Swift: Model LosslessStringConvertible.

Author: geoffw0

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll

@@ -27,7 +27,7 @@ private class StringSource extends SourceModelCsv {
 }
 
 /**
- * A model for `String` and `StringProtocol` members that permit taint flow.
+ * A model for members of `String`, `StringProtocol` and similar classes that permit taint flow.
  */
 private class StringSummaries extends SummaryModelCsv {
   override predicate row(string row) {
@@ -111,7 +111,8 @@ private class StringSummaries extends SummaryModelCsv {
         ";String;true;randomElement();;;Argument[-1];ReturnValue;taint",
         ";String;true;randomElement(using:);;;Argument[-1];ReturnValue;taint",
         ";String;true;enumerated();;;Argument[-1];ReturnValue;taint",
-        ";String;true;encode(to:);;;Argument[-1];Argument[0];taint"
+        ";String;true;encode(to:);;;Argument[-1];Argument[0];taint",
+        ";LosslessStringConvertible;true;init(_:);;;Argument[0];ReturnValue;taint",
       ]
   }
 }

swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected

@@ -10,6 +10,7 @@
 | conversions.swift:15:7:15:7 | self | conversions.swift:15:7:15:7 | SSA def(self) |
 | conversions.swift:16:11:16:11 | SSA def(self) | conversions.swift:16:11:16:42 | self[return] |
 | conversions.swift:16:11:16:11 | self | conversions.swift:16:11:16:11 | SSA def(self) |
+| conversions.swift:16:11:16:42 | [summary param] 0 in MyString.init(_:) | conversions.swift:16:11:16:42 | [summary] to write: ReturnValue in MyString.init(_:) |
 | conversions.swift:18:28:18:28 | SSA def(self) | conversions.swift:18:28:18:44 | self[return] |
 | conversions.swift:18:28:18:28 | self | conversions.swift:18:28:18:28 | SSA def(self) |
 | conversions.swift:19:33:19:33 | SSA def(self) | conversions.swift:19:33:19:49 | self[return] |
@@ -73,6 +74,7 @@
 | conversions.swift:80:6:80:6 | ms1 | conversions.swift:80:6:80:6 | SSA def(ms1) |
 | conversions.swift:80:12:80:26 | call to MyString.init(_:) | conversions.swift:80:12:80:27 | ...! |
 | conversions.swift:80:12:80:27 | ...! | conversions.swift:80:6:80:6 | ms1 |
+| conversions.swift:80:21:80:21 | abc | conversions.swift:80:12:80:26 | call to MyString.init(_:) |
 | conversions.swift:81:12:81:12 | [post] ms1 | conversions.swift:82:12:82:12 | ms1 |
 | conversions.swift:81:12:81:12 | ms1 | conversions.swift:82:12:82:12 | ms1 |
 | conversions.swift:82:12:82:12 | [post] ms1 | conversions.swift:83:12:83:12 | ms1 |
@@ -83,6 +85,7 @@
 | conversions.swift:86:6:86:6 | ms2 | conversions.swift:86:6:86:6 | SSA def(ms2) |
 | conversions.swift:86:12:86:35 | call to MyString.init(_:) | conversions.swift:86:12:86:36 | ...! |
 | conversions.swift:86:12:86:36 | ...! | conversions.swift:86:6:86:6 | ms2 |
+| conversions.swift:86:21:86:34 | call to sourceString() | conversions.swift:86:12:86:35 | call to MyString.init(_:) |
 | conversions.swift:87:12:87:12 | [post] ms2 | conversions.swift:88:12:88:12 | ms2 |
 | conversions.swift:87:12:87:12 | ms2 | conversions.swift:88:12:88:12 | ms2 |
 | conversions.swift:88:12:88:12 | [post] ms2 | conversions.swift:89:12:89:12 | ms2 |

swift/ql/test/library-tests/dataflow/taint/core/Taint.expected

@@ -36,6 +36,11 @@ edges
 | conversions.swift:72:12:72:24 | call to sourceFloat() | conversions.swift:72:12:72:26 | .exponent |
 | conversions.swift:73:12:73:24 | call to sourceFloat() | conversions.swift:73:12:73:26 | .significand |
 | conversions.swift:78:19:78:32 | call to sourceString() | conversions.swift:78:12:78:33 | call to String.init(_:) |
+| conversions.swift:86:12:86:35 | call to MyString.init(_:) | conversions.swift:86:12:86:35 | call to MyString.init(_:) [some:0] |
+| conversions.swift:86:12:86:35 | call to MyString.init(_:) | conversions.swift:87:12:87:12 | ms2 |
+| conversions.swift:86:12:86:35 | call to MyString.init(_:) [some:0] | conversions.swift:86:12:86:36 | ...! |
+| conversions.swift:86:12:86:36 | ...! | conversions.swift:87:12:87:12 | ms2 |
+| conversions.swift:86:21:86:34 | call to sourceString() | conversions.swift:86:12:86:35 | call to MyString.init(_:) |
 | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:95:12:95:12 | parent |
 | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:96:12:96:12 | parent |
 | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:98:40:98:40 | parent |
@@ -189,6 +194,11 @@ nodes
 | conversions.swift:77:12:77:25 | call to sourceString() | semmle.label | call to sourceString() |
 | conversions.swift:78:12:78:33 | call to String.init(_:) | semmle.label | call to String.init(_:) |
 | conversions.swift:78:19:78:32 | call to sourceString() | semmle.label | call to sourceString() |
+| conversions.swift:86:12:86:35 | call to MyString.init(_:) | semmle.label | call to MyString.init(_:) |
+| conversions.swift:86:12:86:35 | call to MyString.init(_:) [some:0] | semmle.label | call to MyString.init(_:) [some:0] |
+| conversions.swift:86:12:86:36 | ...! | semmle.label | ...! |
+| conversions.swift:86:21:86:34 | call to sourceString() | semmle.label | call to sourceString() |
+| conversions.swift:87:12:87:12 | ms2 | semmle.label | ms2 |
 | conversions.swift:94:31:94:44 | call to sourceString() | semmle.label | call to sourceString() |
 | conversions.swift:95:12:95:12 | parent | semmle.label | parent |
 | conversions.swift:96:12:96:12 | parent | semmle.label | parent |
@@ -351,6 +361,7 @@ subpaths
 | conversions.swift:73:12:73:26 | .significand | conversions.swift:73:12:73:24 | call to sourceFloat() | conversions.swift:73:12:73:26 | .significand | result |
 | conversions.swift:77:12:77:25 | call to sourceString() | conversions.swift:77:12:77:25 | call to sourceString() | conversions.swift:77:12:77:25 | call to sourceString() | result |
 | conversions.swift:78:12:78:33 | call to String.init(_:) | conversions.swift:78:19:78:32 | call to sourceString() | conversions.swift:78:12:78:33 | call to String.init(_:) | result |
+| conversions.swift:87:12:87:12 | ms2 | conversions.swift:86:21:86:34 | call to sourceString() | conversions.swift:87:12:87:12 | ms2 | result |
 | conversions.swift:95:12:95:12 | parent | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:95:12:95:12 | parent | result |
 | conversions.swift:96:12:96:12 | parent | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:96:12:96:12 | parent | result |
 | conversions.swift:99:12:99:12 | v3 | conversions.swift:94:31:94:44 | call to sourceString() | conversions.swift:99:12:99:12 | v3 | result |

swift/ql/test/library-tests/dataflow/taint/core/conversions.swift

@@ -84,7 +84,7 @@ func testConversions() {
 	sink(arg: ms1.clean)
 
 	let ms2 = MyString(sourceString())!
-	sink(arg: ms2) // $ MISSING: tainted=
+	sink(arg: ms2) // $ tainted=86
 	sink(arg: ms2.description) // $ MISSING: tainted=
 	sink(arg: ms2.debugDescription) // $ MISSING: tainted=
 	sink(arg: ms2.clean)