Swift: Accept path-explanation test changes.

MathiasVP · MathiasVP · commit 0065a5af96ee · 2022-10-06T10:30:18.000+01:00
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPrivate.qll
@@ -49,16 +49,6 @@ private module Cached {
       ae.getType().getName() = "String"
     )
     or
-    // allow flow through `URL.init`.
-    exists(CallExpr call, StructDecl c, AbstractFunctionDecl f |
-      c.getName() = "URL" and
-      c.getAMember() = f and
-      f.getName() = ["init(string:)", "init(string:relativeTo:)"] and
-      call.getStaticTarget() = f and
-      nodeFrom.asExpr() = call.getAnArgument().getExpr() and
-      nodeTo.asExpr() = call
-    )
-    or
     FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)
   }
 
diff --git a/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected b/swift/ql/test/library-tests/dataflow/taint/LocalTaint.expected
@@ -123,17 +123,3 @@
 | string.swift:39:13:39:19 | ... .+(_:_:) ... | string.swift:39:13:39:29 | ... .+(_:_:) ... |
 | string.swift:39:19:39:19 | tainted | string.swift:39:13:39:19 | ... .+(_:_:) ... |
 | string.swift:39:29:39:29 | < | string.swift:39:13:39:29 | ... .+(_:_:) ... |
-| url.swift:40:29:40:29 | clean | url.swift:40:17:40:34 | call to init(string:) |
-| url.swift:41:31:41:31 | tainted | url.swift:41:19:41:38 | call to init(string:) |
-| url.swift:46:24:46:24 | clean | url.swift:46:12:46:46 | call to init(string:relativeTo:) |
-| url.swift:46:43:46:43 | nil | url.swift:46:12:46:46 | call to init(string:relativeTo:) |
-| url.swift:47:24:47:24 | tainted | url.swift:47:12:47:48 | call to init(string:relativeTo:) |
-| url.swift:47:45:47:45 | nil | url.swift:47:12:47:48 | call to init(string:relativeTo:) |
-| url.swift:48:24:48:24 | clean | url.swift:48:12:48:51 | call to init(string:relativeTo:) |
-| url.swift:48:43:48:43 | urlClean | url.swift:48:12:48:51 | call to init(string:relativeTo:) |
-| url.swift:49:24:49:24 | clean | url.swift:49:12:49:53 | call to init(string:relativeTo:) |
-| url.swift:49:43:49:43 | urlTainted | url.swift:49:12:49:53 | call to init(string:relativeTo:) |
-| url.swift:51:25:51:25 | clean | url.swift:51:13:51:30 | call to init(string:) |
-| url.swift:55:25:55:25 | tainted | url.swift:55:13:55:32 | call to init(string:) |
-| url.swift:60:26:60:26 | clean | url.swift:60:14:60:31 | call to init(string:) |
-| url.swift:64:28:64:28 | tainted | url.swift:64:16:64:35 | call to init(string:) |
diff --git a/swift/ql/test/library-tests/dataflow/taint/Taint.expected b/swift/ql/test/library-tests/dataflow/taint/Taint.expected
@@ -15,21 +15,29 @@ edges
 | try.swift:18:18:18:25 | call to source() :  | try.swift:18:12:18:27 | ...! |
 | url.swift:8:2:8:25 | [summary param] 0 in init(string:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  |
 | url.swift:8:8:8:16 | string :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  |
+| url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  |
+| url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  |
+| url.swift:9:8:9:16 | string :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  |
+| url.swift:9:24:9:39 | relativeTo :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  |
 | url.swift:26:2:29:55 | [summary param] 0 in dataTask(with:completionHandler:) :  | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  |
 | url.swift:27:5:27:15 | url :  | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  |
 | url.swift:39:16:39:23 | call to source() :  | url.swift:41:31:41:31 | tainted :  |
-| url.swift:39:16:39:23 | call to source() :  | url.swift:44:12:44:12 | urlTainted |
-| url.swift:39:16:39:23 | call to source() :  | url.swift:47:12:47:49 | ...! |
-| url.swift:39:16:39:23 | call to source() :  | url.swift:49:12:49:54 | ...! |
+| url.swift:39:16:39:23 | call to source() :  | url.swift:47:24:47:24 | tainted :  |
 | url.swift:39:16:39:23 | call to source() :  | url.swift:64:28:64:28 | tainted :  |
-| url.swift:39:16:39:23 | call to source() :  | url.swift:65:12:65:12 | ...! |
-| url.swift:39:16:39:23 | call to source() :  | url.swift:67:46:67:46 | urlTainted :  |
 | url.swift:41:19:41:38 | call to init(string:) :  | url.swift:44:12:44:12 | urlTainted |
-| url.swift:41:19:41:38 | call to init(string:) :  | url.swift:49:12:49:54 | ...! |
+| url.swift:41:19:41:38 | call to init(string:) :  | url.swift:49:43:49:43 | urlTainted :  |
 | url.swift:41:19:41:38 | call to init(string:) :  | url.swift:67:46:67:46 | urlTainted :  |
 | url.swift:41:31:41:31 | tainted :  | url.swift:8:2:8:25 | [summary param] 0 in init(string:) :  |
 | url.swift:41:31:41:31 | tainted :  | url.swift:8:8:8:16 | string :  |
 | url.swift:41:31:41:31 | tainted :  | url.swift:41:19:41:38 | call to init(string:) :  |
+| url.swift:47:12:47:48 | call to init(string:relativeTo:) :  | url.swift:47:12:47:49 | ...! |
+| url.swift:47:24:47:24 | tainted :  | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) :  |
+| url.swift:47:24:47:24 | tainted :  | url.swift:9:8:9:16 | string :  |
+| url.swift:47:24:47:24 | tainted :  | url.swift:47:12:47:48 | call to init(string:relativeTo:) :  |
+| url.swift:49:12:49:53 | call to init(string:relativeTo:) :  | url.swift:49:12:49:54 | ...! |
+| url.swift:49:43:49:43 | urlTainted :  | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) :  |
+| url.swift:49:43:49:43 | urlTainted :  | url.swift:9:24:9:39 | relativeTo :  |
+| url.swift:49:43:49:43 | urlTainted :  | url.swift:49:12:49:53 | call to init(string:relativeTo:) :  |
 | url.swift:64:16:64:35 | call to init(string:) :  | url.swift:65:12:65:12 | ...! |
 | url.swift:64:28:64:28 | tainted :  | url.swift:8:2:8:25 | [summary param] 0 in init(string:) :  |
 | url.swift:64:28:64:28 | tainted :  | url.swift:8:8:8:16 | string :  |
@@ -41,6 +49,10 @@ nodes
 | file://:0:0:0:0 | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  | semmle.label | [summary] to write: argument 1.parameter 0 in dataTask(with:completionHandler:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | semmle.label | [summary] to write: return (return) in init(string:) :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | semmle.label | [summary] to write: return (return) in init(string:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | semmle.label | [summary] to write: return (return) in init(string:relativeTo:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | semmle.label | [summary] to write: return (return) in init(string:relativeTo:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | semmle.label | [summary] to write: return (return) in init(string:relativeTo:) :  |
+| file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | semmle.label | [summary] to write: return (return) in init(string:relativeTo:) :  |
 | string.swift:5:11:5:18 | call to source() :  | semmle.label | call to source() :  |
 | string.swift:7:13:7:13 | "..." | semmle.label | "..." |
 | string.swift:9:13:9:13 | "..." | semmle.label | "..." |
@@ -61,14 +73,22 @@ nodes
 | try.swift:18:18:18:25 | call to source() :  | semmle.label | call to source() :  |
 | url.swift:8:2:8:25 | [summary param] 0 in init(string:) :  | semmle.label | [summary param] 0 in init(string:) :  |
 | url.swift:8:8:8:16 | string :  | semmle.label | string :  |
+| url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) :  | semmle.label | [summary param] 0 in init(string:relativeTo:) :  |
+| url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) :  | semmle.label | [summary param] 1 in init(string:relativeTo:) :  |
+| url.swift:9:8:9:16 | string :  | semmle.label | string :  |
+| url.swift:9:24:9:39 | relativeTo :  | semmle.label | relativeTo :  |
 | url.swift:26:2:29:55 | [summary param] 0 in dataTask(with:completionHandler:) :  | semmle.label | [summary param] 0 in dataTask(with:completionHandler:) :  |
 | url.swift:27:5:27:15 | url :  | semmle.label | url :  |
 | url.swift:39:16:39:23 | call to source() :  | semmle.label | call to source() :  |
 | url.swift:41:19:41:38 | call to init(string:) :  | semmle.label | call to init(string:) :  |
 | url.swift:41:31:41:31 | tainted :  | semmle.label | tainted :  |
 | url.swift:44:12:44:12 | urlTainted | semmle.label | urlTainted |
+| url.swift:47:12:47:48 | call to init(string:relativeTo:) :  | semmle.label | call to init(string:relativeTo:) :  |
 | url.swift:47:12:47:49 | ...! | semmle.label | ...! |
+| url.swift:47:24:47:24 | tainted :  | semmle.label | tainted :  |
+| url.swift:49:12:49:53 | call to init(string:relativeTo:) :  | semmle.label | call to init(string:relativeTo:) :  |
 | url.swift:49:12:49:54 | ...! | semmle.label | ...! |
+| url.swift:49:43:49:43 | urlTainted :  | semmle.label | urlTainted :  |
 | url.swift:64:16:64:35 | call to init(string:) :  | semmle.label | call to init(string:) :  |
 | url.swift:64:28:64:28 | tainted :  | semmle.label | tainted :  |
 | url.swift:65:12:65:12 | ...! | semmle.label | ...! |
@@ -78,6 +98,10 @@ nodes
 subpaths
 | url.swift:41:31:41:31 | tainted :  | url.swift:8:2:8:25 | [summary param] 0 in init(string:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | url.swift:41:19:41:38 | call to init(string:) :  |
 | url.swift:41:31:41:31 | tainted :  | url.swift:8:8:8:16 | string :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | url.swift:41:19:41:38 | call to init(string:) :  |
+| url.swift:47:24:47:24 | tainted :  | url.swift:9:2:9:43 | [summary param] 0 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | url.swift:47:12:47:48 | call to init(string:relativeTo:) :  |
+| url.swift:47:24:47:24 | tainted :  | url.swift:9:8:9:16 | string :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | url.swift:47:12:47:48 | call to init(string:relativeTo:) :  |
+| url.swift:49:43:49:43 | urlTainted :  | url.swift:9:2:9:43 | [summary param] 1 in init(string:relativeTo:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | url.swift:49:12:49:53 | call to init(string:relativeTo:) :  |
+| url.swift:49:43:49:43 | urlTainted :  | url.swift:9:24:9:39 | relativeTo :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:relativeTo:) :  | url.swift:49:12:49:53 | call to init(string:relativeTo:) :  |
 | url.swift:64:28:64:28 | tainted :  | url.swift:8:2:8:25 | [summary param] 0 in init(string:) :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | url.swift:64:16:64:35 | call to init(string:) :  |
 | url.swift:64:28:64:28 | tainted :  | url.swift:8:8:8:16 | string :  | file://:0:0:0:0 | [summary] to write: return (return) in init(string:) :  | url.swift:64:16:64:35 | call to init(string:) :  |
 #select
diff --git a/swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.expected b/swift/ql/test/query-tests/Security/CWE-079/UnsafeWebViewFetch.expected
