Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Swift: mass enable diff-informed data flow #18343

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Swift: mass enable diff-informed data flow #18343

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions swift/ql/lib/codeql/swift/regex/Regex.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -491,6 +491,12 @@ private module NSStringCompareOptionsFlagConfig implements DataFlow::ConfigSig {
isSink(node) and
c.getAReadContent() instanceof DataFlow::Content::CollectionContent
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// swift/ql/lib/codeql/swift/regex/Regex.qll:507: Flow call outside 'select' clause
none()
}
}

module NSStringCompareOptionsFlagFlow = DataFlow::Global<NSStringCompareOptionsFlagConfig>;
Expand Down
19 changes: 19 additions & 0 deletions swift/ql/lib/codeql/swift/regex/internal/RegexTracking.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ private module StringLiteralUseConfig implements DataFlow::ConfigSig {
// used to create a regular expression object
node = any(RegexCreation regexCreation).getStringInput()
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// swift/ql/lib/codeql/swift/regex/Regex.qll:53: Flow call outside 'select' clause
none()
}
}

module StringLiteralUseFlow = DataFlow::Global<StringLiteralUseConfig>;
Expand All @@ -47,6 +53,12 @@ private module RegexUseConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(RegexAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// swift/ql/lib/codeql/swift/regex/Regex.qll:350: Flow call outside 'select' clause
none()
}
}

module RegexUseFlow = DataFlow::Global<RegexUseConfig>;
Expand Down Expand Up @@ -102,6 +114,13 @@ private module RegexParseModeConfig implements DataFlow::StateConfigSig {
) {
none()
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// swift/ql/lib/codeql/swift/regex/Regex.qll:364: Flow call outside 'select' clause
// swift/ql/lib/codeql/swift/regex/Regex.qll:365: Flow call outside 'select' clause
none()
}
}

module RegexParseModeFlow = DataFlow::GlobalWithState<RegexParseModeConfig>;
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/CleartextLoggingQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
any(CleartextLoggingAdditionalFlowStep s).step(n1, n2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ module CleartextStorageDatabaseConfig implements DataFlow::ConfigSig {
node.asExpr().getType().getUnderlyingType() instanceof DictionaryType and
c.getAReadContent().(DataFlow::Content::TupleContent).getIndex() = 1
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ module CleartextStoragePreferencesConfig implements DataFlow::ConfigSig {
// make sources barriers so that we only report the closest instance
isSource(node)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
6 changes: 6 additions & 0 deletions swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,12 @@ private module ExcludeUrlConfig implements DataFlow::ConfigSig {
}

predicate isSink(DataFlow::Node node) { urlInit(_, node.asExpr()) }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll:90: Flow call outside 'select' clause
none()
}
}

private module ExcludeUrlFlow = TaintTracking::Global<ExcludeUrlConfig>;
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/CleartextTransmissionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ module CleartextTransmissionConfig implements DataFlow::ConfigSig {
// make sources barriers so that we only report the closest instance
isSource(node)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/CommandInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(CommandInjectionAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/ConstantPasswordQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ module ConstantPasswordConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(ConstantPasswordAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module ConstantPasswordFlow = TaintTracking::Global<ConstantPasswordConfig>;
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/ConstantSaltQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ module ConstantSaltConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(ConstantSaltAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module ConstantSaltFlow = TaintTracking::Global<ConstantSaltConfig>;
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/ECBEncryptionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ module EcbEncryptionConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(EcbEncryptionAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module EcbEncryptionFlow = DataFlow::Global<EcbEncryptionConfig>;
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ module HardcodedKeyConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(HardcodedEncryptionKeyAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module HardcodedKeyFlow = TaintTracking::Global<HardcodedKeyConfig>;
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/InsecureTLSQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ module InsecureTlsConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(InsecureTlsExtensionsAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module InsecureTlsFlow = TaintTracking::Global<InsecureTlsConfig>;
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/InsufficientHashIterationsQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ module InsufficientHashIterationsConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(InsufficientHashIterationsAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module InsufficientHashIterationsFlow = TaintTracking::Global<InsufficientHashIterationsConfig>;
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/PathInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ module PathInjectionConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
any(PathInjectionAdditionalFlowStep s).step(node1, node2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/PredicateInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ module PredicateInjectionConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
any(PredicateInjectionAdditionalFlowStep s).step(n1, n2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/SqlInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(SqlInjectionAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/StaticInitializationVectorQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ module StaticInitializationVectorConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(StaticInitializationVectorAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module StaticInitializationVectorFlow = TaintTracking::Global<StaticInitializationVectorConfig>;
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/StringLengthConflationQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@ module StringLengthConflationConfig implements DataFlow::StateConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(StringLengthConflationAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/UncontrolledFormatStringQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ module TaintedFormatConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(UncontrolledFormatStringAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/UnsafeJsEvalQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ module UnsafeJsEvalConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(UnsafeJsEvalAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/UnsafeUnpackQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ module UnsafeUnpackConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(UnsafeUnpackAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
8 changes: 8 additions & 0 deletions swift/ql/lib/codeql/swift/security/UnsafeWebViewFetchQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,14 @@ module UnsafeWebViewFetchConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(UnsafeWebViewFetchAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql:39: Column 1 does not select a source or sink originating from the flow call on line 36
// swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql:39: Column 2 does not select a source or sink originating from the flow call on line 36
// swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql:39: Column 3 does not select a source or sink originating from the flow call on line 36
none()
}
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/WeakPasswordHashingQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ module WeakPasswordHashingConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(WeakPasswordHashingAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module WeakPasswordHashingFlow = TaintTracking::Global<WeakPasswordHashingConfig>;
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ module WeakSensitiveDataHashingConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(WeakSensitiveDataHashingAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

deprecated module WeakHashingConfig = WeakSensitiveDataHashingConfig;
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/XXEQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ module XxeConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
any(XxeAdditionalFlowStep s).step(n1, n2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/security/regex/RegexInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ module RegexInjectionConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(RegexInjectionAdditionalFlowStep s).step(nodeFrom, nodeTo)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
20 changes: 20 additions & 0 deletions swift/ql/lib/utils/test/InlineFlowTest.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,12 +61,32 @@ module DefaultFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { defaultSource(source) }

predicate isSink(DataFlow::Node sink) { defaultSink(sink) }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// swift/ql/lib/utils/test/InlineFlowTest.qll:98: Flow call outside 'select' clause
// swift/ql/lib/utils/test/InlineFlowTest.qll:108: Flow call outside 'select' clause
// swift/ql/lib/utils/test/InlineFlowTest.qll:108: Flow call outside 'select' clause
// swift/ql/lib/utils/test/InlineFlowTest.qll:123: Flow call outside 'select' clause
// swift/ql/lib/utils/test/InlineFlowTest.qll:124: Flow call outside 'select' clause
none()
}
}

module NoFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { none() }

predicate isSink(DataFlow::Node sink) { none() }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// swift/ql/lib/utils/test/InlineFlowTest.qll:98: Flow call outside 'select' clause
// swift/ql/lib/utils/test/InlineFlowTest.qll:108: Flow call outside 'select' clause
// swift/ql/lib/utils/test/InlineFlowTest.qll:108: Flow call outside 'select' clause
// swift/ql/lib/utils/test/InlineFlowTest.qll:123: Flow call outside 'select' clause
// swift/ql/lib/utils/test/InlineFlowTest.qll:124: Flow call outside 'select' clause
none()
}
}

private signature string valueFlowTagSig();
Expand Down
6 changes: 6 additions & 0 deletions swift/ql/src/queries/Summary/TaintReach.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ module TaintReachConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node instanceof FlowSource }

predicate isSink(DataFlow::Node node) { any() }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// swift/ql/src/queries/Summary/TaintReach.ql:30: Flow call outside 'select' clause
none()
}
}

module TaintReachFlow = TaintTracking::Global<TaintReachConfig>;
Expand Down
Loading