Merge pull request github#11980 from geoffw0/modern2

geoffw0 · web-flow · commit 6c0b50c69691 · 2023-01-27T14:33:43.000Z
Swift: Structure modernized queries more consistently
diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
@@ -89,9 +89,9 @@ private module Frameworks {
   private import codeql.swift.frameworks.StandardLibrary.UrlSession
   private import codeql.swift.frameworks.StandardLibrary.WebView
   private import codeql.swift.frameworks.Alamofire.Alamofire
-  private import codeql.swift.security.CleartextLogging
-  private import codeql.swift.security.PathInjection
-  private import codeql.swift.security.PredicateInjection
+  private import codeql.swift.security.CleartextLoggingExtensions
+  private import codeql.swift.security.PathInjectionExtensions
+  private import codeql.swift.security.PredicateInjectionExtensions
 }
 
 /**
diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
@@ -25,6 +25,9 @@ class CleartextLoggingAdditionalTaintStep extends Unit {
   abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
 }
 
+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultCleartextLoggingSink extends CleartextLoggingSink {
   DefaultCleartextLoggingSink() { sinkNode(this, "logging") }
 }
diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll
@@ -6,7 +6,7 @@
 import swift
 private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.dataflow.TaintTracking
-private import codeql.swift.security.CleartextLogging
+private import codeql.swift.security.CleartextLoggingExtensions
 private import codeql.swift.security.SensitiveExprs
 
 /**
diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
@@ -29,6 +29,9 @@ class PathInjectionAdditionalTaintStep extends Unit {
   abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
 }
 
+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultPathInjectionSink extends PathInjectionSink {
   DefaultPathInjectionSink() { sinkNode(this, "path-injection") }
 }
diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll b/swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll
@@ -8,7 +8,7 @@ private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.dataflow.ExternalFlow
 private import codeql.swift.dataflow.FlowSources
 private import codeql.swift.dataflow.TaintTracking
-private import codeql.swift.security.PathInjection
+private import codeql.swift.security.PathInjectionExtensions
 
 /**
  * A taint-tracking configuration for path injection vulnerabilities.
diff --git a/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll
@@ -24,6 +24,9 @@ class PredicateInjectionAdditionalTaintStep extends Unit {
   abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
 }
 
+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultPredicateInjectionSink extends PredicateInjectionSink {
   DefaultPredicateInjectionSink() { sinkNode(this, "predicate-injection") }
 }
diff --git a/swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll b/swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll
@@ -7,7 +7,7 @@ import swift
 private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.dataflow.FlowSources
 private import codeql.swift.dataflow.TaintTracking
-private import codeql.swift.security.PredicateInjection
+private import codeql.swift.security.PredicateInjectionExtensions
 
 /**
  * A taint-tracking configuration for predicate injection vulnerabilities.
diff --git a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll
@@ -34,7 +34,7 @@ private class DefaultUncontrolledFormatStringSink extends UncontrolledFormatStri
     // the format argument to a `FormattingFunctionCall`.
     this.asExpr() = any(FormattingFunctionCall fc).getFormat()
     or
-    // a sink defined in a Csv model.
+    // a sink defined in a CSV model.
     sinkNode(this, "uncontrolled-format-string")
   }
 }
diff --git a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll
@@ -4,6 +4,7 @@ import swift
 private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.frameworks.AEXML
 private import codeql.swift.frameworks.Libxml2
+private import codeql.swift.dataflow.ExternalFlow
 
 /** A data flow sink for XML external entities (XXE) vulnerabilities. */
 abstract class XxeSink extends DataFlow::Node { }
@@ -201,3 +202,10 @@ private predicate lib2xmlOptionLocalTaintStep(DataFlow::Node source, DataFlow::N
     source.asExpr() = int32Init.getAnArgument().getExpr() and sink.asExpr() = int32Init
   )
 }
+
+/**
+ * A sink defined in a CSV model.
+ */
+private class DefaultXxeSink extends XxeSink {
+  DefaultXxeSink() { sinkNode(this, "xxe") }
+}
diff --git a/swift/ql/lib/codeql/swift/security/XXEQuery.qll b/swift/ql/lib/codeql/swift/security/XXEQuery.qll
@@ -7,7 +7,7 @@ import swift
 import codeql.swift.dataflow.DataFlow
 import codeql.swift.dataflow.FlowSources
 import codeql.swift.dataflow.TaintTracking
-import codeql.swift.security.XXE
+import codeql.swift.security.XXEExtensions
 
 /**
  * A taint-tracking configuration for XML external entities (XXE) vulnerabilities.

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,9 @@ class CleartextLoggingAdditionalTaintStep extends Unit {`
`25`	`25`	`abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);`
`26`	`26`	`}`
`27`	`27`
	`28`	`+/**`
	`29`	`+ * A sink defined in a CSV model.`
	`30`	`+ */`
`28`	`31`	`private class DefaultCleartextLoggingSink extends CleartextLoggingSink {`
`29`	`32`	`DefaultCleartextLoggingSink() { sinkNode(this, "logging") }`
`30`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,9 @@ class PathInjectionAdditionalTaintStep extends Unit {`
`29`	`29`	`abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);`
`30`	`30`	`}`
`31`	`31`
	`32`	`+/**`
	`33`	`+ * A sink defined in a CSV model.`
	`34`	`+ */`
`32`	`35`	`private class DefaultPathInjectionSink extends PathInjectionSink {`
`33`	`36`	`DefaultPathInjectionSink() { sinkNode(this, "path-injection") }`
`34`	`37`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,9 @@ class PredicateInjectionAdditionalTaintStep extends Unit {`
`24`	`24`	`abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);`
`25`	`25`	`}`
`26`	`26`
	`27`	`+/**`
	`28`	`+ * A sink defined in a CSV model.`
	`29`	`+ */`
`27`	`30`	`private class DefaultPredicateInjectionSink extends PredicateInjectionSink {`
`28`	`31`	`DefaultPredicateInjectionSink() { sinkNode(this, "predicate-injection") }`
`29`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ private class DefaultUncontrolledFormatStringSink extends UncontrolledFormatStri`
`34`	`34`	// the format argument to a `FormattingFunctionCall`.
`35`	`35`	`this.asExpr() = any(FormattingFunctionCall fc).getFormat()`
`36`	`36`	`or`
`37`		`- // a sink defined in a Csv model.`
	`37`	`+ // a sink defined in a CSV model.`
`38`	`38`	`sinkNode(this, "uncontrolled-format-string")`
`39`	`39`	`}`
`40`	`40`	`}`