Skip to content

Commit ab3f3d0

Browse files
geoffw0geoffw0
committed
Swift: Model taint into optionals via ForceValueExpr.
1 parent c7fb8de commit ab3f3d0

File tree

3 files changed

+17
-1
lines changed

3 files changed

+17
-1
lines changed

swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -702,6 +702,14 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
702702
init.isFailable()
703703
)
704704
or
705+
// assignment to an optional via `!`, e.g. `optional! = ...`
706+
exists(ForceValueExpr fve, AssignExpr assign |
707+
fve = assign.getDest() and
708+
node1.asExpr() = assign.getSource() and
709+
node2.asExpr() = fve.getSubExpr() and
710+
c instanceof OptionalSomeContentSet
711+
)
712+
or
705713
// creation of an array `[v1,v2]`
706714
exists(ArrayExpr arr |
707715
node1.asExpr() = arr.getAnElement() and

swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -348,6 +348,8 @@ edges
348348
| test.swift:699:9:699:9 | value [some:0] | file://:0:0:0:0 | value [some:0] |
349349
| test.swift:700:9:700:9 | self [v3] | file://:0:0:0:0 | self [v3] |
350350
| test.swift:700:9:700:9 | value | file://:0:0:0:0 | value |
351+
| test.swift:710:5:710:5 | v1 [some:0] | test.swift:720:15:720:15 | v1 [some:0] |
352+
| test.swift:710:11:710:18 | call to source() | test.swift:710:5:710:5 | v1 [some:0] |
351353
| test.swift:711:10:711:17 | call to source() | test.swift:711:10:711:17 | call to source() [some:0] |
352354
| test.swift:711:10:711:17 | call to source() | test.swift:721:15:721:17 | ...! |
353355
| test.swift:711:10:711:17 | call to source() [some:0] | test.swift:721:15:721:15 | v2 [some:0] |
@@ -364,6 +366,7 @@ edges
364366
| test.swift:715:5:715:5 | mo1 [v2] | test.swift:724:15:724:15 | mo1 [v2] |
365367
| test.swift:715:14:715:21 | call to source() | test.swift:700:9:700:9 | value |
366368
| test.swift:715:14:715:21 | call to source() | test.swift:715:5:715:5 | [post] mo1 [v3] |
369+
| test.swift:720:15:720:15 | v1 [some:0] | test.swift:720:15:720:17 | ...! |
367370
| test.swift:721:15:721:15 | v2 [some:0] | test.swift:721:15:721:17 | ...! |
368371
| test.swift:724:15:724:15 | mo1 [v2, some:0] | test.swift:699:9:699:9 | self [v2, some:0] |
369372
| test.swift:724:15:724:15 | mo1 [v2, some:0] | test.swift:724:15:724:19 | .v2 [some:0] |
@@ -761,6 +764,8 @@ nodes
761764
| test.swift:699:9:699:9 | value [some:0] | semmle.label | value [some:0] |
762765
| test.swift:700:9:700:9 | self [v3] | semmle.label | self [v3] |
763766
| test.swift:700:9:700:9 | value | semmle.label | value |
767+
| test.swift:710:5:710:5 | v1 [some:0] | semmle.label | v1 [some:0] |
768+
| test.swift:710:11:710:18 | call to source() | semmle.label | call to source() |
764769
| test.swift:711:10:711:17 | call to source() | semmle.label | call to source() |
765770
| test.swift:711:10:711:17 | call to source() [some:0] | semmle.label | call to source() [some:0] |
766771
| test.swift:712:10:712:17 | call to source() | semmle.label | call to source() |
@@ -772,6 +777,8 @@ nodes
772777
| test.swift:715:5:715:5 | mo1 [v2, some:0] | semmle.label | mo1 [v2, some:0] |
773778
| test.swift:715:5:715:5 | mo1 [v2] | semmle.label | mo1 [v2] |
774779
| test.swift:715:14:715:21 | call to source() | semmle.label | call to source() |
780+
| test.swift:720:15:720:15 | v1 [some:0] | semmle.label | v1 [some:0] |
781+
| test.swift:720:15:720:17 | ...! | semmle.label | ...! |
775782
| test.swift:721:15:721:15 | v2 [some:0] | semmle.label | v2 [some:0] |
776783
| test.swift:721:15:721:17 | ...! | semmle.label | ...! |
777784
| test.swift:722:15:722:15 | v3 | semmle.label | v3 |
@@ -917,6 +924,7 @@ subpaths
917924
| test.swift:678:15:678:26 | ...[...] | test.swift:676:20:676:27 | call to source() | test.swift:678:15:678:26 | ...[...] | result |
918925
| test.swift:682:15:682:27 | ...[...] | test.swift:681:21:681:28 | call to source() | test.swift:682:15:682:27 | ...[...] | result |
919926
| test.swift:694:15:694:21 | ...[...] | test.swift:693:17:693:24 | call to source() | test.swift:694:15:694:21 | ...[...] | result |
927+
| test.swift:720:15:720:17 | ...! | test.swift:710:11:710:18 | call to source() | test.swift:720:15:720:17 | ...! | result |
920928
| test.swift:721:15:721:17 | ...! | test.swift:711:10:711:17 | call to source() | test.swift:721:15:721:17 | ...! | result |
921929
| test.swift:722:15:722:15 | v3 | test.swift:712:10:712:17 | call to source() | test.swift:722:15:722:15 | v3 | result |
922930
| test.swift:724:15:724:21 | ...! | test.swift:714:14:714:21 | call to source() | test.swift:724:15:724:21 | ...! | result |

swift/ql/test/library-tests/dataflow/dataflow/test.swift

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -717,7 +717,7 @@ func testWriteOptional() {
717717
mo2!.v2 = source()
718718
mo2!.v3 = source()
719719

720-
sink(arg: v1!) // $ MISSING:flow=710
720+
sink(arg: v1!) // $ flow=710
721721
sink(arg: v2!) // $ flow=711
722722
sink(arg: v3) // $ flow=712
723723
sink(arg: mo1.v1!) // $ MISSING:flow=713

0 commit comments

Comments
 (0)