Swift: Add source model for UITextField.

geoffw0 · geoffw0 · commit e16277ef43f1 · 2023-04-25T23:14:24.000+01:00
diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
@@ -79,6 +79,7 @@ private import internal.FlowSummaryImplSpecific
  * ensuring that they are visible to the taint tracking / data flow library.
  */
 private module Frameworks {
+  private import codeql.swift.frameworks.Alamofire.Alamofire
   private import codeql.swift.frameworks.StandardLibrary.Collection
   private import codeql.swift.frameworks.StandardLibrary.CustomUrlSchemes
   private import codeql.swift.frameworks.StandardLibrary.Data
@@ -94,7 +95,7 @@ private module Frameworks {
   private import codeql.swift.frameworks.StandardLibrary.Url
   private import codeql.swift.frameworks.StandardLibrary.UrlSession
   private import codeql.swift.frameworks.StandardLibrary.WebView
-  private import codeql.swift.frameworks.Alamofire.Alamofire
+  private import codeql.swift.frameworks.UIKit.UITextField
   private import codeql.swift.security.CleartextLoggingExtensions
   private import codeql.swift.security.CleartextStorageDatabaseExtensions
   private import codeql.swift.security.ECBEncryptionExtensions
diff --git a/swift/ql/lib/codeql/swift/frameworks/UIKit/UITextField.qll b/swift/ql/lib/codeql/swift/frameworks/UIKit/UITextField.qll
@@ -0,0 +1,15 @@
+/**
+ * Provides models for the `UITextField` Swift class.
+ */
+
+import swift
+private import codeql.swift.dataflow.ExternalFlow
+
+/**
+ * A model for `UITextField` members that are flow sources.
+ */
+private class UITextFieldSource extends SourceModelCsv {
+  override predicate row(string row) {
+    row = [";UITextField;true;text;;;;local", ";UITextField;true;attributedText;;;;local"]
+  }
+}
diff --git a/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift b/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift
@@ -23,8 +23,8 @@ class UITextField: UIControl {
 // --- tests ---
 
 func testUITextField(textField: UITextField) {
-  _ = textField.text // $ MISSING: source=local
-  _ = textField.attributedText // $ MISSING: source=local
+  _ = textField.text // $ source=local
+  _ = textField.attributedText // $ source=local
   _ = textField.placeholder // GOOD (not input)
-  _ = textField.text?.uppercased() // $ MISSING: source=local
+  _ = textField.text?.uppercased() // $ source=local
 }
