Swift: Widen the model to include things that are not strictly RawRepresentable but which appear similar. This fixes the XXE test cases. Unclear whether xmlParserOption in the test should in fact extend RawRepresentable, or not.

geoffw0 · geoffw0 · commit d0f214a9a700 · 2023-10-13T17:35:05.000+01:00
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/RawRepresentable.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/RawRepresentable.qll
@@ -17,19 +17,12 @@ private class RawRepresentableSummaries extends SummaryModelCsv {
 }
 
 /**
- * A content implying that, if an `RawRepresentable` is tainted, then
- * the `rawValue` field is tainted as well.
+ * A content implying that, if a `RawRepresentable` is tainted, then the
+ * `rawValue` field is tainted as well. This model has been extended to assume
+ * that any object's `rawValue` field also inherits taint.
  */
 private class RawRepresentableFieldsInheritTaint extends TaintInheritingContent,
   DataFlow::Content::FieldContent
 {
-  RawRepresentableFieldsInheritTaint() {
-    exists(FieldDecl fieldDecl, Decl declaringDecl, TypeDecl namedTypeDecl |
-      namedTypeDecl.getFullName() = "RawRepresentable" and
-      fieldDecl.getName() = "rawValue" and
-      declaringDecl.getAMember() = fieldDecl and
-      declaringDecl.asNominalTypeDecl() = namedTypeDecl.getADerivedTypeDecl*() and
-      this.getField() = fieldDecl
-    )
-  }
+  RawRepresentableFieldsInheritTaint() { this.getField().getName() = "rawValue" }
 }
diff --git a/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected b/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected
@@ -1,18 +1,2 @@
 testFailures
-| testLibxmlXXE.swift:101:78:102:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:102:80:103:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:103:107:104:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:104:82:105:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:106:78:107:1 | // $ hasXXE=95\n | Missing result:hasXXE=95 |
-| testLibxmlXXE.swift:107:80:108:1 | // $ hasXXE=95\n | Missing result:hasXXE=95 |
-| testLibxmlXXE.swift:109:87:110:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:110:89:111:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:112:99:113:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:113:97:114:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:115:87:116:1 | // $ hasXXE=95\n | Missing result:hasXXE=95 |
-| testLibxmlXXE.swift:116:89:117:1 | // $ hasXXE=95\n | Missing result:hasXXE=95 |
-| testLibxmlXXE.swift:118:89:119:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:119:91:120:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:121:98:122:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
-| testLibxmlXXE.swift:122:100:123:1 | // $ hasXXE=96\n | Missing result:hasXXE=96 |
 failures
