Swift: Further modelling updates / gap filling that doesn't seem to affect tests.

geoffw0 · geoffw0 · commit f3ea75d27c79 · 2024-11-01T16:19:41.000Z
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll
@@ -15,20 +15,35 @@ private class CollectionSummaries extends SummaryModelCsv {
     row =
       [
         ";Collection;true;prefix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
         ";Collection;true;prefix(through:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(through:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
         ";Collection;true;prefix(upTo:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(upTo:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
         ";Collection;true;prefix(while:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;prefix(while:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
         ";Collection;true;suffix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;suffix(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
         ";Collection;true;suffix(from:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;suffix(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
         ";Collection;true;dropFirst(_:);;;Argument[-1];ReturnValue;taint",
         ";Collection;true;dropFirst(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
         ";Collection;true;dropLast(_:);;;Argument[-1];ReturnValue;taint",
         ";Collection;true;dropLast(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
+        ";Collection;true;flatMap(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;flatMap(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
+        ";Collection;true;map(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;map(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
         ";Collection;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
         ";Collection;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint",
         ";Collection;true;removeFirst();;;Argument[-1];ReturnValue;taint",
         ";Collection;true;popFirst();;;Argument[-1];ReturnValue;taint",
         ";Collection;true;randomElement();;;Argument[-1].CollectionElement;ReturnValue.OptionalSome;value",
+        ";Collection;true;randomElement(using:);;;Argument[-1].CollectionElement;ReturnValue.OptionalSome;value",
+        ";Collection;true;trimmingPrefix(_:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;trimmingPrefix(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
+        ";Collection;true;trimmingPrefix(while:);;;Argument[-1];ReturnValue;taint",
+        ";Collection;true;trimmingPrefix(while:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
         ";RangeReplaceableCollection;true;init(_:);;;Argument[0];ReturnValue.CollectionElement;taint",
         ";RangeReplaceableCollection;true;init(_:);;;Argument[0].CollectionElement;ReturnValue.CollectionElement;value",
         ";RangeReplaceableCollection;true;init(repeating:count:);;;Argument[0];ReturnValue.CollectionElement;value",
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll
@@ -167,12 +167,18 @@ private class StringFieldsInheritTaint extends TaintInheritingContent,
             "precomposedStringWithCompatibilityMapping", "removingPercentEncoding"
           ]
         or
-        namedTypeDecl.getFullName() = "CustomStringConvertible" and
+        namedTypeDecl.getFullName() = ["CustomStringConvertible"] and
         fieldDecl.getName() = "description"
         or
         namedTypeDecl.getFullName() = "CustomDebugStringConvertible" and
         fieldDecl.getName() = "debugDescription"
         or
+        namedTypeDecl.getFullName() = "CustomTestStringConvertible" and
+        fieldDecl.getName() = "testDescription"
+        or
+        namedTypeDecl.getFullName() = "CustomURLRepresentationParameterConvertible" and
+        fieldDecl.getName() = "urlRepresentationParameter"
+        or
         namedTypeDecl.getFullName() = "Substring" and
         fieldDecl.getName() = "base"
       ) and
