561:13:561:13 | sub5 |
 | string.swift:560:14:560:14 | [post] tainted | string.swift:564:14:564:14 | tainted |
+| string.swift:560:14:560:14 | tainted | string.swift:560:14:560:31 | call to suffix(_:) |
 | string.swift:560:14:560:14 | tainted | string.swift:564:14:564:14 | tainted |
 | string.swift:560:14:560:31 | call to suffix(_:) | string.swift:560:7:560:7 | SSA def(sub5) |
 | string.swift:561:13:561:13 | sub5 | string.swift:562:20:562:20 | sub5 |
 | string.swift:562:20:562:20 | sub5 | string.swift:562:13:562:24 | call to String.init(_:) |
 | string.swift:564:7:564:7 | SSA def(sub6) | string.swift:565:13:565:13 | sub6 |
 | string.swift:564:14:564:14 | [post] tainted | string.swift:564:35:564:35 | tainted |
+| string.swift:564:14:564:14 | tainted | string.swift:564:14:564:53 | call to suffix(from:) |
 | string.swift:564:14:564:14 | tainted | string.swift:564:35:564:35 | tainted |
 | string.swift:564:14:564:53 | call to suffix(from:) | string.swift:564:7:564:7 | SSA def(sub6) |
 | string.swift:565:13:565:13 | sub6 | string.swift:566:20:566:20 | sub6 |