Merge pull request github#17989 from geoffw0/swift6models2

Swift: More model repairs for Swift 6

Author: redsun82

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll

@@ -32,8 +32,8 @@ private class CollectionSummaries extends SummaryModelCsv {
         ";Collection;true;dropLast(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
         ";Collection;true;flatMap(_:);;;Argument[-1];ReturnValue;taint",
         ";Collection;true;flatMap(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
-        ";Collection;true;map(_:);;;Argument[-1];ReturnValue;taint",
-        ";Collection;true;map(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
+        //";Collection;true;map(_:);;;Argument[-1];ReturnValue;taint", --- disabled due to dubious results in practice
+        //";Collection;true;map(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", --- disabled due to dubious results in practice
         ";Collection;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
         ";Collection;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint",
         ";Collection;true;removeFirst();;;Argument[-1];ReturnValue;taint",

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Numeric.qll

@@ -35,6 +35,17 @@ private class NumericSummaries extends SummaryModelCsv {
         ";BinaryInteger;true;formatted();;;Argument[-1];ReturnValue;taint",
         ";BinaryInteger;true;formatted(_:);;;Argument[-1];ReturnValue;taint",
         ";BinaryInteger;true;quotientAndRemainder(dividingBy:);;;Argument[-1..0];ReturnValue.TupleElement[0,1];taint",
+        ";BinaryInteger;true;advanced(by:);;;Argument[-1..0];ReturnValue;taint",
+        ";BinaryInteger;true;distance(to:);;;Argument[-1..0];ReturnValue;taint",
+        ";SignedInteger;true;init(_:);;;Argument[0];ReturnValue;taint",
+        ";SignedInteger;true;init(exactly:);;;Argument[0];ReturnValue.OptionalSome;value",
+        ";UnsignedInteger;true;init(_:);;;Argument[0];ReturnValue;taint",
+        ";UnsignedInteger;true;init(exactly:);;;Argument[0];ReturnValue.OptionalSome;value",
+        ";FixedWidthInteger;true;init(_:);;;Argument[0];ReturnValue;taint",
+        ";FixedWidthInteger;true;init(clamping:);;;Argument[0];ReturnValue;taint",
+        ";FixedWidthInteger;true;init(truncatingIfNeeded:);;;Argument[0];ReturnValue;taint",
+        ";FixedWidthInteger;true;init(bitPattern:);;;Argument[0];ReturnValue;taint", // actually implemented in Int, UInt, Double etc.
+        ";FixedWidthInteger;true;init(truncating:);;;Argument[0];ReturnValue;taint", // actually implemented in Int, UInt, Double etc.
         ";FixedWidthInteger;true;init(_:radix:);;;Argument[0];ReturnValue.OptionalSome;taint",
         ";FixedWidthInteger;true;init(littleEndian:);;;Argument[0];ReturnValue;taint",
         ";FixedWidthInteger;true;init(bigEndian:);;;Argument[0];ReturnValue;taint",
@@ -92,7 +103,7 @@ private class NumericFieldsInheritTaint extends TaintInheritingContent,
         className = "BinaryInteger" and
         fieldName = "words"
         or
-        className = "Numeric" and
+        className = ["Numeric", "SignedInteger", "UnsignedInteger"] and
         fieldName = ["magnitude", "byteSwapped"]
         or
         className = "BinaryFloatingPoint" and

swift/ql/lib/codeql/swift/security/CommandInjectionExtensions.qll

@@ -63,6 +63,7 @@ private class CommandInjectionSinks extends SinkModelCsv {
 private class CommandInjectionDefaultBarrier extends CommandInjectionBarrier {
   CommandInjectionDefaultBarrier() {
     // any numeric type
-    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
+    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() =
+      ["Numeric", "SignedInteger", "UnsignedInteger"]
   }
 }

swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll

@@ -46,6 +46,7 @@ private class PredicateInjectionSinkCsv extends SinkModelCsv {
 private class PredicateInjectionDefaultBarrier extends PredicateInjectionBarrier {
   PredicateInjectionDefaultBarrier() {
     // any numeric type
-    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
+    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() =
+      ["Numeric", "SignedInteger", "UnsignedInteger"]
   }
 }

swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll

@@ -190,6 +190,7 @@ private class DefaultSqlInjectionSink extends SqlInjectionSink {
 private class SqlInjectionDefaultBarrier extends SqlInjectionBarrier {
   SqlInjectionDefaultBarrier() {
     // any numeric type
-    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
+    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() =
+      ["Numeric", "SignedInteger", "UnsignedInteger"]
   }
 }

swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll

@@ -94,6 +94,7 @@ class HeuristicUncontrolledFormatStringSink extends UncontrolledFormatStringSink
 private class UncontrolledFormatStringDefaultBarrier extends UncontrolledFormatStringBarrier {
   UncontrolledFormatStringDefaultBarrier() {
     // any numeric type
-    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
+    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() =
+      ["Numeric", "SignedInteger", "UnsignedInteger"]
   }
 }

swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll

@@ -127,6 +127,7 @@ private class DefaultUnsafeJsEvalSink extends UnsafeJsEvalSink {
 private class UnsafeJsEvalDefaultBarrier extends UnsafeJsEvalBarrier {
   UnsafeJsEvalDefaultBarrier() {
     // any numeric type
-    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
+    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() =
+      ["Numeric", "SignedInteger", "UnsignedInteger"]
   }
 }

swift/ql/lib/codeql/swift/security/UnsafeUnpackExtensions.qll

@@ -73,6 +73,7 @@ private class UnsafeUnpackAdditionalDataFlowStep extends UnsafeUnpackAdditionalF
 private class UnsafeUnpackDefaultBarrier extends UnsafeUnpackBarrier {
   UnsafeUnpackDefaultBarrier() {
     // any numeric type
-    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
+    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() =
+      ["Numeric", "SignedInteger", "UnsignedInteger"]
   }
 }

swift/ql/lib/codeql/swift/security/regex/RegexInjectionExtensions.qll

@@ -64,6 +64,7 @@ private class RegexInjectionSinks extends SinkModelCsv {
 private class RegexInjectionDefaultBarrier extends RegexInjectionBarrier {
   RegexInjectionDefaultBarrier() {
     // any numeric type
-    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() = "Numeric"
+    this.asExpr().getType().getUnderlyingType().getABaseType*().getName() =
+      ["Numeric", "SignedInteger", "UnsignedInteger"]
   }
 }