Swift: Effect on tests.

github · Feb 17, 2025 · dd2ca0d · dd2ca0d
1 parent c1a4cb2
commit dd2ca0d
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 12 deletions.
diff --git a/swift/ql/test/library-tests/dataflow/taint/core/Taint.expected b/swift/ql/test/library-tests/dataflow/taint/core/Taint.expected
@@ -13,7 +13,9 @@ edges
 | conversions.swift:46:19:46:39 | call to sourceInt(_:) | conversions.swift:46:12:46:40 | call to Double.init(_:) | provenance |  |
 | conversions.swift:47:19:47:39 | call to sourceInt(_:) | conversions.swift:47:12:47:40 | call to String.init(_:) | provenance |  |
 | conversions.swift:48:12:48:40 | call to String.init(_:) | conversions.swift:48:12:48:42 | .utf8 | provenance |  |
+| conversions.swift:48:12:48:40 | call to String.init(_:) [Collection element] | conversions.swift:48:12:48:42 | .utf8 | provenance |  |
 | conversions.swift:48:19:48:39 | call to sourceInt(_:) | conversions.swift:48:12:48:40 | call to String.init(_:) | provenance |  |
+| conversions.swift:48:19:48:39 | call to sourceInt(_:) | conversions.swift:48:12:48:40 | call to String.init(_:) [Collection element] | provenance |  |
 | conversions.swift:50:12:50:39 | [...] [Collection element] | conversions.swift:51:12:51:12 | arr | provenance |  |
 | conversions.swift:50:12:50:39 | [...] [Collection element] | conversions.swift:52:12:52:12 | arr [Collection element] | provenance |  |
 | conversions.swift:50:12:50:39 | [...] [Collection element] | conversions.swift:53:20:53:20 | arr [Collection element] | provenance |  |
@@ -65,13 +67,19 @@ edges
 | conversions.swift:138:18:138:39 | call to sourceFloat(_:) | conversions.swift:138:12:138:40 | call to UInt8.init(_:) | provenance |  |
 | conversions.swift:139:19:139:40 | call to sourceFloat(_:) | conversions.swift:139:12:139:41 | call to String.init(_:) | provenance |  |
 | conversions.swift:140:12:140:41 | call to String.init(_:) | conversions.swift:140:12:140:43 | .utf8 | provenance |  |
+| conversions.swift:140:12:140:41 | call to String.init(_:) [Collection element] | conversions.swift:140:12:140:43 | .utf8 | provenance |  |
 | conversions.swift:140:19:140:40 | call to sourceFloat(_:) | conversions.swift:140:12:140:41 | call to String.init(_:) | provenance |  |
+| conversions.swift:140:19:140:40 | call to sourceFloat(_:) | conversions.swift:140:12:140:41 | call to String.init(_:) [Collection element] | provenance |  |
 | conversions.swift:141:19:141:42 | call to sourceFloat80(_:) | conversions.swift:141:12:141:43 | call to String.init(_:) | provenance |  |
 | conversions.swift:142:12:142:43 | call to String.init(_:) | conversions.swift:142:12:142:45 | .utf8 | provenance |  |
+| conversions.swift:142:12:142:43 | call to String.init(_:) [Collection element] | conversions.swift:142:12:142:45 | .utf8 | provenance |  |
 | conversions.swift:142:19:142:42 | call to sourceFloat80(_:) | conversions.swift:142:12:142:43 | call to String.init(_:) | provenance |  |
+| conversions.swift:142:19:142:42 | call to sourceFloat80(_:) | conversions.swift:142:12:142:43 | call to String.init(_:) [Collection element] | provenance |  |
 | conversions.swift:143:19:143:41 | call to sourceDouble(_:) | conversions.swift:143:12:143:42 | call to String.init(_:) | provenance |  |
 | conversions.swift:144:12:144:42 | call to String.init(_:) | conversions.swift:144:12:144:44 | .utf8 | provenance |  |
+| conversions.swift:144:12:144:42 | call to String.init(_:) [Collection element] | conversions.swift:144:12:144:44 | .utf8 | provenance |  |
 | conversions.swift:144:19:144:41 | call to sourceDouble(_:) | conversions.swift:144:12:144:42 | call to String.init(_:) | provenance |  |
+| conversions.swift:144:19:144:41 | call to sourceDouble(_:) | conversions.swift:144:12:144:42 | call to String.init(_:) [Collection element] | provenance |  |
 | conversions.swift:146:18:146:39 | call to sourceFloat(_:) | conversions.swift:146:12:146:40 | call to Float.init(_:) | provenance |  |
 | conversions.swift:147:41:147:60 | call to sourceInt(_:) | conversions.swift:147:12:147:79 | call to Float.init(sign:exponent:significand:) | provenance |  |
 | conversions.swift:148:57:148:78 | call to sourceFloat(_:) | conversions.swift:148:12:148:79 | call to Float.init(sign:exponent:significand:) | provenance |  |
@@ -279,6 +287,7 @@ nodes
 | conversions.swift:47:12:47:40 | call to String.init(_:) | semmle.label | call to String.init(_:) |
 | conversions.swift:47:19:47:39 | call to sourceInt(_:) | semmle.label | call to sourceInt(_:) |
 | conversions.swift:48:12:48:40 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| conversions.swift:48:12:48:40 | call to String.init(_:) [Collection element] | semmle.label | call to String.init(_:) [Collection element] |
 | conversions.swift:48:12:48:42 | .utf8 | semmle.label | .utf8 |
 | conversions.swift:48:19:48:39 | call to sourceInt(_:) | semmle.label | call to sourceInt(_:) |
 | conversions.swift:50:12:50:39 | [...] [Collection element] | semmle.label | [...] [Collection element] |
@@ -363,16 +372,19 @@ nodes
 | conversions.swift:139:12:139:41 | call to String.init(_:) | semmle.label | call to String.init(_:) |
 | conversions.swift:139:19:139:40 | call to sourceFloat(_:) | semmle.label | call to sourceFloat(_:) |
 | conversions.swift:140:12:140:41 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| conversions.swift:140:12:140:41 | call to String.init(_:) [Collection element] | semmle.label | call to String.init(_:) [Collection element] |
 | conversions.swift:140:12:140:43 | .utf8 | semmle.label | .utf8 |
 | conversions.swift:140:19:140:40 | call to sourceFloat(_:) | semmle.label | call to sourceFloat(_:) |
 | conversions.swift:141:12:141:43 | call to String.init(_:) | semmle.label | call to String.init(_:) |
 | conversions.swift:141:19:141:42 | call to sourceFloat80(_:) | semmle.label | call to sourceFloat80(_:) |
 | conversions.swift:142:12:142:43 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| conversions.swift:142:12:142:43 | call to String.init(_:) [Collection element] | semmle.label | call to String.init(_:) [Collection element] |
 | conversions.swift:142:12:142:45 | .utf8 | semmle.label | .utf8 |
 | conversions.swift:142:19:142:42 | call to sourceFloat80(_:) | semmle.label | call to sourceFloat80(_:) |
 | conversions.swift:143:12:143:42 | call to String.init(_:) | semmle.label | call to String.init(_:) |
 | conversions.swift:143:19:143:41 | call to sourceDouble(_:) | semmle.label | call to sourceDouble(_:) |
 | conversions.swift:144:12:144:42 | call to String.init(_:) | semmle.label | call to String.init(_:) |
+| conversions.swift:144:12:144:42 | call to String.init(_:) [Collection element] | semmle.label | call to String.init(_:) [Collection element] |
 | conversions.swift:144:12:144:44 | .utf8 | semmle.label | .utf8 |
 | conversions.swift:144:19:144:41 | call to sourceDouble(_:) | semmle.label | call to sourceDouble(_:) |
 | conversions.swift:146:12:146:40 | call to Float.init(_:) | semmle.label | call to Float.init(_:) |

diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/custom.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/custom.swift
@@ -115,6 +115,6 @@ func testCustom() {
 	sink(arg: mc7)
 	sink(arg: mc7[0])
 	mc7.append(contentsOf: taintedArray)
-	sink(arg: mc7) // $ MISSING: tainted=data10
-	sink(arg: mc7[0]) // $ MISSING: tainted=data10
+	sink(arg: mc7) // $ tainted=data10
+	sink(arg: mc7[0]) // $ tainted=data10
 }
diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/files.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/files.swift
@@ -125,7 +125,7 @@ func test_files(e1: Encoder) {
 	sink(filePath: FilePath(cString: sourceCString())) // $ tainted=125
 	sink(filePath: FilePath(root: FilePath.Root("/"), [FilePath.Component("my")!, FilePath.Component("path")!]))
 	sink(filePath: FilePath(root: FilePath.Root(sourceString()), [FilePath.Component("my")!, FilePath.Component("path")!])) // $ tainted=127
-	sink(filePath: FilePath(root: FilePath.Root("/"), [FilePath.Component("my")!, FilePath.Component(sourceString())!])) // $ MISSING: tainted=
+	sink(filePath: FilePath(root: FilePath.Root("/"), [FilePath.Component("my")!, FilePath.Component(sourceString())!])) // $ tainted=128
 
 	// --- FilePath methods ---
 

diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/set.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/set.swift
@@ -28,7 +28,7 @@ func testSet(ix: Int) {
   sink(arg: taintedSet.max()!) // $ tainted=t1
   sink(arg: taintedSet.firstIndex(of: source("t2"))!)
   sink(arg: taintedSet[taintedSet.firstIndex(of: source("t3"))!]) // $ tainted=t1
-  sink(arg: taintedSet.first!) // $ MISSING: tainted=t1
+  sink(arg: taintedSet.first!) // $ tainted=t1
   for elem in taintedSet {
     sink(arg: elem) // $ tainted=t1
   }
@@ -100,7 +100,7 @@ func testSet(ix: Int) {
   sink(arg: taintedSet.sorted().randomElement()!) // $ tainted=t1
   sink(arg: taintedSet.shuffled().randomElement()!) // $ tainted=t1
 
-  sink(arg: taintedSet.lazy[taintedSet.firstIndex(of: source("t11"))!]) // $ MISSING: tainted=t1
+  sink(arg: taintedSet.lazy[taintedSet.firstIndex(of: source("t11"))!]) // $ tainted=t1
 
   var it = taintedSet.makeIterator()
   sink(arg: it.next()!) // $ tainted=t1

diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/url.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/url.swift
@@ -292,7 +292,7 @@ func taintThroughURL() {
 	sink(arg: URL(fileURLWithFileSystemRepresentation: 0 as! UnsafePointer<Int8>, isDirectory: false, relativeTo: urlTainted)) // $ tainted=210
 	let _ = tainted.withCString({
 		ptrTainted in
-		sink(arg: URL(fileURLWithFileSystemRepresentation: ptrTainted, isDirectory: false, relativeTo: nil)) // $ MISSING: tainted=210
+		sink(arg: URL(fileURLWithFileSystemRepresentation: ptrTainted, isDirectory: false, relativeTo: nil)) // $ tainted=210
 	})
 
 	sink(arg: URL(fileReferenceLiteralResourceName: tainted)) // $ tainted=210
@@ -339,12 +339,12 @@ func taintThroughURL() {
 	sink(arg: urlTainted.appending(component: clean)) // $ tainted=210
 	sink(arg: urlClean.appending(component: tainted)) // $ tainted=210
 	sink(arg: urlTainted.appending(components: clean)) // $ tainted=210
-	sink(arg: urlClean.appending(components: tainted)) // $ MISSING: tainted=210
-	sink(arg: urlClean.appending(components: clean, tainted)) // $ MISSING: tainted=210
+	sink(arg: urlClean.appending(components: tainted)) // $ tainted=210
+	sink(arg: urlClean.appending(components: clean, tainted)) // $ tainted=210
 	sink(arg: urlTainted.appending(path: clean)) // $ tainted=210
 	sink(arg: urlClean.appending(path: tainted)) // $ tainted=210
 	sink(arg: urlTainted.appending(queryItems: [])) // $ tainted=210
-	sink(arg: urlClean.appending(queryItems: [source() as! URLQueryItem])) // $ MISSING: tainted=210
+	sink(arg: urlClean.appending(queryItems: [source() as! URLQueryItem])) // $ tainted=347
 
 	sink(arg: URL(filePath: tainted)) // $ tainted=210
 	sink(arg: URL(filePath: tainted, relativeTo: nil)) // $ tainted=210
@@ -403,19 +403,19 @@ func taintThroughURL() {
 
 	var url7 = URL(string: clean)!
 	url7.append(components: tainted)
-	sink(arg: url7) // $ MISSING: tainted=210
+	sink(arg: url7) // $ tainted=210
 
 	var url8 = URL(string: clean)!
 	url8.append(components: clean, tainted)
-	sink(arg: url8) // $ MISSING: tainted=210
+	sink(arg: url8) // $ tainted=210
 
 	var url9 = URL(string: clean)!
 	url9.append(path: tainted)
 	sink(arg: url9) // $ tainted=210
 
 	var url10 = URL(string: clean)!
 	url10.append(queryItems: [source() as! URLQueryItem])
-	sink(arg: url10) // $ MISSING: tainted=210
+	sink(arg: url10) // $ tainted=417
 
 	sink(data: try! urlTainted.bookmarkData()) // $ tainted=210
 	sink(data: try! URL.bookmarkData(withContentsOf: urlTainted)) // $ tainted=210