Swift: Add consistent CSV extension points.

geoffw0 · geoffw0 · commit 5375678ca663 · 2023-01-24T18:49:50.000Z
diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll
@@ -25,6 +25,9 @@ class CleartextLoggingAdditionalTaintStep extends Unit {
   abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
 }
 
+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultCleartextLoggingSink extends CleartextLoggingSink {
   DefaultCleartextLoggingSink() { sinkNode(this, "logging") }
 }
diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
@@ -29,6 +29,9 @@ class PathInjectionAdditionalTaintStep extends Unit {
   abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
 }
 
+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultPathInjectionSink extends PathInjectionSink {
   DefaultPathInjectionSink() { sinkNode(this, "path-injection") }
 }
diff --git a/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PredicateInjectionExtensions.qll
@@ -24,6 +24,9 @@ class PredicateInjectionAdditionalTaintStep extends Unit {
   abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
 }
 
+/**
+ * A sink defined in a CSV model.
+ */
 private class DefaultPredicateInjectionSink extends PredicateInjectionSink {
   DefaultPredicateInjectionSink() { sinkNode(this, "predicate-injection") }
 }
diff --git a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll
@@ -34,7 +34,7 @@ private class DefaultUncontrolledFormatStringSink extends UncontrolledFormatStri
     // the format argument to a `FormattingFunctionCall`.
     this.asExpr() = any(FormattingFunctionCall fc).getFormat()
     or
-    // a sink defined in a Csv model.
+    // a sink defined in a CSV model.
     sinkNode(this, "uncontrolled-format-string")
   }
 }
diff --git a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll
@@ -4,6 +4,7 @@ import swift
 private import codeql.swift.dataflow.DataFlow
 private import codeql.swift.frameworks.AEXML
 private import codeql.swift.frameworks.Libxml2
+private import codeql.swift.dataflow.ExternalFlow
 
 /** A data flow sink for XML external entities (XXE) vulnerabilities. */
 abstract class XxeSink extends DataFlow::Node { }
@@ -201,3 +202,10 @@ private predicate lib2xmlOptionLocalTaintStep(DataFlow::Node source, DataFlow::N
     source.asExpr() = int32Init.getAnArgument().getExpr() and sink.asExpr() = int32Init
   )
 }
+
+/**
+ * A sink defined in a CSV model.
+ */
+private class DefaultXxeSink extends XxeSink {
+  DefaultXxeSink() { sinkNode(this, "xxe") }
+}

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,9 @@ class CleartextLoggingAdditionalTaintStep extends Unit {`
`25`	`25`	`abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);`
`26`	`26`	`}`
`27`	`27`
	`28`	`+/**`
	`29`	`+ * A sink defined in a CSV model.`
	`30`	`+ */`
`28`	`31`	`private class DefaultCleartextLoggingSink extends CleartextLoggingSink {`
`29`	`32`	`DefaultCleartextLoggingSink() { sinkNode(this, "logging") }`
`30`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,9 @@ class PathInjectionAdditionalTaintStep extends Unit {`
`29`	`29`	`abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);`
`30`	`30`	`}`
`31`	`31`
	`32`	`+/**`
	`33`	`+ * A sink defined in a CSV model.`
	`34`	`+ */`
`32`	`35`	`private class DefaultPathInjectionSink extends PathInjectionSink {`
`33`	`36`	`DefaultPathInjectionSink() { sinkNode(this, "path-injection") }`
`34`	`37`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,9 @@ class PredicateInjectionAdditionalTaintStep extends Unit {`
`24`	`24`	`abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);`
`25`	`25`	`}`
`26`	`26`
	`27`	`+/**`
	`28`	`+ * A sink defined in a CSV model.`
	`29`	`+ */`
`27`	`30`	`private class DefaultPredicateInjectionSink extends PredicateInjectionSink {`
`28`	`31`	`DefaultPredicateInjectionSink() { sinkNode(this, "predicate-injection") }`
`29`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ private class DefaultUncontrolledFormatStringSink extends UncontrolledFormatStri`
`34`	`34`	// the format argument to a `FormattingFunctionCall`.
`35`	`35`	`this.asExpr() = any(FormattingFunctionCall fc).getFormat()`
`36`	`36`	`or`
`37`		`- // a sink defined in a Csv model.`
	`37`	`+ // a sink defined in a CSV model.`
`38`	`38`	`sinkNode(this, "uncontrolled-format-string")`
`39`	`39`	`}`
`40`	`40`	`}`