Merge pull request #10903 from geoffw0/review

Swift: Add some summary queries.

Author: geoffw0

swift/ql/src/queries/Summary/FlowSources.ql

@@ -0,0 +1,16 @@
+/**
+ * @name Flow Sources
+ * @description List all flow sources found in the database. Flow sources
+ *              indicate data that originates from an untrusted source, such
+ *              as as untrusted remote data.
+ * @kind problem
+ * @problem.severity info
+ * @id swift/summary/flow-sources
+ * @tags summary
+ */
+
+import swift
+import codeql.swift.dataflow.FlowSources
+
+from RemoteFlowSource s
+select s, "Flow source: " + s.getSourceType()

swift/ql/src/queries/Summary/SensitiveExprs.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Sensitive Expressions
+ * @description List all sensitive expressions found in the database.
+ *              Sensitive expressions are expressions that have been
+ *              identified as potentially containing data that should not be
+ *              leaked to an attacker.
+ * @kind problem
+ * @problem.severity info
+ * @id swift/summary/sensitive-expressions
+ * @tags summary
+ */
+
+import swift
+import codeql.swift.security.SensitiveExprs
+
+from SensitiveExpr e
+select e, "Sensitive expression: " + e.getSensitiveType()

swift/ql/src/queries/Summary/SummaryStats.ql

@@ -0,0 +1,25 @@
+/**
+ * @name Summary statistics
+ * @description A table of summary statistics about a database.
+ * @kind table
+ * @id swift/summary/summary-statistics
+ * @tags summary
+ */
+
+import swift
+import codeql.swift.dataflow.FlowSources
+import codeql.swift.security.SensitiveExprs
+
+predicate statistic(string what, int value) {
+  what = "Files" and value = count(File f)
+  or
+  what = "Expressions" and value = count(Expr e | not e.getFile() instanceof UnknownFile)
+  or
+  what = "Remote flow sources" and value = count(RemoteFlowSource s)
+  or
+  what = "Sensitive expressions" and value = count(SensitiveExpr e)
+}
+
+from string what, int value
+where statistic(what, value)
+select what, value