Skip to content

Commit e6c8428

Browse files
committed
Swift: Add syntax for selecting PostUpdateNodes in CSV rows.
1 parent bfbd45a commit e6c8428

File tree

2 files changed

+14
-11
lines changed

2 files changed

+14
-11
lines changed

swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -200,14 +200,19 @@ predicate interpretOutputSpecific(string c, InterpretNode mid, InterpretNode nod
200200
}
201201

202202
predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode node) {
203-
// Allow fields to be picked as input nodes.
204203
exists(Node n, AstNode ast, MemberRefExpr e |
205204
n = node.asNode() and
206-
ast = mid.asElement()
205+
ast = mid.asElement() and
206+
e.getMember() = ast
207207
|
208+
// Allow fields to be picked as input nodes.
208209
c = "" and
209-
e.getBase() = n.asExpr() and
210-
e.getMember() = ast
210+
e.getBase() = n.asExpr()
211+
or
212+
// Allow post update nodes to be picked as input nodes when the `input` column
213+
// of the row is `PostUpdate`.
214+
c = "PostUpdate" and
215+
e.getBase() = n.(PostUpdateNode).getPreUpdateNode().asExpr()
211216
)
212217
}
213218

swift/ql/lib/codeql/swift/security/InsecureTLSExtensions.qll

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -50,10 +50,10 @@ private class TlsExtensionsSinks extends SinkModelCsv {
5050
row =
5151
[
5252
// TLS-related properties of `URLSessionConfiguration`
53-
";URLSessionConfiguration;false;tlsMinimumSupportedProtocolVersion;;;;tls-protocol-version",
54-
";URLSessionConfiguration;false;tlsMinimumSupportedProtocol;;;;tls-protocol-version",
55-
";URLSessionConfiguration;false;tlsMaximumSupportedProtocolVersion;;;;tls-protocol-version",
56-
";URLSessionConfiguration;false;tlsMaximumSupportedProtocol;;;;tls-protocol-version",
53+
";URLSessionConfiguration;false;tlsMinimumSupportedProtocolVersion;;;PostUpdate;tls-protocol-version",
54+
";URLSessionConfiguration;false;tlsMinimumSupportedProtocol;;;PostUpdate;tls-protocol-version",
55+
";URLSessionConfiguration;false;tlsMaximumSupportedProtocolVersion;;;PostUpdate;tls-protocol-version",
56+
";URLSessionConfiguration;false;tlsMaximumSupportedProtocol;;;PostUpdate;tls-protocol-version",
5757
]
5858
}
5959
}
@@ -62,7 +62,5 @@ private class TlsExtensionsSinks extends SinkModelCsv {
6262
* A sink defined in a CSV model.
6363
*/
6464
private class DefaultTlsExtensionsSink extends InsecureTlsExtensionsSink {
65-
DefaultTlsExtensionsSink() {
66-
sinkNode(this.(DataFlow::PostUpdateNode).getPreUpdateNode(), "tls-protocol-version")
67-
}
65+
DefaultTlsExtensionsSink() { sinkNode(this, "tls-protocol-version") }
6866
}

0 commit comments

Comments
 (0)