Swift: Add more tests for Arrays.

geoffw0 · geoffw0 · commit 2863a14cd1f5 · 2023-10-02T11:59:24.000+01:00
diff --git a/swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected b/swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected
@@ -171,6 +171,50 @@
 | conversions.swift:157:12:157:12 | v3 | conversions.swift:158:12:158:12 | v3 |
 | conversions.swift:165:24:165:24 | myCEnumConst | conversions.swift:165:12:165:36 | call to Self.init(_:) |
 | conversions.swift:166:24:166:34 | call to sourceInt() | conversions.swift:166:12:166:35 | call to Self.init(_:) |
+| conversions.swift:169:7:169:7 | SSA def(self) | conversions.swift:169:7:169:7 | self[return] |
+| conversions.swift:169:7:169:7 | self | conversions.swift:169:7:169:7 | SSA def(self) |
+| conversions.swift:170:2:170:2 | SSA def(self) | conversions.swift:170:2:191:2 | self[return] |
+| conversions.swift:170:2:170:2 | self | conversions.swift:170:2:170:2 | SSA def(self) |
+| conversions.swift:171:7:171:7 | SSA def(arr1) | conversions.swift:173:13:173:13 | arr1 |
+| conversions.swift:171:7:171:7 | arr1 | conversions.swift:171:7:171:7 | SSA def(arr1) |
+| conversions.swift:171:14:171:26 | call to sourceArray() | conversions.swift:171:7:171:7 | arr1 |
+| conversions.swift:172:7:172:7 | SSA def(arr2) | conversions.swift:174:13:174:13 | arr2 |
+| conversions.swift:172:7:172:7 | arr2 | conversions.swift:172:7:172:7 | SSA def(arr2) |
+| conversions.swift:172:14:172:26 | [...] | conversions.swift:172:7:172:7 | arr2 |
+| conversions.swift:173:13:173:13 | arr1 | conversions.swift:175:13:175:13 | arr1 |
+| conversions.swift:174:13:174:13 | arr2 | conversions.swift:176:13:176:13 | arr2 |
+| conversions.swift:175:13:175:13 | [post] arr1 | conversions.swift:178:25:178:25 | arr1 |
+| conversions.swift:175:13:175:13 | arr1 | conversions.swift:175:13:175:19 | ...[...] |
+| conversions.swift:175:13:175:13 | arr1 | conversions.swift:178:25:178:25 | arr1 |
+| conversions.swift:176:13:176:13 | [post] arr2 | conversions.swift:179:25:179:25 | arr2 |
+| conversions.swift:176:13:176:13 | arr2 | conversions.swift:176:13:176:19 | ...[...] |
+| conversions.swift:176:13:176:13 | arr2 | conversions.swift:179:25:179:25 | arr2 |
+| conversions.swift:178:7:178:7 | SSA def(arr1b) | conversions.swift:180:13:180:13 | arr1b |
+| conversions.swift:178:7:178:7 | arr1b | conversions.swift:178:7:178:7 | SSA def(arr1b) |
+| conversions.swift:178:15:178:29 | try ... | conversions.swift:178:7:178:7 | arr1b |
+| conversions.swift:178:19:178:29 | call to Array<Element>.init(_:) | conversions.swift:178:15:178:29 | try ... |
+| conversions.swift:178:25:178:25 | arr1 | conversions.swift:185:31:185:31 | arr1 |
+| conversions.swift:179:7:179:7 | SSA def(arr2b) | conversions.swift:181:13:181:13 | arr2b |
+| conversions.swift:179:7:179:7 | arr2b | conversions.swift:179:7:179:7 | SSA def(arr2b) |
+| conversions.swift:179:15:179:29 | try ... | conversions.swift:179:7:179:7 | arr2b |
+| conversions.swift:179:19:179:29 | call to Array<Element>.init(_:) | conversions.swift:179:15:179:29 | try ... |
+| conversions.swift:179:25:179:25 | arr2 | conversions.swift:186:31:186:31 | arr2 |
+| conversions.swift:180:13:180:13 | arr1b | conversions.swift:182:13:182:13 | arr1b |
+| conversions.swift:181:13:181:13 | arr2b | conversions.swift:183:13:183:13 | arr2b |
+| conversions.swift:182:13:182:13 | arr1b | conversions.swift:182:13:182:20 | ...[...] |
+| conversions.swift:183:13:183:13 | arr2b | conversions.swift:183:13:183:20 | ...[...] |
+| conversions.swift:185:7:185:7 | SSA def(arr1c) | conversions.swift:187:13:187:13 | arr1c |
+| conversions.swift:185:7:185:7 | arr1c | conversions.swift:185:7:185:7 | SSA def(arr1c) |
+| conversions.swift:185:15:185:35 | call to ContiguousArray<Element>.init(_:) | conversions.swift:185:7:185:7 | arr1c |
+| conversions.swift:186:7:186:7 | SSA def(arr2c) | conversions.swift:188:13:188:13 | arr2c |
+| conversions.swift:186:7:186:7 | arr2c | conversions.swift:186:7:186:7 | SSA def(arr2c) |
+| conversions.swift:186:15:186:35 | call to ContiguousArray<Element>.init(_:) | conversions.swift:186:7:186:7 | arr2c |
+| conversions.swift:187:13:187:13 | [post] arr1c | conversions.swift:189:13:189:13 | arr1c |
+| conversions.swift:187:13:187:13 | arr1c | conversions.swift:189:13:189:13 | arr1c |
+| conversions.swift:188:13:188:13 | [post] arr2c | conversions.swift:190:13:190:13 | arr2c |
+| conversions.swift:188:13:188:13 | arr2c | conversions.swift:190:13:190:13 | arr2c |
+| conversions.swift:189:13:189:13 | arr1c | conversions.swift:189:13:189:20 | ...[...] |
+| conversions.swift:190:13:190:13 | arr2c | conversions.swift:190:13:190:20 | ...[...] |
 | simple.swift:12:13:12:13 | 1 | simple.swift:12:13:12:24 | ... .+(_:_:) ... |
 | simple.swift:12:17:12:24 | call to source() | simple.swift:12:13:12:24 | ... .+(_:_:) ... |
 | simple.swift:13:13:13:20 | call to source() | simple.swift:13:13:13:24 | ... .+(_:_:) ... |
diff --git a/swift/ql/test/library-tests/dataflow/taint/core/Taint.expected b/swift/ql/test/library-tests/dataflow/taint/core/Taint.expected
@@ -69,6 +69,19 @@ edges
 | conversions.swift:156:25:156:69 | call to unsafeDowncast(_:to:) | conversions.swift:158:12:158:12 | v3 |
 | conversions.swift:156:40:156:40 | parent | conversions.swift:156:25:156:69 | call to unsafeDowncast(_:to:) |
 | conversions.swift:166:24:166:34 | call to sourceInt() | conversions.swift:166:12:166:35 | call to Self.init(_:) |
+| conversions.swift:171:14:171:26 | call to sourceArray() | conversions.swift:173:13:173:13 | arr1 |
+| conversions.swift:171:14:171:26 | call to sourceArray() | conversions.swift:175:13:175:19 | ...[...] |
+| conversions.swift:171:14:171:26 | call to sourceArray() | conversions.swift:178:25:178:25 | arr1 |
+| conversions.swift:172:14:172:26 | [...] [Collection element] | conversions.swift:176:13:176:13 | arr2 [Collection element] |
+| conversions.swift:172:14:172:26 | [...] [Collection element] | conversions.swift:179:25:179:25 | arr2 [Collection element] |
+| conversions.swift:172:15:172:25 | call to sourceInt() | conversions.swift:172:14:172:26 | [...] [Collection element] |
+| conversions.swift:176:13:176:13 | arr2 [Collection element] | conversions.swift:176:13:176:19 | ...[...] |
+| conversions.swift:178:19:178:29 | call to Array<Element>.init(_:) [Collection element] | conversions.swift:182:13:182:13 | arr1b [Collection element] |
+| conversions.swift:178:25:178:25 | arr1 | conversions.swift:178:19:178:29 | call to Array<Element>.init(_:) [Collection element] |
+| conversions.swift:179:19:179:29 | call to Array<Element>.init(_:) [Collection element] | conversions.swift:183:13:183:13 | arr2b [Collection element] |
+| conversions.swift:179:25:179:25 | arr2 [Collection element] | conversions.swift:179:19:179:29 | call to Array<Element>.init(_:) [Collection element] |
+| conversions.swift:182:13:182:13 | arr1b [Collection element] | conversions.swift:182:13:182:20 | ...[...] |
+| conversions.swift:183:13:183:13 | arr2b [Collection element] | conversions.swift:183:13:183:20 | ...[...] |
 | file://:0:0:0:0 | self [first] | file://:0:0:0:0 | .first |
 | file://:0:0:0:0 | self [second] | file://:0:0:0:0 | .second |
 | file://:0:0:0:0 | value | file://:0:0:0:0 | [post] self [first] |
@@ -265,6 +278,21 @@ nodes
 | conversions.swift:158:12:158:12 | v3 | semmle.label | v3 |
 | conversions.swift:166:12:166:35 | call to Self.init(_:) | semmle.label | call to Self.init(_:) |
 | conversions.swift:166:24:166:34 | call to sourceInt() | semmle.label | call to sourceInt() |
+| conversions.swift:171:14:171:26 | call to sourceArray() | semmle.label | call to sourceArray() |
+| conversions.swift:172:14:172:26 | [...] [Collection element] | semmle.label | [...] [Collection element] |
+| conversions.swift:172:15:172:25 | call to sourceInt() | semmle.label | call to sourceInt() |
+| conversions.swift:173:13:173:13 | arr1 | semmle.label | arr1 |
+| conversions.swift:175:13:175:19 | ...[...] | semmle.label | ...[...] |
+| conversions.swift:176:13:176:13 | arr2 [Collection element] | semmle.label | arr2 [Collection element] |
+| conversions.swift:176:13:176:19 | ...[...] | semmle.label | ...[...] |
+| conversions.swift:178:19:178:29 | call to Array<Element>.init(_:) [Collection element] | semmle.label | call to Array<Element>.init(_:) [Collection element] |
+| conversions.swift:178:25:178:25 | arr1 | semmle.label | arr1 |
+| conversions.swift:179:19:179:29 | call to Array<Element>.init(_:) [Collection element] | semmle.label | call to Array<Element>.init(_:) [Collection element] |
+| conversions.swift:179:25:179:25 | arr2 [Collection element] | semmle.label | arr2 [Collection element] |
+| conversions.swift:182:13:182:13 | arr1b [Collection element] | semmle.label | arr1b [Collection element] |
+| conversions.swift:182:13:182:20 | ...[...] | semmle.label | ...[...] |
+| conversions.swift:183:13:183:13 | arr2b [Collection element] | semmle.label | arr2b [Collection element] |
+| conversions.swift:183:13:183:20 | ...[...] | semmle.label | ...[...] |
 | file://:0:0:0:0 | .first | semmle.label | .first |
 | file://:0:0:0:0 | .second | semmle.label | .second |
 | file://:0:0:0:0 | [post] self [first] | semmle.label | [post] self [first] |
@@ -442,6 +470,11 @@ subpaths
 | conversions.swift:157:12:157:12 | v3 | conversions.swift:152:31:152:44 | call to sourceString() | conversions.swift:157:12:157:12 | v3 | result |
 | conversions.swift:158:12:158:12 | v3 | conversions.swift:152:31:152:44 | call to sourceString() | conversions.swift:158:12:158:12 | v3 | result |
 | conversions.swift:166:12:166:35 | call to Self.init(_:) | conversions.swift:166:24:166:34 | call to sourceInt() | conversions.swift:166:12:166:35 | call to Self.init(_:) | result |
+| conversions.swift:173:13:173:13 | arr1 | conversions.swift:171:14:171:26 | call to sourceArray() | conversions.swift:173:13:173:13 | arr1 | result |
+| conversions.swift:175:13:175:19 | ...[...] | conversions.swift:171:14:171:26 | call to sourceArray() | conversions.swift:175:13:175:19 | ...[...] | result |
+| conversions.swift:176:13:176:19 | ...[...] | conversions.swift:172:15:172:25 | call to sourceInt() | conversions.swift:176:13:176:19 | ...[...] | result |
+| conversions.swift:182:13:182:20 | ...[...] | conversions.swift:171:14:171:26 | call to sourceArray() | conversions.swift:182:13:182:20 | ...[...] | result |
+| conversions.swift:183:13:183:20 | ...[...] | conversions.swift:172:15:172:25 | call to sourceInt() | conversions.swift:183:13:183:20 | ...[...] | result |
 | simple.swift:12:13:12:24 | ... .+(_:_:) ... | simple.swift:12:17:12:24 | call to source() | simple.swift:12:13:12:24 | ... .+(_:_:) ... | result |
 | simple.swift:13:13:13:24 | ... .+(_:_:) ... | simple.swift:13:13:13:20 | call to source() | simple.swift:13:13:13:24 | ... .+(_:_:) ... | result |
 | simple.swift:14:13:14:24 | ... .-(_:_:) ... | simple.swift:14:17:14:24 | call to source() | simple.swift:14:13:14:24 | ... .-(_:_:) ... | result |
diff --git a/swift/ql/test/library-tests/dataflow/taint/core/conversions.swift b/swift/ql/test/library-tests/dataflow/taint/core/conversions.swift
@@ -6,7 +6,7 @@ func sourceFloat() -> Float { 0.0 }
 func sourceFloat80() -> Float80 { 0.0 }
 func sourceDouble() -> Double { 0.0 }
 func sourceString() -> String { "" }
-
+func sourceArray() -> [Int] { [] }
 
 func sink(arg: Any) { }
 
@@ -165,3 +165,28 @@ func testCEnum() {
 	sink(arg: MyCEnumType(myCEnumConst))
 	sink(arg: MyCEnumType(sourceInt())) // $ tainted=166
 }
+
+class TestArrayConversion {
+	init() {
+		let arr1 = sourceArray()
+		let arr2 = [sourceInt()]
+		sink(arg: arr1) // $ tainted=171
+		sink(arg: arr2)
+		sink(arg: arr1[0]) // $ tainted=171
+		sink(arg: arr2[0]) // $ tainted=172
+
+		let arr1b = try Array(arr1)
+		let arr2b = try Array(arr2)
+		sink(arg: arr1b) // $ MISSING: tainted=171
+		sink(arg: arr2b)
+		sink(arg: arr1b[0]) // $ tainted=171
+		sink(arg: arr2b[0]) // $ tainted=172
+
+		let arr1c = ContiguousArray(arr1)
+		let arr2c = ContiguousArray(arr2)
+		sink(arg: arr1c) // $ MISSING: tainted=171
+		sink(arg: arr2c)
+		sink(arg: arr1c[0]) // $ MISSING: tainted=171
+		sink(arg: arr2c[0]) // $ MISSING: tainted=172
+	}
+}
