Swift: Allow subscript content reads from collections.

geoffw0 · geoffw0 · commit 0fd4f6180f35 · 2023-08-17T19:37:55.000+01:00
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
@@ -803,8 +803,12 @@ predicate readStep(Node node1, ContentSet c, Node node2) {
   exists(SubscriptExpr subscript |
     subscript.getBase() = node1.asExpr() and
     subscript = node2.asExpr() and
-    subscript.getBase().getType() instanceof ArrayType and
-    c.isSingleton(any(Content::ArrayContent ac))
+    (
+      subscript.getBase().getType() instanceof ArrayType and
+      c.isSingleton(any(Content::ArrayContent ac))
+      or
+      c.isSingleton(any(Content::CollectionContent ac))
+    )
   )
   or
   FlowSummaryImpl::Private::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), c,
diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected b/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected
@@ -1,21 +1,13 @@
 failures
 testFailures
 | int.swift:18:21:19:1 | // $ SPURIOUS: tainted=13\n | Fixed spurious result:tainted=13 |
-| int.swift:19:24:20:1 | // $ tainted=13\n | Missing result:tainted=13 |
 | int.swift:33:21:34:1 | // $ SPURIOUS: tainted=28\n | Fixed spurious result:tainted=28 |
-| int.swift:34:24:35:1 | // $ tainted=28\n | Missing result:tainted=28 |
 | int.swift:48:23:49:1 | // $ SPURIOUS: tainted=47\n | Fixed spurious result:tainted=47 |
-| int.swift:49:26:50:1 | // $ tainted=47\n | Missing result:tainted=47 |
 | int.swift:84:20:85:1 | // $ SPURIOUS: tainted=83\n | Fixed spurious result:tainted=83 |
-| int.swift:85:23:86:1 | // $ tainted=83\n | Missing result:tainted=83 |
 | int.swift:89:23:90:1 | // $ SPURIOUS: tainted=83\n | Fixed spurious result:tainted=83 |
-| int.swift:90:26:91:1 | // $ tainted=83\n | Missing result:tainted=83 |
 | int.swift:132:20:133:1 | // $ tainted=131\n | Missing result:tainted=131 |
-| int.swift:133:23:134:1 | // $ tainted=131\n | Missing result:tainted=131 |
 | int.swift:137:30:138:1 | // $ SPURIOUS: tainted=131\n | Fixed spurious result:tainted=131 |
-| int.swift:138:33:139:1 | // $ tainted=131\n | Missing result:tainted=131 |
 | int.swift:147:23:148:1 | // $ SPURIOUS: tainted=142\n | Fixed spurious result:tainted=142 |
-| int.swift:148:26:149:1 | // $ tainted=142\n | Missing result:tainted=142 |
 | string.swift:407:23:408:1 | // $ tainted=366\n | Missing result:tainted=366 |
 | string.swift:441:20:442:1 | // $ tainted=366\n | Missing result:tainted=366 |
 | string.swift:483:23:484:1 | // $ tainted=450\n | Missing result:tainted=450 |
