Support CommandInjectionAdditionalFlowStep and fix doc errors

Author: maikypedia

swift/ql/lib/codeql/swift/security/CommandInjectionExtensions.qll

@@ -62,5 +62,5 @@ private class ProcessSink extends CommandInjectionSink instanceof DataFlow::Node
  * A sink defined in a CSV model.
  */
 private class DefaultCommandInjectionSink extends CommandInjectionSink {
-  DefaultCommandInjectionSink() { sinkNode(this, "command-line-injection") }
+  DefaultCommandInjectionSink() { sinkNode(this, "command-injection") }
 }

swift/ql/lib/codeql/swift/security/CommandInjectionQuery.qll

@@ -19,6 +19,10 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node node) { node instanceof CommandInjectionSink }
 
   predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CommandInjectionBarrier }
+
+  predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
+    any(CommandInjectionAdditionalFlowStep s).step(nodeFrom, nodeTo)
+  }
 }
 
 /**

swift/ql/src/queries/Security/CWE-078/CommandInjection.qhelp

@@ -6,7 +6,7 @@
 <overview>
 <p>
 Constructing a system command with unsanitized user input is dangerous,
-since a malicious user to execute code.
+since a malicious user may be able to craft input that executes arbitrary code.
 </p>
 </overview>
 
@@ -29,7 +29,7 @@ sanitizing it first:
 </p>
 <sample src="CommandInjectionBad.swift" />
 <p>
-If user input is used to construct a regular expression it should be checked
+If user input is used to construct a command it should be checked
 first. This ensures that the user cannot insert characters that have special
 meanings.
 </p>

swift/ql/src/queries/Security/CWE-078/CommandInjection.ql

@@ -8,6 +8,7 @@
  * @id swift/command-line-injection
  * @tags security
  *       external/cwe/cwe-078
+ *       external/cwe/cwe-088
  */
 
 import swift