Swift: Add models.

geoffw0 · geoffw0 · commit 2679d1fdb519 · 2023-10-16T21:40:38.000+01:00
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll
@@ -40,7 +40,8 @@ private class StringSummaries extends SummaryModelCsv {
         ";StringProtocol;true;addingPercentEncoding(withAllowedCharacter:);;;Argument[-1];ReturnValue;taint",
         ";StringProtocol;true;addingPercentEscapes(using:);;;Argument[-1];ReturnValue;taint",
         ";StringProtocol;true;appending(_:);;;Argument[-1..0];ReturnValue;taint",
-        ";StringProtocol;true;appendingFormat(_:_:);;;Argument[-1..0];ReturnValue;taint", //-1..
+        ";StringProtocol;true;appendingFormat(_:_:);;;Argument[-1..0];ReturnValue;taint",
+        ";StringProtocol;true;appendingFormat(_:_:);;;Argument[1].CollectionElement;ReturnValue;taint",
         ";StringProtocol;true;applyingTransform(_:reverse:);;;Argument[-1];ReturnValue;taint",
         ";StringProtocol;true;cString(using:);;;Argument[-1];ReturnValue;taint",
         ";StringProtocol;true;capitalized(with:);;;Argument[-1];ReturnValue;taint",
@@ -123,6 +124,8 @@ private class StringSummaries extends SummaryModelCsv {
         ";String;true;randomElement(using:);;;Argument[-1];ReturnValue;taint",
         ";String;true;enumerated();;;Argument[-1];ReturnValue;taint",
         ";String;true;encode(to:);;;Argument[-1];Argument[0];taint",
+        ";String;true;decodeCString(_:as:repairingInvalidCodeUnits:);;;Argument[0];ReturnValue.TupleElement[0];taint",
+        ";String;true;decodeCString(_:as:repairingInvalidCodeUnits:);;;Argument[0].CollectionElement;ReturnValue.TupleElement[0];taint",
         ";LosslessStringConvertible;true;init(_:);;;Argument[0];ReturnValue;taint",
       ]
   }
diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/string.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/string.swift
@@ -657,10 +657,10 @@ func testAppendingFormat() {
   sink(arg: s2.appendingFormat(source2(), "", 0)) // $ tainted=657
 
   var s3 = ""
-  sink(arg: s3.appendingFormat("%s %i", source2(), 0)) // $ MISSING: tainted=660
+  sink(arg: s3.appendingFormat("%s %i", source2(), 0)) // $ tainted=660
 
   var s4 = ""
-  sink(arg: s4.appendingFormat("%s %i", "", source())) // $ MISSING: tainted=663
+  sink(arg: s4.appendingFormat("%s %i", "", source())) // $ tainted=663
 }
 
 func sourceUInt8() -> UInt8 { return 0 }
@@ -669,7 +669,7 @@ func testDecodeCString() {
   var input : [UInt8] = [1, 2, 3, sourceUInt8()]
 
   let (str1, repaired1) = String.decodeCString(input, as: UTF8.self)!
-  sink(arg: str1) // $ MISSING: tainted=669
+  sink(arg: str1) // $ tainted=669
   sink(arg: repaired1)
 
   input.withUnsafeBufferPointer({
@@ -680,10 +680,10 @@ func testDecodeCString() {
   })
 
   let (str3, repaired3) = String.decodeCString(source2(), as: UTF8.self)!
-  sink(arg: str3) // $ MISSING: tainted=682
+  sink(arg: str3) // $ tainted=682
   sink(arg: repaired3)
 
   let (str4, repaired4) = String.decodeCString(&input, as: UTF8.self)!
-  sink(arg: str4) // $ MISSING: tainted=669
+  sink(arg: str4) // $ tainted=669
   sink(arg: repaired4)
 }
