Merge pull request github#13115 from geoffw0/swift-csv-labels

geoffw0 · web-flow · commit e402c225f411 · 2023-05-11T13:34:48.000+01:00
Swift: Accept standardized CSV sink labels
diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
@@ -26,7 +26,7 @@ class CleartextLoggingAdditionalFlowStep extends Unit {
  * A sink defined in a CSV model.
  */
 private class DefaultCleartextLoggingSink extends CleartextLoggingSink {
-  DefaultCleartextLoggingSink() { sinkNode(this, "logging") }
+  DefaultCleartextLoggingSink() { sinkNode(this, "log-injection") }
 }
 
 /**
@@ -80,25 +80,25 @@ private class LoggingSinks extends SinkModelCsv {
   override predicate row(string row) {
     row =
       [
-        ";;false;print(_:separator:terminator:);;;Argument[0].ArrayElement;logging",
-        ";;false;print(_:separator:terminator:);;;Argument[1..2];logging",
-        ";;false;print(_:separator:terminator:toStream:);;;Argument[0].ArrayElement;logging",
-        ";;false;print(_:separator:terminator:toStream:);;;Argument[1..2];logging",
-        ";;false;NSLog(_:_:);;;Argument[0];logging",
-        ";;false;NSLog(_:_:);;;Argument[1].ArrayElement;logging",
-        ";;false;NSLogv(_:_:);;;Argument[0];logging",
-        ";;false;NSLogv(_:_:);;;Argument[1].ArrayElement;logging",
-        ";;false;vfprintf(_:_:_:);;;Agument[1..2];logging",
-        ";Logger;true;log(_:);;;Argument[0];logging",
-        ";Logger;true;log(level:_:);;;Argument[1];logging",
-        ";Logger;true;trace(_:);;;Argument[1];logging",
-        ";Logger;true;debug(_:);;;Argument[1];logging",
-        ";Logger;true;info(_:);;;Argument[1];logging",
-        ";Logger;true;notice(_:);;;Argument[1];logging",
-        ";Logger;true;warning(_:);;;Argument[1];logging",
-        ";Logger;true;error(_:);;;Argument[1];logging",
-        ";Logger;true;critical(_:);;;Argument[1];logging",
-        ";Logger;true;fault(_:);;;Argument[1];logging",
+        ";;false;print(_:separator:terminator:);;;Argument[0].ArrayElement;log-injection",
+        ";;false;print(_:separator:terminator:);;;Argument[1..2];log-injection",
+        ";;false;print(_:separator:terminator:toStream:);;;Argument[0].ArrayElement;log-injection",
+        ";;false;print(_:separator:terminator:toStream:);;;Argument[1..2];log-injection",
+        ";;false;NSLog(_:_:);;;Argument[0];log-injection",
+        ";;false;NSLog(_:_:);;;Argument[1].ArrayElement;log-injection",
+        ";;false;NSLogv(_:_:);;;Argument[0];log-injection",
+        ";;false;NSLogv(_:_:);;;Argument[1].ArrayElement;log-injection",
+        ";;false;vfprintf(_:_:_:);;;Agument[1..2];log-injection",
+        ";Logger;true;log(_:);;;Argument[0];log-injection",
+        ";Logger;true;log(level:_:);;;Argument[1];log-injection",
+        ";Logger;true;trace(_:);;;Argument[1];log-injection",
+        ";Logger;true;debug(_:);;;Argument[1];log-injection",
+        ";Logger;true;info(_:);;;Argument[1];log-injection",
+        ";Logger;true;notice(_:);;;Argument[1];log-injection",
+        ";Logger;true;warning(_:);;;Argument[1];log-injection",
+        ";Logger;true;error(_:);;;Argument[1];log-injection",
+        ";Logger;true;critical(_:);;;Argument[1];log-injection",
+        ";Logger;true;fault(_:);;;Argument[1];log-injection",
       ]
   }
 }
diff --git a/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll
@@ -151,5 +151,5 @@ private class GrdbDefaultSqlInjectionSink extends SqlInjectionSink {
  * A sink defined in a CSV model.
  */
 private class DefaultSqlInjectionSink extends SqlInjectionSink {
-  DefaultSqlInjectionSink() { sinkNode(this, "sql") }
+  DefaultSqlInjectionSink() { sinkNode(this, "sql-injection") }
 }
diff --git a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll
@@ -39,6 +39,6 @@ private class DefaultUncontrolledFormatStringSink extends UncontrolledFormatStri
     this.asExpr() = any(FormattingFunctionCall fc).getFormat()
     or
     // a sink defined in a CSV model.
-    sinkNode(this, "uncontrolled-format-string")
+    sinkNode(this, "format-string")
   }
 }
diff --git a/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll b/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll
@@ -144,5 +144,5 @@ private class DefaultUnsafeJsEvalAdditionalFlowStep extends UnsafeJsEvalAddition
  * A sink defined in a CSV model.
  */
 private class DefaultUnsafeJsEvalSink extends UnsafeJsEvalSink {
-  DefaultUnsafeJsEvalSink() { sinkNode(this, "js-eval") }
+  DefaultUnsafeJsEvalSink() { sinkNode(this, "code-injection") }
 }

Original file line number	Diff line number	Diff line change
`@@ -151,5 +151,5 @@ private class GrdbDefaultSqlInjectionSink extends SqlInjectionSink {`
`151`	`151`	`* A sink defined in a CSV model.`
`152`	`152`	`*/`
`153`	`153`	`private class DefaultSqlInjectionSink extends SqlInjectionSink {`
`154`		`- DefaultSqlInjectionSink() { sinkNode(this, "sql") }`
	`154`	`+ DefaultSqlInjectionSink() { sinkNode(this, "sql-injection") }`
`155`	`155`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,6 @@ private class DefaultUncontrolledFormatStringSink extends UncontrolledFormatStri`
`39`	`39`	`this.asExpr() = any(FormattingFunctionCall fc).getFormat()`
`40`	`40`	`or`
`41`	`41`	`// a sink defined in a CSV model.`
`42`		`- sinkNode(this, "uncontrolled-format-string")`
	`42`	`+ sinkNode(this, "format-string")`
`43`	`43`	`}`
`44`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -144,5 +144,5 @@ private class DefaultUnsafeJsEvalAdditionalFlowStep extends UnsafeJsEvalAddition`
`144`	`144`	`* A sink defined in a CSV model.`
`145`	`145`	`*/`
`146`	`146`	`private class DefaultUnsafeJsEvalSink extends UnsafeJsEvalSink {`
`147`		`- DefaultUnsafeJsEvalSink() { sinkNode(this, "js-eval") }`
	`147`	`+ DefaultUnsafeJsEvalSink() { sinkNode(this, "code-injection") }`
`148`	`148`	`}`