Swift: Use asNominalType() more widely to include things declared in extensions.

geoffw0 · geoffw0 · commit 0d8aa825d923 · 2023-05-19T14:19:32.000+01:00
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll
@@ -49,14 +49,14 @@ private class UrlLaunchOptionsRemoteFlowSource extends RemoteFlowSource {
 private class ApplicationWithLaunchOptionsFunc extends Function {
   ApplicationWithLaunchOptionsFunc() {
     this.getName() = "application(_:" + ["did", "will"] + "FinishLaunchingWithOptions:)" and
-    this.getEnclosingDecl().(ClassOrStructDecl).getABaseTypeDecl*().(ProtocolDecl).getName() =
+    this.getEnclosingDecl().asNominalTypeDecl().getABaseTypeDecl*().(ProtocolDecl).getName() =
       "UIApplicationDelegate"
   }
 }
 
 private class LaunchOptionsUrlVarDecl extends VarDecl {
   LaunchOptionsUrlVarDecl() {
-    this.getEnclosingDecl().(StructDecl).getFullName() = "UIApplication.LaunchOptionsKey" and
+    this.getEnclosingDecl().asNominalTypeDecl().getFullName() = "UIApplication.LaunchOptionsKey" and
     this.getName() = "url"
   }
 }
@@ -68,7 +68,7 @@ private class UiOpenUrlContextUrlInheritTaint extends TaintInheritingContent,
   DataFlow::Content::FieldContent
 {
   UiOpenUrlContextUrlInheritTaint() {
-    this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "UIOpenURLContext" and
+    this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "UIOpenURLContext" and
     this.getField().getName() = "url"
   }
 }
@@ -80,7 +80,7 @@ private class UserActivityUrlInheritTaint extends TaintInheritingContent,
   DataFlow::Content::FieldContent
 {
   UserActivityUrlInheritTaint() {
-    this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "NSUserActivity" and
+    this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "NSUserActivity" and
     this.getField().getName() = "webpageURL"
   }
 }
@@ -93,7 +93,7 @@ private class ConnectionOptionsFieldsInheritTaint extends TaintInheritingContent
   DataFlow::Content::FieldContent
 {
   ConnectionOptionsFieldsInheritTaint() {
-    this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "ConnectionOptions" and
+    this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "ConnectionOptions" and
     this.getField().getName() = ["userActivities", "urlContexts"]
   }
 }
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsData.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsData.qll
@@ -75,7 +75,7 @@ private class NsMutableDataSummaries extends SummaryModelCsv {
 private class NsDataTaintedFields extends TaintInheritingContent, DataFlow::Content::FieldContent {
   NsDataTaintedFields() {
     exists(FieldDecl f | this.getField() = f |
-      f.getEnclosingDecl() instanceof NsData and
+      f.getEnclosingDecl().asNominalTypeDecl() instanceof NsData and
       f.getName() = ["bytes", "description"]
     )
   }
@@ -87,7 +87,7 @@ private class NsMutableDataTaintedFields extends TaintInheritingContent,
 {
   NsMutableDataTaintedFields() {
     exists(FieldDecl f | this.getField() = f |
-      f.getEnclosingDecl() instanceof NsMutableData and
+      f.getEnclosingDecl().asNominalTypeDecl() instanceof NsMutableData and
       f.getName() = "mutableBytes"
     )
   }
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll
@@ -16,7 +16,9 @@ class UrlDecl extends StructDecl {
  * A content implying that, if a `URL` is tainted, then all its fields are tainted.
  */
 private class UriFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent {
-  UriFieldsInheritTaint() { this.getField().getEnclosingDecl() instanceof UrlDecl }
+  UriFieldsInheritTaint() {
+    this.getField().getEnclosingDecl().asNominalTypeDecl() instanceof UrlDecl
+  }
 }
 
 /**
@@ -27,7 +29,7 @@ private class UrlRequestFieldsInheritTaint extends TaintInheritingContent,
   DataFlow::Content::FieldContent
 {
   UrlRequestFieldsInheritTaint() {
-    this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "URLRequest" and
+    this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "URLRequest" and
     this.getField().getName() =
       ["url", "httpBody", "httpBodyStream", "mainDocument", "allHTTPHeaderFields"]
   }
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll
@@ -32,7 +32,7 @@ private class WKScriptMessageBodyInheritsTaint extends TaintInheritingContent,
 {
   WKScriptMessageBodyInheritsTaint() {
     exists(FieldDecl f | this.getField() = f |
-      f.getEnclosingDecl() instanceof WKScriptMessageDecl and
+      f.getEnclosingDecl().asNominalTypeDecl() instanceof WKScriptMessageDecl and
       f.getName() = "body"
     )
   }
@@ -170,16 +170,16 @@ private class JsExportedType extends ClassOrStructDecl {
 private class JsExportedSource extends RemoteFlowSource {
   JsExportedSource() {
     exists(Method adopter, Method base |
-      base.getEnclosingDecl() instanceof JsExportedProto and
-      adopter.getEnclosingDecl() instanceof JsExportedType
+      base.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedProto and
+      adopter.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedType
     |
       this.(DataFlow::ParameterNode).getParameter().getDeclaringFunction() = adopter and
       pragma[only_bind_out](adopter.getName()) = pragma[only_bind_out](base.getName())
     )
     or
     exists(FieldDecl adopter, FieldDecl base |
-      base.getEnclosingDecl() instanceof JsExportedProto and
-      adopter.getEnclosingDecl() instanceof JsExportedType
+      base.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedProto and
+      adopter.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedType
     |
       this.asExpr().(MemberRefExpr).getMember() = adopter and
       pragma[only_bind_out](adopter.getName()) = pragma[only_bind_out](base.getName())
@@ -210,7 +210,7 @@ private class WKUserScriptInheritsTaint extends TaintInheritingContent,
 {
   WKUserScriptInheritsTaint() {
     exists(FieldDecl f | this.getField() = f |
-      f.getEnclosingDecl().(ClassOrStructDecl).getName() = "WKUserScript" and
+      f.getEnclosingDecl().asNominalTypeDecl().getName() = "WKUserScript" and
       f.getName() = "source"
     )
   }
diff --git a/swift/ql/lib/codeql/swift/frameworks/Xml/AEXML.qll b/swift/ql/lib/codeql/swift/frameworks/Xml/AEXML.qll
@@ -7,14 +7,16 @@ import swift
 /** The creation of an `AEXMLParser`. */
 class AexmlParser extends ApplyExpr {
   AexmlParser() {
-    this.getStaticTarget().(Initializer).getEnclosingDecl() instanceof AexmlParserDecl
+    this.getStaticTarget().(Initializer).getEnclosingDecl().asNominalTypeDecl() instanceof
+      AexmlParserDecl
   }
 }
 
 /** The creation of an `AEXMLDocument`. */
 class AexmlDocument extends ApplyExpr {
   AexmlDocument() {
-    this.getStaticTarget().(Initializer).getEnclosingDecl() instanceof AexmlDocumentDecl
+    this.getStaticTarget().(Initializer).getEnclosingDecl().asNominalTypeDecl() instanceof
+      AexmlDocumentDecl
   }
 }
 
@@ -24,7 +26,7 @@ class AexmlDocumentLoadXml extends MethodApplyExpr {
     exists(Method f |
       this.getStaticTarget() = f and
       f.hasName("loadXML(_:)") and
-      f.getEnclosingDecl() instanceof AexmlDocumentDecl
+      f.getEnclosingDecl().asNominalTypeDecl() instanceof AexmlDocumentDecl
     )
   }
 }
@@ -44,7 +46,7 @@ class AexmlShouldResolveExternalEntities extends MemberRefExpr {
   AexmlShouldResolveExternalEntities() {
     exists(FieldDecl f | this.getMember() = f |
       f.getName() = "shouldResolveExternalEntities" and
-      f.getEnclosingDecl().(NominalTypeDecl).getType() instanceof AexmlOptionsParserSettingsType
+      f.getEnclosingDecl().asNominalTypeDecl().getType() instanceof AexmlOptionsParserSettingsType
     )
   }
 }
diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
@@ -64,7 +64,7 @@ private class OsLogPrivacyRef extends MemberRefExpr {
 
   OsLogPrivacyRef() {
     exists(FieldDecl f | this.getMember() = f |
-      f.getEnclosingDecl().(NominalTypeDecl).getName() = "OSLogPrivacy" and
+      f.getEnclosingDecl().asNominalTypeDecl().getName() = "OSLogPrivacy" and
       optionName = f.getName()
     )
   }
diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
@@ -38,9 +38,9 @@ private class DefaultPathInjectionBarrier extends PathInjectionBarrier {
     // This is a simplified implementation.
     exists(CallExpr starts, CallExpr normalize, DataFlow::Node validated |
       starts.getStaticTarget().getName() = "starts(with:)" and
-      starts.getStaticTarget().getEnclosingDecl() instanceof FilePath and
+      starts.getStaticTarget().getEnclosingDecl().asNominalTypeDecl() instanceof FilePath and
       normalize.getStaticTarget().getName() = "lexicallyNormalized()" and
-      normalize.getStaticTarget().getEnclosingDecl() instanceof FilePath
+      normalize.getStaticTarget().getEnclosingDecl().asNominalTypeDecl() instanceof FilePath
     |
       TaintTracking::localTaint(validated, DataFlow::exprNode(normalize.getQualifier())) and
       DataFlow::localExprFlow(normalize, starts.getQualifier()) and
diff --git a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll
@@ -80,7 +80,7 @@ private class XmlDocumentXxeSink extends XxeSink {
 /** An `XMLDocument` that sets `nodeLoadExternalEntitiesAlways` in its options. */
 private class VulnerableXmlDocument extends ApplyExpr {
   VulnerableXmlDocument() {
-    this.getStaticTarget().(Initializer).getEnclosingDecl().(NominalTypeDecl).getFullName() =
+    this.getStaticTarget().(Initializer).getEnclosingDecl().asNominalTypeDecl().getFullName() =
       "XMLDocument" and
     this.getArgument(1).getExpr().(ArrayExpr).getAnElement().(MemberRefExpr).getMember() instanceof
       NodeLoadExternalEntitiesAlways
@@ -91,7 +91,7 @@ private class VulnerableXmlDocument extends ApplyExpr {
 private class NodeLoadExternalEntitiesAlways extends VarDecl {
   NodeLoadExternalEntitiesAlways() {
     this.getName() = "nodeLoadExternalEntitiesAlways" and
-    this.getEnclosingDecl().(StructDecl).getFullName() = "XMLNode.Options"
+    this.getEnclosingDecl().asNominalTypeDecl().(StructDecl).getFullName() = "XMLNode.Options"
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -49,14 +49,14 @@ private class UrlLaunchOptionsRemoteFlowSource extends RemoteFlowSource {`
`49`	`49`	`private class ApplicationWithLaunchOptionsFunc extends Function {`
`50`	`50`	`ApplicationWithLaunchOptionsFunc() {`
`51`	`51`	`this.getName() = "application(_:" + ["did", "will"] + "FinishLaunchingWithOptions:)" and`
`52`		`- this.getEnclosingDecl().(ClassOrStructDecl).getABaseTypeDecl*().(ProtocolDecl).getName() =`
	`52`	`+ this.getEnclosingDecl().asNominalTypeDecl().getABaseTypeDecl*().(ProtocolDecl).getName() =`
`53`	`53`	`"UIApplicationDelegate"`
`54`	`54`	`}`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`private class LaunchOptionsUrlVarDecl extends VarDecl {`
`58`	`58`	`LaunchOptionsUrlVarDecl() {`
`59`		`- this.getEnclosingDecl().(StructDecl).getFullName() = "UIApplication.LaunchOptionsKey" and`
	`59`	`+ this.getEnclosingDecl().asNominalTypeDecl().getFullName() = "UIApplication.LaunchOptionsKey" and`
`60`	`60`	`this.getName() = "url"`
`61`	`61`	`}`
`62`	`62`	`}`
`@@ -68,7 +68,7 @@ private class UiOpenUrlContextUrlInheritTaint extends TaintInheritingContent,`
`68`	`68`	`DataFlow::Content::FieldContent`
`69`	`69`	`{`
`70`	`70`	`UiOpenUrlContextUrlInheritTaint() {`
`71`		`- this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "UIOpenURLContext" and`
	`71`	`+ this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "UIOpenURLContext" and`
`72`	`72`	`this.getField().getName() = "url"`
`73`	`73`	`}`
`74`	`74`	`}`
`@@ -80,7 +80,7 @@ private class UserActivityUrlInheritTaint extends TaintInheritingContent,`
`80`	`80`	`DataFlow::Content::FieldContent`
`81`	`81`	`{`
`82`	`82`	`UserActivityUrlInheritTaint() {`
`83`		`- this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "NSUserActivity" and`
	`83`	`+ this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "NSUserActivity" and`
`84`	`84`	`this.getField().getName() = "webpageURL"`
`85`	`85`	`}`
`86`	`86`	`}`
`@@ -93,7 +93,7 @@ private class ConnectionOptionsFieldsInheritTaint extends TaintInheritingContent`
`93`	`93`	`DataFlow::Content::FieldContent`
`94`	`94`	`{`
`95`	`95`	`ConnectionOptionsFieldsInheritTaint() {`
`96`		`- this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "ConnectionOptions" and`
	`96`	`+ this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "ConnectionOptions" and`
`97`	`97`	`this.getField().getName() = ["userActivities", "urlContexts"]`
`98`	`98`	`}`
`99`	`99`	`}`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ private class NsMutableDataSummaries extends SummaryModelCsv {`
`75`	`75`	`private class NsDataTaintedFields extends TaintInheritingContent, DataFlow::Content::FieldContent {`
`76`	`76`	`NsDataTaintedFields() {`
`77`	`77`	`exists(FieldDecl f \| this.getField() = f \|`
`78`		`- f.getEnclosingDecl() instanceof NsData and`
	`78`	`+ f.getEnclosingDecl().asNominalTypeDecl() instanceof NsData and`
`79`	`79`	`f.getName() = ["bytes", "description"]`
`80`	`80`	`)`
`81`	`81`	`}`
`@@ -87,7 +87,7 @@ private class NsMutableDataTaintedFields extends TaintInheritingContent,`
`87`	`87`	`{`
`88`	`88`	`NsMutableDataTaintedFields() {`
`89`	`89`	`exists(FieldDecl f \| this.getField() = f \|`
`90`		`- f.getEnclosingDecl() instanceof NsMutableData and`
	`90`	`+ f.getEnclosingDecl().asNominalTypeDecl() instanceof NsMutableData and`
`91`	`91`	`f.getName() = "mutableBytes"`
`92`	`92`	`)`
`93`	`93`	`}`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,9 @@ class UrlDecl extends StructDecl {`
`16`	`16`	* A content implying that, if a `URL` is tainted, then all its fields are tainted.
`17`	`17`	`*/`
`18`	`18`	`private class UriFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent {`
`19`		`- UriFieldsInheritTaint() { this.getField().getEnclosingDecl() instanceof UrlDecl }`
	`19`	`+ UriFieldsInheritTaint() {`
	`20`	`+ this.getField().getEnclosingDecl().asNominalTypeDecl() instanceof UrlDecl`
	`21`	`+ }`
`20`	`22`	`}`
`21`	`23`
`22`	`24`	`/**`
`@@ -27,7 +29,7 @@ private class UrlRequestFieldsInheritTaint extends TaintInheritingContent,`
`27`	`29`	`DataFlow::Content::FieldContent`
`28`	`30`	`{`
`29`	`31`	`UrlRequestFieldsInheritTaint() {`
`30`		`- this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "URLRequest" and`
	`32`	`+ this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "URLRequest" and`
`31`	`33`	`this.getField().getName() =`
`32`	`34`	`["url", "httpBody", "httpBodyStream", "mainDocument", "allHTTPHeaderFields"]`
`33`	`35`	`}`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ private class WKScriptMessageBodyInheritsTaint extends TaintInheritingContent,`
`32`	`32`	`{`
`33`	`33`	`WKScriptMessageBodyInheritsTaint() {`
`34`	`34`	`exists(FieldDecl f \| this.getField() = f \|`
`35`		`- f.getEnclosingDecl() instanceof WKScriptMessageDecl and`
	`35`	`+ f.getEnclosingDecl().asNominalTypeDecl() instanceof WKScriptMessageDecl and`
`36`	`36`	`f.getName() = "body"`
`37`	`37`	`)`
`38`	`38`	`}`
`@@ -170,16 +170,16 @@ private class JsExportedType extends ClassOrStructDecl {`
`170`	`170`	`private class JsExportedSource extends RemoteFlowSource {`
`171`	`171`	`JsExportedSource() {`
`172`	`172`	`exists(Method adopter, Method base \|`
`173`		`- base.getEnclosingDecl() instanceof JsExportedProto and`
`174`		`- adopter.getEnclosingDecl() instanceof JsExportedType`
	`173`	`+ base.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedProto and`
	`174`	`+ adopter.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedType`
`175`	`175`	`\|`
`176`	`176`	`this.(DataFlow::ParameterNode).getParameter().getDeclaringFunction() = adopter and`
`177`	`177`	`pragma[only_bind_out](adopter.getName()) = pragma[only_bind_out](base.getName())`
`178`	`178`	`)`
`179`	`179`	`or`
`180`	`180`	`exists(FieldDecl adopter, FieldDecl base \|`
`181`		`- base.getEnclosingDecl() instanceof JsExportedProto and`
`182`		`- adopter.getEnclosingDecl() instanceof JsExportedType`
	`181`	`+ base.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedProto and`
	`182`	`+ adopter.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedType`
`183`	`183`	`\|`
`184`	`184`	`this.asExpr().(MemberRefExpr).getMember() = adopter and`
`185`	`185`	`pragma[only_bind_out](adopter.getName()) = pragma[only_bind_out](base.getName())`
`@@ -210,7 +210,7 @@ private class WKUserScriptInheritsTaint extends TaintInheritingContent,`
`210`	`210`	`{`
`211`	`211`	`WKUserScriptInheritsTaint() {`
`212`	`212`	`exists(FieldDecl f \| this.getField() = f \|`
`213`		`- f.getEnclosingDecl().(ClassOrStructDecl).getName() = "WKUserScript" and`
	`213`	`+ f.getEnclosingDecl().asNominalTypeDecl().getName() = "WKUserScript" and`
`214`	`214`	`f.getName() = "source"`
`215`	`215`	`)`
`216`	`216`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,14 +7,16 @@ import swift`
`7`	`7`	/** The creation of an `AEXMLParser`. */
`8`	`8`	`class AexmlParser extends ApplyExpr {`
`9`	`9`	`AexmlParser() {`
`10`		`- this.getStaticTarget().(Initializer).getEnclosingDecl() instanceof AexmlParserDecl`
	`10`	`+ this.getStaticTarget().(Initializer).getEnclosingDecl().asNominalTypeDecl() instanceof`
	`11`	`+ AexmlParserDecl`
`11`	`12`	`}`
`12`	`13`	`}`
`13`	`14`
`14`	`15`	/** The creation of an `AEXMLDocument`. */
`15`	`16`	`class AexmlDocument extends ApplyExpr {`
`16`	`17`	`AexmlDocument() {`
`17`		`- this.getStaticTarget().(Initializer).getEnclosingDecl() instanceof AexmlDocumentDecl`
	`18`	`+ this.getStaticTarget().(Initializer).getEnclosingDecl().asNominalTypeDecl() instanceof`
	`19`	`+ AexmlDocumentDecl`
`18`	`20`	`}`
`19`	`21`	`}`
`20`	`22`
`@@ -24,7 +26,7 @@ class AexmlDocumentLoadXml extends MethodApplyExpr {`
`24`	`26`	`exists(Method f \|`
`25`	`27`	`this.getStaticTarget() = f and`
`26`	`28`	`f.hasName("loadXML(_:)") and`
`27`		`- f.getEnclosingDecl() instanceof AexmlDocumentDecl`
	`29`	`+ f.getEnclosingDecl().asNominalTypeDecl() instanceof AexmlDocumentDecl`
`28`	`30`	`)`
`29`	`31`	`}`
`30`	`32`	`}`
`@@ -44,7 +46,7 @@ class AexmlShouldResolveExternalEntities extends MemberRefExpr {`
`44`	`46`	`AexmlShouldResolveExternalEntities() {`
`45`	`47`	`exists(FieldDecl f \| this.getMember() = f \|`
`46`	`48`	`f.getName() = "shouldResolveExternalEntities" and`
`47`		`- f.getEnclosingDecl().(NominalTypeDecl).getType() instanceof AexmlOptionsParserSettingsType`
	`49`	`+ f.getEnclosingDecl().asNominalTypeDecl().getType() instanceof AexmlOptionsParserSettingsType`
`48`	`50`	`)`
`49`	`51`	`}`
`50`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ private class OsLogPrivacyRef extends MemberRefExpr {`
`64`	`64`
`65`	`65`	`OsLogPrivacyRef() {`
`66`	`66`	`exists(FieldDecl f \| this.getMember() = f \|`
`67`		`- f.getEnclosingDecl().(NominalTypeDecl).getName() = "OSLogPrivacy" and`
	`67`	`+ f.getEnclosingDecl().asNominalTypeDecl().getName() = "OSLogPrivacy" and`
`68`	`68`	`optionName = f.getName()`
`69`	`69`	`)`
`70`	`70`	`}`