Skip to content

Commit 02f7314

Browse files
MathiasVPMathiasVP
authored
Merge pull request #14354 from geoffw0/conversions2
Swift: Improve models for Numeric, RangeReplaceableCollection
2 parents f657071 + 0374414 commit 02f7314

File tree

7 files changed

+727
-379
lines changed

7 files changed

+727
-379
lines changed

swift/ql/lib/change-notes/2023-09-29-numeric-models.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
5+
* Improved taint models for `Numeric` types and `RangeReplaceableCollection`s.

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Array.qll

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,9 +19,6 @@ private class ArraySummaries extends SummaryModelCsv {
1919
override predicate row(string row) {
2020
row =
2121
[
22-
";Array;true;init(_:);;;Argument[0];ReturnValue.CollectionElement;value",
23-
";Array;true;init(_:);;;Argument[0].CollectionElement;ReturnValue.CollectionElement;value",
24-
";Array;true;init(repeating:count:);;;Argument[0];ReturnValue.CollectionElement;value",
2522
";Array;true;init(arrayLiteral:);;;Argument[0].CollectionElement;ReturnValue.CollectionElement;value",
2623
";Array;true;insert(_:at:);;;Argument[0];Argument[-1].CollectionElement;value",
2724
";Array;true;insert(_:at:);;;Argument[1];Argument[-1];taint",

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ private class CollectionSummaries extends SummaryModelCsv {
2727
";Collection;true;removeFirst();;;Argument[-1];ReturnValue;taint",
2828
";Collection;true;popFirst();;;Argument[-1];ReturnValue;taint",
2929
";Collection;true;randomElement();;;Argument[-1].CollectionElement;ReturnValue.OptionalSome;value",
30+
";RangeReplaceableCollection;true;init(_:);;;Argument[0];ReturnValue.CollectionElement;taint",
31+
";RangeReplaceableCollection;true;init(_:);;;Argument[0].CollectionElement;ReturnValue.CollectionElement;value",
32+
";RangeReplaceableCollection;true;init(repeating:count:);;;Argument[0];ReturnValue.CollectionElement;value",
3033
";RangeReplaceableCollection;true;append(_:);;;Argument[0];Argument[-1];taint",
3134
";RangeReplaceableCollection;true;append(contentsOf:);;;Argument[0];Argument[-1];taint",
3235
";RangeReplaceableCollection;true;remove(at:);;;Argument[-1];ReturnValue;taint",

swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Numeric.qll

Lines changed: 64 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,21 +17,58 @@ private class NumericSummaries extends SummaryModelCsv {
1717
";;false;numericCast(_:);;;Argument[0];ReturnValue;taint",
1818
";;false;unsafeDowncast(_:to:);;;Argument[0];ReturnValue;taint",
1919
";;false;unsafeBitCast(_:to:);;;Argument[0];ReturnValue;taint",
20+
";;false;min(_:_:);;;Argument[0..1];ReturnValue;taint",
21+
";;false;min(_:_:_:_:);;;Argument[0..2];ReturnValue;taint",
22+
";;false;min(_:_:_:_:);;;Argument[3].CollectionElement;ReturnValue;taint",
23+
";;false;max(_:_:);;;Argument[0..1];ReturnValue;taint",
24+
";;false;max(_:_:_:_:);;;Argument[0..2];ReturnValue;taint",
25+
";;false;max(_:_:_:_:);;;Argument[3].CollectionElement;ReturnValue;taint",
26+
";;false;abs(_:);;;Argument[0];ReturnValue;taint",
2027
";Numeric;true;init(exactly:);;;Argument[0];ReturnValue.OptionalSome;value",
21-
";Numeric;true;init(bitPattern:);;;Argument[0];ReturnValue;taint",
28+
";Numeric;true;init(bitPattern:);;;Argument[0];ReturnValue;taint", // actually implemented in Int, UInt, Double etc.
29+
";Numeric;true;init(truncating:);;;Argument[0];ReturnValue;taint", // actually implemented in Int, UInt, Double etc.
2230
";BinaryInteger;true;init(_:);;;Argument[0];ReturnValue;taint",
2331
";BinaryInteger;true;init(clamping:);;;Argument[0];ReturnValue;taint",
2432
";BinaryInteger;true;init(truncatingIfNeeded:);;;Argument[0];ReturnValue;taint",
2533
";BinaryInteger;true;init(_:format:lenient:);;;Argument[0];ReturnValue;taint",
2634
";BinaryInteger;true;init(_:strategy:);;;Argument[0];ReturnValue;taint",
2735
";BinaryInteger;true;formatted();;;Argument[-1];ReturnValue;taint",
2836
";BinaryInteger;true;formatted(_:);;;Argument[-1];ReturnValue;taint",
29-
";FixedWidthInteger;true;init(_:radix:);;;Argument[0];ReturnValue;taint",
37+
";BinaryInteger;true;quotientAndRemainder(dividingBy:);;;Argument[-1..0];ReturnValue.TupleElement[0,1];taint",
38+
";FixedWidthInteger;true;init(_:radix:);;;Argument[0];ReturnValue.OptionalSome;taint",
3039
";FixedWidthInteger;true;init(littleEndian:);;;Argument[0];ReturnValue;taint",
3140
";FixedWidthInteger;true;init(bigEndian:);;;Argument[0];ReturnValue;taint",
41+
";FixedWidthInteger;true;addingReportingOverflow(_:);;;Argument[-1..0];ReturnValue.TupleElement[0];taint",
42+
";FixedWidthInteger;true;subtractingReportingOverflow(_:);;;Argument[-1..0];ReturnValue.TupleElement[0];taint",
43+
";FixedWidthInteger;true;multipliedReportingOverflow(by:);;;Argument[-1..0];ReturnValue.TupleElement[0];taint",
44+
";FixedWidthInteger;true;dividedReportingOverflow(by:);;;Argument[-1..0];ReturnValue.TupleElement[0];taint",
45+
";FixedWidthInteger;true;remainderReportingOverflow(dividingBy:);;;Argument[-1..0];ReturnValue.TupleElement[0];taint",
46+
";FixedWidthInteger;true;dividingFullWidth(_:);;;Argument[-1];ReturnValue.TupleElement[0,1];taint",
47+
";FixedWidthInteger;true;dividingFullWidth(_:);;;Argument[1].TupleElement[0,1];ReturnValue.TupleElement[0,1];taint",
48+
";FixedWidthInteger;true;multipliedFullWidth(by:);;;Argument[-1..0];ReturnValue.TupleElement[0,1];taint",
3249
";FloatingPoint;true;init(_:);;;Argument[0];ReturnValue;taint",
3350
";FloatingPoint;true;init(sign:exponent:significand:);;;Argument[1..2];ReturnValue;taint",
3451
";FloatingPoint;true;init(signOf:magnitudeOf:);;;Argument[1];ReturnValue;taint",
52+
";FloatingPoint;true;addProduct(_:_:);;;Argument[-1..1];Argument[-1];taint",
53+
";FloatingPoint;true;addingProduct(_:_:);;;Argument[-1..1];ReturnValue;taint",
54+
";FloatingPoint;true;formRemainder(dividingBy:);;;Argument[-1..0];Argument[-1];taint",
55+
";FloatingPoint;true;remainder(dividingBy:);;;Argument[-1..0];ReturnValue;taint",
56+
";FloatingPoint;true;formTruncatingRemainder(dividingBy:);;;Argument[-1..0];Argument[-1];taint",
57+
";FloatingPoint;true;truncatingRemainder(dividingBy:);;;Argument[-1..0];ReturnValue;taint",
58+
";FloatingPoint;true;rounded();;;Argument[-1];ReturnValue;taint",
59+
";FloatingPoint;true;rounded(_:);;;Argument[-1];ReturnValue;taint",
60+
";FloatingPoint;true;squareRoot();;;Argument[-1];ReturnValue;taint",
61+
";FloatingPoint;true;maximum(_:_:);;;Argument[0..1];ReturnValue;taint",
62+
";FloatingPoint;true;maximumMagnitude(_:_:);;;Argument[0..1];ReturnValue;taint",
63+
";FloatingPoint;true;minimum(_:_:);;;Argument[0..1];ReturnValue;taint",
64+
";FloatingPoint;true;minimumMagnitude(_:_:);;;Argument[0..1];ReturnValue;taint",
65+
";BinaryFloatingPoint;true;init(sign:exponentBitPattern:significandBitPattern:);;;Argument[0..2];ReturnValue;taint",
66+
";BinaryFloatingPoint;true;init(_:format:lenient:);;;Argument[0];ReturnValue;taint",
67+
";BinaryFloatingPoint;true;init(_:strategy:);;;Argument[0];ReturnValue;taint",
68+
";BinaryFloatingPoint;true;formatted();;;Argument[-1];ReturnValue;taint",
69+
";BinaryFloatingPoint;true;formatted(_:);;;Argument[-1];ReturnValue;taint",
70+
";Strideable;true;advanced(by:);;;Argument[-1..0];ReturnValue;taint",
71+
";Strideable;true;distance(to:);;;Argument[-1..0];ReturnValue;taint",
3572
]
3673
}
3774
}
@@ -44,10 +81,30 @@ private class NumericFieldsInheritTaint extends TaintInheritingContent,
4481
DataFlow::Content::FieldContent
4582
{
4683
NumericFieldsInheritTaint() {
47-
this.getField().hasQualifiedName("FixedWidthInteger", ["littleEndian", "bigEndian"])
48-
or
49-
this.getField()
50-
.hasQualifiedName(["Double", "Float", "Float80", "FloatingPoint"],
51-
["exponent", "significand"])
84+
exists(string className, string fieldName |
85+
(
86+
className = "FixedWidthInteger" and
87+
fieldName = ["littleEndian", "bigEndian"]
88+
or
89+
className = "FloatingPoint" and
90+
fieldName = ["exponent", "significand"]
91+
or
92+
className = "BinaryInteger" and
93+
fieldName = "words"
94+
or
95+
className = "Numeric" and
96+
fieldName = ["magnitude", "byteSwapped"]
97+
or
98+
className = "BinaryFloatingPoint" and
99+
fieldName = ["binade", "exponentBitPattern", "significandBitPattern"]
100+
) and
101+
exists(FieldDecl fieldDecl, Decl declaringDecl, TypeDecl namedTypeDecl |
102+
namedTypeDecl.getFullName() = className and
103+
fieldDecl.getName() = fieldName and
104+
declaringDecl.getAMember() = fieldDecl and
105+
declaringDecl.asNominalTypeDecl() = namedTypeDecl.getADerivedTypeDecl*() and
106+
this.getField() = fieldDecl
107+
)
108+
)
52109
}
53110
}

0 commit comments

Comments
 (0)