Merge pull request github#12941 from geoffw0/textsource

Swift: Add taint sources for UITextField

Author: geoffw0

swift/ql/lib/codeql/swift/frameworks/Frameworks.qll

@@ -2,6 +2,7 @@
  * This file imports all models of frameworks and libraries.
  */
 
+private import Alamofire.Alamofire
 private import StandardLibrary.StandardLibrary
+private import UIKit.UIKit
 private import Xml.Xml
-private import Alamofire.Alamofire

swift/ql/lib/codeql/swift/frameworks/UIKit/UIKit.qll

@@ -0,0 +1,5 @@
+/**
+ * This file imports all models of UIKit-related frameworks and libraries.
+ */
+
+import UITextField

swift/ql/lib/codeql/swift/frameworks/UIKit/UITextField.qll

@@ -0,0 +1,15 @@
+/**
+ * Provides models for the `UITextField` Swift class.
+ */
+
+import swift
+private import codeql.swift.dataflow.ExternalFlow
+
+/**
+ * A model for `UITextField` members that are flow sources.
+ */
+private class UITextFieldSource extends SourceModelCsv {
+  override predicate row(string row) {
+    row = [";UITextField;true;text;;;;local", ";UITextField;true;attributedText;;;;local"]
+  }
+}

swift/ql/test/library-tests/dataflow/flowsources/uikit.swift

@@ -0,0 +1,33 @@
+// --- stubs ---
+
+class NSObject { }
+class NSAttributedString: NSObject {}
+class UIResponder: NSObject {}
+class UIView: UIResponder {}
+class UIControl: UIView {}
+class UITextField: UIControl {
+  var text: String? {
+    get { nil }
+    set { }
+  }
+  var attributedText: NSAttributedString? {
+    get { nil }
+    set { }
+  }
+  var placeholder: String? {
+    get { nil }
+    set { }
+  }
+}
+class UISearchTextField : UITextField {
+}
+
+// --- tests ---
+
+func testUITextField(textField: UITextField, searchTextField: UISearchTextField) {
+  _ = textField.text // $ source=local
+  _ = textField.attributedText // $ source=local
+  _ = textField.placeholder // GOOD (not input)
+  _ = textField.text?.uppercased() // $ source=local
+  _ = searchTextField.text // $ source=local
+}