Swift: Realm database support.

geoffw0 · geoffw0 · commit 698a9e2e2e2b · 2022-08-25T22:15:18.000+01:00
diff --git a/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql b/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
@@ -16,8 +16,14 @@ import codeql.swift.dataflow.DataFlow
 import codeql.swift.dataflow.TaintTracking
 import DataFlow::PathGraph
 
+/**
+ * An `Expr` that is stored in a local database.
+ */
 abstract class Stored extends Expr { }
 
+/**
+ * An `Expr` that is stored with the Core Data library.
+ */
 class CoreDataStore extends Stored {
   CoreDataStore() {
     // `content` arg to `NWConnection.send` is a sink
@@ -31,6 +37,31 @@ class CoreDataStore extends Stored {
   }
 }
 
+/**
+ * An `Expr` that is stored with the Realm database library.
+ */
+class RealmStore extends Stored {
+  RealmStore() {
+    // `object` arg to `Realm.add` is a sink
+    exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |
+      c.getName() = "Realm" and
+      c.getAMember() = f and
+      f.getName() = ["add(_:update:)"] and
+      call.getFunction().(ApplyExpr).getStaticTarget() = f and
+      call.getArgument(0).getExpr() = this
+    )
+    or
+    // `value` arg to `Realm.create` is a sink
+    exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |
+      c.getName() = "Realm" and
+      c.getAMember() = f and
+      f.getName() = ["create(_:value:update:)"] and
+      call.getFunction().(ApplyExpr).getStaticTarget() = f and
+      call.getArgument(1).getExpr() = this
+    )
+  }
+}
+
 /**
  * A taint configuration from sensitive information to expressions that are
  * transmitted over a network.
