Swift: Fix member variable sinks in swift/path-ionjection.

Author: geoffw0

swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll

@@ -132,8 +132,8 @@ private class PathInjectionSinks extends SinkModelCsv {
         ";Realm.Configuration;true;init(fileURL:inMemoryIdentifier:syncConfiguration:encryptionKey:readOnly:schemaVersion:migrationBlock:deleteRealmIfMigrationNeeded:shouldCompactOnLaunch:objectTypes:);;;Argument[0];path-injection",
         ";Realm.Configuration;true;init(fileURL:inMemoryIdentifier:syncConfiguration:encryptionKey:readOnly:schemaVersion:migrationBlock:deleteRealmIfMigrationNeeded:shouldCompactOnLaunch:objectTypes:seedFilePath:);;;Argument[0];path-injection",
         ";Realm.Configuration;true;init(fileURL:inMemoryIdentifier:syncConfiguration:encryptionKey:readOnly:schemaVersion:migrationBlock:deleteRealmIfMigrationNeeded:shouldCompactOnLaunch:objectTypes:seedFilePath:);;;Argument[10];path-injection",
-        ";Realm.Configuration;true;fileURL;;;;path-injection",
-        ";Realm.Configuration;true;seedFilePath;;;;path-injection",
+        ";Realm.Configuration;true;fileURL;;;PostUpdate;path-injection",
+        ";Realm.Configuration;true;seedFilePath;;;PostUpdate;path-injection",
       ]
   }
 }

swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected

@@ -0,0 +1 @@
+| file://:0:0:0:0 | self | Unexpected result: hasPathInjection=208 |

swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql

@@ -12,7 +12,10 @@ class PathInjectionTest extends InlineExpectationsTest {
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr |
       PathInjectionFlow::flow(source, sink) and
-      sinkExpr = sink.asExpr() and
+      (
+        sinkExpr = sink.asExpr() or
+        sinkExpr = sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr()
+      ) and
       location = sinkExpr.getLocation() and
       element = sinkExpr.toString() and
       tag = "hasPathInjection" and

swift/ql/test/query-tests/Security/CWE-022/testPathInjection.swift

@@ -317,9 +317,9 @@ func test() {
 
 	var config = Realm.Configuration() // GOOD
 	config.fileURL = safeUrl // GOOD
-	config.fileURL = remoteUrl // $ MISSING: hasPathInjection=208
+	config.fileURL = remoteUrl // $ hasPathInjection=208
 	config.seedFilePath = safeUrl // GOOD
-	config.seedFilePath = remoteUrl // $ MISSING: hasPathInjection=208
+	config.seedFilePath = remoteUrl // $ hasPathInjection=208
 }
 
 func testSanitizers() {