Swift: Fix issues.

geoffw0 · geoffw0 · commit 430a8e141df8 · 2022-08-30T18:04:12.000+01:00
diff --git a/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql b/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
@@ -32,7 +32,7 @@ class CoreDataStore extends Stored {
       c.getName() = "NSManagedObject" and
       c.getAMember() = f and
       f.getName() = ["setValue(_:forKey:)", "setPrimitiveValue(_:forKey:)"] and
-      call.getFunction().(ApplyExpr).getStaticTarget() = f and
+      call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this
     )
   }
@@ -48,7 +48,7 @@ class RealmStore extends Stored {
       c.getName() = "Realm" and
       c.getAMember() = f and
       f.getName() = "add(_:update:)" and
-      call.getFunction().(ApplyExpr).getStaticTarget() = f and
+      call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this
     )
     or
@@ -57,7 +57,7 @@ class RealmStore extends Stored {
       c.getName() = "Realm" and
       c.getAMember() = f and
       f.getName() = "create(_:value:update:)" and
-      call.getFunction().(ApplyExpr).getStaticTarget() = f and
+      call.getStaticTarget() = f and
       call.getArgument(1).getExpr() = this
     )
   }
@@ -90,7 +90,7 @@ class CleartextStorageConfig extends TaintTracking::Configuration {
     // flow out from field accesses, i.e. `a.b` -> `a`
     exists(MemberRefExpr m |
       node1.asExpr() = m and // `a.b`
-      node2.asExpr() = m.getBaseExpr() // `a`
+      node2.asExpr() = m.getImmediateBase() // `a`
     )
     or
     // flow through assignment (!)
diff --git a/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql b/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
@@ -32,7 +32,7 @@ class NWConnectionSend extends Transmitted {
       c.getName() = "NWConnection" and
       c.getAMember() = f and
       f.getName() = "send(content:contentContext:isComplete:completion:)" and
-      call.getFunction().(ApplyExpr).getStaticTarget() = f and
+      call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this
     )
   }
@@ -50,7 +50,7 @@ class URL extends Transmitted {
       c.getName() = "URL" and
       c.getAMember() = f and
       f.getName() = ["init(string:)", "init(string:relativeTo:)"] and
-      call.getFunction().(ApplyExpr).getStaticTarget() = f and
+      call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this
     )
   }
diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected
@@ -1,8 +1,10 @@
 edges
-| testCoreData.swift:37:14:37:22 | WriteDef :  | testCoreData.swift:37:49:37:49 | data :  |
+| testCoreData.swift:18:19:18:26 | value :  | testCoreData.swift:19:12:19:12 | value |
+| testCoreData.swift:31:3:31:3 | newValue :  | testCoreData.swift:32:13:32:13 | newValue |
 | testCoreData.swift:37:14:37:22 | data :  | testCoreData.swift:37:49:37:49 | data :  |
-| testCoreData.swift:38:11:38:23 | WriteDef :  | testCoreData.swift:38:1:38:33 | data[return] :  |
 | testCoreData.swift:38:11:38:23 | data :  | testCoreData.swift:38:1:38:33 | data[return] :  |
+| testCoreData.swift:61:25:61:25 | password :  | testCoreData.swift:18:19:18:26 | value :  |
+| testCoreData.swift:64:16:64:16 | password :  | testCoreData.swift:31:3:31:3 | newValue :  |
 | testCoreData.swift:77:24:77:24 | x :  | testCoreData.swift:78:15:78:15 | x |
 | testCoreData.swift:80:10:80:22 | call to getPassword() :  | testCoreData.swift:81:15:81:15 | y |
 | testCoreData.swift:91:10:91:10 | passwd :  | testCoreData.swift:95:15:95:15 | x |
@@ -11,29 +13,27 @@ edges
 | testCoreData.swift:92:10:92:10 | passwd :  | testCoreData.swift:100:13:100:14 | &... :  |
 | testCoreData.swift:93:10:93:10 | passwd :  | testCoreData.swift:97:15:97:15 | z |
 | testCoreData.swift:99:6:99:15 | call to encrypt(_:) :  | testCoreData.swift:103:15:103:15 | x |
-| testCoreData.swift:99:14:99:14 | x :  | testCoreData.swift:37:14:37:22 | WriteDef :  |
 | testCoreData.swift:99:14:99:14 | x :  | testCoreData.swift:37:14:37:22 | data :  |
 | testCoreData.swift:99:14:99:14 | x :  | testCoreData.swift:99:6:99:15 | call to encrypt(_:) :  |
 | testCoreData.swift:100:7:100:14 | data: &... :  | testCoreData.swift:104:15:104:15 | y |
-| testCoreData.swift:100:13:100:14 | &... :  | testCoreData.swift:38:11:38:23 | WriteDef :  |
 | testCoreData.swift:100:13:100:14 | &... :  | testCoreData.swift:38:11:38:23 | data :  |
 | testCoreData.swift:100:13:100:14 | &... :  | testCoreData.swift:100:7:100:14 | data: &... :  |
 | testRealm.swift:34:11:34:11 | myPassword :  | testRealm.swift:35:12:35:12 | a |
 | testRealm.swift:42:11:42:11 | myPassword :  | testRealm.swift:43:47:43:47 | c |
 nodes
-| testCoreData.swift:37:14:37:22 | WriteDef :  | semmle.label | WriteDef :  |
-| testCoreData.swift:37:14:37:22 | WriteDef :  | semmle.label | data :  |
-| testCoreData.swift:37:14:37:22 | data :  | semmle.label | WriteDef :  |
+| testCoreData.swift:18:19:18:26 | value :  | semmle.label | value :  |
+| testCoreData.swift:19:12:19:12 | value | semmle.label | value |
+| testCoreData.swift:31:3:31:3 | newValue :  | semmle.label | newValue :  |
+| testCoreData.swift:32:13:32:13 | newValue | semmle.label | newValue |
 | testCoreData.swift:37:14:37:22 | data :  | semmle.label | data :  |
 | testCoreData.swift:37:49:37:49 | data :  | semmle.label | data :  |
 | testCoreData.swift:38:1:38:33 | data[return] :  | semmle.label | data[return] :  |
-| testCoreData.swift:38:11:38:23 | WriteDef :  | semmle.label | WriteDef :  |
-| testCoreData.swift:38:11:38:23 | WriteDef :  | semmle.label | data :  |
-| testCoreData.swift:38:11:38:23 | data :  | semmle.label | WriteDef :  |
 | testCoreData.swift:38:11:38:23 | data :  | semmle.label | data :  |
 | testCoreData.swift:48:15:48:15 | password | semmle.label | password |
 | testCoreData.swift:51:24:51:24 | password | semmle.label | password |
 | testCoreData.swift:58:15:58:15 | password | semmle.label | password |
+| testCoreData.swift:61:25:61:25 | password :  | semmle.label | password :  |
+| testCoreData.swift:64:16:64:16 | password :  | semmle.label | password :  |
 | testCoreData.swift:77:24:77:24 | x :  | semmle.label | x :  |
 | testCoreData.swift:78:15:78:15 | x | semmle.label | x |
 | testCoreData.swift:80:10:80:22 | call to getPassword() :  | semmle.label | call to getPassword() :  |
@@ -56,11 +56,11 @@ nodes
 | testRealm.swift:42:11:42:11 | myPassword :  | semmle.label | myPassword :  |
 | testRealm.swift:43:47:43:47 | c | semmle.label | c |
 subpaths
-| testCoreData.swift:99:14:99:14 | x :  | testCoreData.swift:37:14:37:22 | WriteDef :  | testCoreData.swift:37:49:37:49 | data :  | testCoreData.swift:99:6:99:15 | call to encrypt(_:) :  |
 | testCoreData.swift:99:14:99:14 | x :  | testCoreData.swift:37:14:37:22 | data :  | testCoreData.swift:37:49:37:49 | data :  | testCoreData.swift:99:6:99:15 | call to encrypt(_:) :  |
-| testCoreData.swift:100:13:100:14 | &... :  | testCoreData.swift:38:11:38:23 | WriteDef :  | testCoreData.swift:38:1:38:33 | data[return] :  | testCoreData.swift:100:7:100:14 | data: &... :  |
 | testCoreData.swift:100:13:100:14 | &... :  | testCoreData.swift:38:11:38:23 | data :  | testCoreData.swift:38:1:38:33 | data[return] :  | testCoreData.swift:100:7:100:14 | data: &... :  |
 #select
+| testCoreData.swift:19:12:19:12 | value | testCoreData.swift:61:25:61:25 | password :  | testCoreData.swift:19:12:19:12 | value | This operation stores 'value' in a database. It may contain unencrypted sensitive data from $@ | testCoreData.swift:61:25:61:25 | password :  | password |
+| testCoreData.swift:32:13:32:13 | newValue | testCoreData.swift:64:16:64:16 | password :  | testCoreData.swift:32:13:32:13 | newValue | This operation stores 'newValue' in a database. It may contain unencrypted sensitive data from $@ | testCoreData.swift:64:16:64:16 | password :  | password |
 | testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@ | testCoreData.swift:48:15:48:15 | password | password |
 | testCoreData.swift:51:24:51:24 | password | testCoreData.swift:51:24:51:24 | password | testCoreData.swift:51:24:51:24 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@ | testCoreData.swift:51:24:51:24 | password | password |
 | testCoreData.swift:58:15:58:15 | password | testCoreData.swift:58:15:58:15 | password | testCoreData.swift:58:15:58:15 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@ | testCoreData.swift:58:15:58:15 | password | password |
diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected
@@ -1,16 +1,16 @@
 edges
-| testURL.swift:13:54:13:54 | passwd :  | testURL.swift:13:22:13:54 | ... call to +(_:_:) ... |
-| testURL.swift:16:55:16:55 | credit_card_no :  | testURL.swift:16:22:16:55 | ... call to +(_:_:) ... |
+| testURL.swift:13:54:13:54 | passwd :  | testURL.swift:13:22:13:54 | ... .+(_:_:) ... |
+| testURL.swift:16:55:16:55 | credit_card_no :  | testURL.swift:16:22:16:55 | ... .+(_:_:) ... |
 nodes
 | testSend.swift:29:19:29:19 | passwordPlain | semmle.label | passwordPlain |
-| testURL.swift:13:22:13:54 | ... call to +(_:_:) ... | semmle.label | ... call to +(_:_:) ... |
+| testURL.swift:13:22:13:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
 | testURL.swift:13:54:13:54 | passwd :  | semmle.label | passwd :  |
-| testURL.swift:16:22:16:55 | ... call to +(_:_:) ... | semmle.label | ... call to +(_:_:) ... |
+| testURL.swift:16:22:16:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
 | testURL.swift:16:55:16:55 | credit_card_no :  | semmle.label | credit_card_no :  |
 | testURL.swift:20:22:20:22 | passwd | semmle.label | passwd |
 subpaths
 #select
 | testSend.swift:29:19:29:19 | passwordPlain | testSend.swift:29:19:29:19 | passwordPlain | testSend.swift:29:19:29:19 | passwordPlain | This operation transmits 'passwordPlain', which may contain unencrypted sensitive data from $@ | testSend.swift:29:19:29:19 | passwordPlain | passwordPlain |
-| testURL.swift:13:22:13:54 | ... call to +(_:_:) ... | testURL.swift:13:54:13:54 | passwd :  | testURL.swift:13:22:13:54 | ... call to +(_:_:) ... | This operation transmits '... call to +(_:_:) ...', which may contain unencrypted sensitive data from $@ | testURL.swift:13:54:13:54 | passwd :  | passwd |
-| testURL.swift:16:22:16:55 | ... call to +(_:_:) ... | testURL.swift:16:55:16:55 | credit_card_no :  | testURL.swift:16:22:16:55 | ... call to +(_:_:) ... | This operation transmits '... call to +(_:_:) ...', which may contain unencrypted sensitive data from $@ | testURL.swift:16:55:16:55 | credit_card_no :  | credit_card_no |
+| testURL.swift:13:22:13:54 | ... .+(_:_:) ... | testURL.swift:13:54:13:54 | passwd :  | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@ | testURL.swift:13:54:13:54 | passwd :  | passwd |
+| testURL.swift:16:22:16:55 | ... .+(_:_:) ... | testURL.swift:16:55:16:55 | credit_card_no :  | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@ | testURL.swift:16:55:16:55 | credit_card_no :  | credit_card_no |
 | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | This operation transmits 'passwd', which may contain unencrypted sensitive data from $@ | testURL.swift:20:22:20:22 | passwd | passwd |

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ class CoreDataStore extends Stored {`
`32`	`32`	`c.getName() = "NSManagedObject" and`
`33`	`33`	`c.getAMember() = f and`
`34`	`34`	`f.getName() = ["setValue(_:forKey:)", "setPrimitiveValue(_:forKey:)"] and`
`35`		`- call.getFunction().(ApplyExpr).getStaticTarget() = f and`
	`35`	`+ call.getStaticTarget() = f and`
`36`	`36`	`call.getArgument(0).getExpr() = this`
`37`	`37`	`)`
`38`	`38`	`}`
`@@ -48,7 +48,7 @@ class RealmStore extends Stored {`
`48`	`48`	`c.getName() = "Realm" and`
`49`	`49`	`c.getAMember() = f and`
`50`	`50`	`f.getName() = "add(_:update:)" and`
`51`		`- call.getFunction().(ApplyExpr).getStaticTarget() = f and`
	`51`	`+ call.getStaticTarget() = f and`
`52`	`52`	`call.getArgument(0).getExpr() = this`
`53`	`53`	`)`
`54`	`54`	`or`
`@@ -57,7 +57,7 @@ class RealmStore extends Stored {`
`57`	`57`	`c.getName() = "Realm" and`
`58`	`58`	`c.getAMember() = f and`
`59`	`59`	`f.getName() = "create(_:value:update:)" and`
`60`		`- call.getFunction().(ApplyExpr).getStaticTarget() = f and`
	`60`	`+ call.getStaticTarget() = f and`
`61`	`61`	`call.getArgument(1).getExpr() = this`
`62`	`62`	`)`
`63`	`63`	`}`
`@@ -90,7 +90,7 @@ class CleartextStorageConfig extends TaintTracking::Configuration {`
`90`	`90`	// flow out from field accesses, i.e. `a.b` -> `a`
`91`	`91`	`exists(MemberRefExpr m \|`
`92`	`92`	node1.asExpr() = m and // `a.b`
`93`		- node2.asExpr() = m.getBaseExpr() // `a`
	`93`	+ node2.asExpr() = m.getImmediateBase() // `a`
`94`	`94`	`)`
`95`	`95`	`or`
`96`	`96`	`// flow through assignment (!)`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ class NWConnectionSend extends Transmitted {`
`32`	`32`	`c.getName() = "NWConnection" and`
`33`	`33`	`c.getAMember() = f and`
`34`	`34`	`f.getName() = "send(content:contentContext:isComplete:completion:)" and`
`35`		`- call.getFunction().(ApplyExpr).getStaticTarget() = f and`
	`35`	`+ call.getStaticTarget() = f and`
`36`	`36`	`call.getArgument(0).getExpr() = this`
`37`	`37`	`)`
`38`	`38`	`}`
`@@ -50,7 +50,7 @@ class URL extends Transmitted {`
`50`	`50`	`c.getName() = "URL" and`
`51`	`51`	`c.getAMember() = f and`
`52`	`52`	`f.getName() = ["init(string:)", "init(string:relativeTo:)"] and`
`53`		`- call.getFunction().(ApplyExpr).getStaticTarget() = f and`
	`53`	`+ call.getStaticTarget() = f and`
`54`	`54`	`call.getArgument(0).getExpr() = this`
`55`	`55`	`)`
`56`	`56`	`}`