Swift: Clean up sources / make some of them extendable as well.

Author: geoffw0

swift/ql/lib/codeql/swift/security/ECBEncryptionExtensions.qll

@@ -6,6 +6,13 @@
 import swift
 import codeql.swift.dataflow.DataFlow
 
+/**
+ * A dataflow source for ECB encryption vulnerabilities. That is,
+ * a `DataFlow::Node` of something that specifies a block mode
+ * cipher.
+ */
+abstract class EcbEncryptionSource extends DataFlow::Node { }
+
 /**
  * A dataflow sink for ECB encryption vulnerabilities. That is,
  * a `DataFlow::Node` of something that is used as the block mode
@@ -30,7 +37,19 @@ class EcbEncryptionAdditionalTaintStep extends Unit {
 }
 
 /**
- * A block mode being used to form an `AES` cipher.
+ * A block mode for the CryptoSwift library.
+ */
+private class CryptoSwiftEcb extends EcbEncryptionSource {
+  CryptoSwiftEcb() {
+    exists(CallExpr call |
+      call.getStaticTarget().(MethodDecl).hasQualifiedName("ECB", "init()") and
+      this.asExpr() = call
+    )
+  }
+}
+
+/**
+ * A block mode being used to form a CryptoSwift `AES` cipher.
  */
 private class AES extends EcbEncryptionSink {
   AES() {
@@ -45,7 +64,7 @@ private class AES extends EcbEncryptionSink {
 }
 
 /**
- * A block mode being used to form a `Blowfish` cipher.
+ * A block mode being used to form a CryptoSwift `Blowfish` cipher.
  */
 private class Blowfish extends EcbEncryptionSink {
   Blowfish() {

swift/ql/lib/codeql/swift/security/ECBEncryptionQuery.qll

@@ -13,12 +13,7 @@ import codeql.swift.security.ECBEncryptionExtensions
  * it to initialize a cipher.
  */
 module EcbEncryptionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node node) {
-    exists(CallExpr call |
-      call.getStaticTarget().(MethodDecl).hasQualifiedName("ECB", "init()") and
-      node.asExpr() = call
-    )
-  }
+  predicate isSource(DataFlow::Node node) { node instanceof EcbEncryptionSource }
 
   predicate isSink(DataFlow::Node node) { node instanceof EcbEncryptionSink }
 

swift/ql/lib/codeql/swift/security/InsecureTLSExtensions.qll

@@ -6,6 +6,12 @@
 import swift
 import codeql.swift.dataflow.DataFlow
 
+/**
+ * A dataflow source for insecure TLS configuration vulnerabilities. That is,
+ * a `DataFlow::Node` for something that is an insecure TLS version.
+ */
+abstract class InsecureTlsExtensionsSource extends DataFlow::Node { }
+
 /**
  * A dataflow sink for insecure TLS configuration vulnerabilities. That is,
  * a `DataFlow::Node` of something that is used as a TLS version.
@@ -28,6 +34,16 @@ class InsecureTlsExtensionsAdditionalTaintStep extends Unit {
   abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
 }
 
+/**
+ * A source for enum values that represent an insecure version of TLS.
+ */
+private class EnumInsecureTlsExtensionsSource extends InsecureTlsExtensionsSource {
+  EnumInsecureTlsExtensionsSource() {
+    this.asExpr().(MethodLookupExpr).getMember().(EnumElementDecl).getName() =
+      ["TLSv10", "TLSv11", "tlsProtocol10", "tlsProtocol11"]
+  }
+}
+
 /**
  * A sink for assignment of TLS-related properties of `NSURLSessionConfiguration`.
  */

swift/ql/lib/codeql/swift/security/InsecureTLSQuery.qll

@@ -13,13 +13,7 @@ import codeql.swift.security.InsecureTLSExtensions
  * A taint config to detect insecure configuration of `NSURLSessionConfiguration`.
  */
 module InsecureTlsConfig implements DataFlow::ConfigSig {
-  /**
-   * Holds for enum values that represent an insecure version of TLS
-   */
-  predicate isSource(DataFlow::Node node) {
-    node.asExpr().(MethodLookupExpr).getMember().(EnumElementDecl).getName() =
-      ["TLSv10", "TLSv11", "tlsProtocol10", "tlsProtocol11"]
-  }
+  predicate isSource(DataFlow::Node node) {  node instanceof InsecureTlsExtensionsSource }
 
   predicate isSink(DataFlow::Node node) { node instanceof InsecureTlsExtensionsSink }
 

swift/ql/lib/codeql/swift/security/InsufficientHashIterationsQuery.qll

@@ -11,12 +11,12 @@ import codeql.swift.security.InsufficientHashIterationsExtensions
 /**
  * An `Expr` that is used to initialize a password-based encryption key.
  */
-abstract class IterationsSource extends Expr { }
+private abstract class IterationsSource extends Expr { }
 
 /**
  * A literal integer that is 120,000 or less is a source of taint for iterations.
  */
-class IntLiteralSource extends IterationsSource instanceof IntegerLiteralExpr {
+private class IntLiteralSource extends IterationsSource instanceof IntegerLiteralExpr {
   IntLiteralSource() { this.getStringValue().toInt() < 120000 }
 }
 

swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll

@@ -10,7 +10,7 @@ import codeql.swift.dataflow.TaintTracking
 import codeql.swift.security.WeakSensitiveDataHashingExtensions
 
 module WeakHashingConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node node) { node instanceof WeakHashingConfigImpl::Source }
+  predicate isSource(DataFlow::Node node) { node.asExpr() instanceof SensitiveExpr }
 
   predicate isSink(DataFlow::Node node) { node instanceof WeakSensitiveDataHashingSink }
 
@@ -22,9 +22,3 @@ module WeakHashingConfig implements DataFlow::ConfigSig {
 }
 
 module WeakHashingFlow = TaintTracking::Global<WeakHashingConfig>;
-
-module WeakHashingConfigImpl {
-  class Source extends DataFlow::Node {
-    Source() { this.asExpr() instanceof SensitiveExpr }
-  }
-}