From adeef309f3a68098d2d47b2fc6e0b3723962d17e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 19 Oct 2022 12:15:07 +0100 Subject: [PATCH 1/5] Swift: Add some queries to help examine databases. --- swift/ql/src/queries/Summary/FlowSources.ql | 14 ++++++++++ .../ql/src/queries/Summary/SensitiveExprs.ql | 15 +++++++++++ swift/ql/src/queries/Summary/SummaryStats.ql | 26 +++++++++++++++++++ 3 files changed, 55 insertions(+) create mode 100644 swift/ql/src/queries/Summary/FlowSources.ql create mode 100644 swift/ql/src/queries/Summary/SensitiveExprs.ql create mode 100644 swift/ql/src/queries/Summary/SummaryStats.ql diff --git a/swift/ql/src/queries/Summary/FlowSources.ql b/swift/ql/src/queries/Summary/FlowSources.ql new file mode 100644 index 000000000000..e5f967906145 --- /dev/null +++ b/swift/ql/src/queries/Summary/FlowSources.ql @@ -0,0 +1,14 @@ +/** + * @name Flow Sources + * @description List all flow sources found in the database. Flow sources + * indicate data that originates from an untrusted source, such + * as as untrusted remote data. + * @kind table + * @id swift/summary/flow-sources + */ + +import swift +import codeql.swift.dataflow.FlowSources + +from RemoteFlowSource s +select s, "Flow source: " + s.getSourceType() diff --git a/swift/ql/src/queries/Summary/SensitiveExprs.ql b/swift/ql/src/queries/Summary/SensitiveExprs.ql new file mode 100644 index 000000000000..41e66dd269f1 --- /dev/null +++ b/swift/ql/src/queries/Summary/SensitiveExprs.ql @@ -0,0 +1,15 @@ +/** + * @name Sensitive Expressions + * @description List all sensitive expressions found in the database. + * Sensitive expressions are expressions that have been + * identified as potentially containing data that should not be + * leaked to an attacker. + * @kind table + * @id swift/summary/sensitive-expressions + */ + +import swift +import codeql.swift.security.SensitiveExprs + +from SensitiveExpr e +select e, "Sensitive expression: " + e.getSensitiveType() diff --git a/swift/ql/src/queries/Summary/SummaryStats.ql b/swift/ql/src/queries/Summary/SummaryStats.ql new file mode 100644 index 000000000000..1442fade3854 --- /dev/null +++ b/swift/ql/src/queries/Summary/SummaryStats.ql @@ -0,0 +1,26 @@ +/** + * @name Summary statistics + * @description A table of summary statistics about a database. Includes + * values that measure its size, and the numbers of certain + * features interesting to analysis that have been found. + * @kind table + * @id swift/summary/summary-statistics + */ + +import swift +import codeql.swift.dataflow.FlowSources +import codeql.swift.security.SensitiveExprs + +predicate statistic(string what, int value) { + what = "Files" and value = count(File f) + or + what = "Expressions" and value = count(Expr e) + or + what = "Remote flow sources" and value = count(RemoteFlowSource s) + or + what = "Sensitive expressions" and value = count(SensitiveExpr e) +} + +from string what, int value +where statistic(what, value) +select what, value From 5a3577679d63e82aaeb995396c370405bcd1fcc1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Oct 2022 12:44:56 +0100 Subject: [PATCH 2/5] Swift: Improve metadata. --- swift/ql/src/queries/Summary/FlowSources.ql | 4 +++- swift/ql/src/queries/Summary/SensitiveExprs.ql | 4 +++- swift/ql/src/queries/Summary/SummaryStats.ql | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/swift/ql/src/queries/Summary/FlowSources.ql b/swift/ql/src/queries/Summary/FlowSources.ql index e5f967906145..375b20fe709f 100644 --- a/swift/ql/src/queries/Summary/FlowSources.ql +++ b/swift/ql/src/queries/Summary/FlowSources.ql @@ -3,8 +3,10 @@ * @description List all flow sources found in the database. Flow sources * indicate data that originates from an untrusted source, such * as as untrusted remote data. - * @kind table + * @kind problem + * @problem.severity info * @id swift/summary/flow-sources + * @tags summary */ import swift diff --git a/swift/ql/src/queries/Summary/SensitiveExprs.ql b/swift/ql/src/queries/Summary/SensitiveExprs.ql index 41e66dd269f1..1725802f4f78 100644 --- a/swift/ql/src/queries/Summary/SensitiveExprs.ql +++ b/swift/ql/src/queries/Summary/SensitiveExprs.ql @@ -4,8 +4,10 @@ * Sensitive expressions are expressions that have been * identified as potentially containing data that should not be * leaked to an attacker. - * @kind table + * @kind problem + * @problem.severity info * @id swift/summary/sensitive-expressions + * @tags summary */ import swift diff --git a/swift/ql/src/queries/Summary/SummaryStats.ql b/swift/ql/src/queries/Summary/SummaryStats.ql index 1442fade3854..7ae28d1a0a9a 100644 --- a/swift/ql/src/queries/Summary/SummaryStats.ql +++ b/swift/ql/src/queries/Summary/SummaryStats.ql @@ -5,6 +5,7 @@ * features interesting to analysis that have been found. * @kind table * @id swift/summary/summary-statistics + * @tags summary */ import swift From 3215295d061885c0a3bd668eb4d948fbe908a615 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 21 Oct 2022 18:48:08 +0100 Subject: [PATCH 3/5] Swift: simpkify SummaryStats.ql description. --- swift/ql/src/queries/Summary/SummaryStats.ql | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/swift/ql/src/queries/Summary/SummaryStats.ql b/swift/ql/src/queries/Summary/SummaryStats.ql index 7ae28d1a0a9a..0163744183c3 100644 --- a/swift/ql/src/queries/Summary/SummaryStats.ql +++ b/swift/ql/src/queries/Summary/SummaryStats.ql @@ -1,8 +1,6 @@ /** * @name Summary statistics - * @description A table of summary statistics about a database. Includes - * values that measure its size, and the numbers of certain - * features interesting to analysis that have been found. + * @description A table of summary statistics about a database. * @kind table * @id swift/summary/summary-statistics * @tags summary From 8a8b1aff7fcf8d192eb2e7601dc05a70e4f8dc6c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 21 Oct 2022 18:57:15 +0100 Subject: [PATCH 4/5] Swift: Restrict expressions count to expressions with locations. --- swift/ql/src/queries/Summary/SummaryStats.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/src/queries/Summary/SummaryStats.ql b/swift/ql/src/queries/Summary/SummaryStats.ql index 0163744183c3..a72f659358f0 100644 --- a/swift/ql/src/queries/Summary/SummaryStats.ql +++ b/swift/ql/src/queries/Summary/SummaryStats.ql @@ -13,7 +13,7 @@ import codeql.swift.security.SensitiveExprs predicate statistic(string what, int value) { what = "Files" and value = count(File f) or - what = "Expressions" and value = count(Expr e) + what = "Expressions" and value = count(Expr e | e.getFile().getName() != "") or what = "Remote flow sources" and value = count(RemoteFlowSource s) or From b59f01f968f305c63c9beae45f320df9220bbebd Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 25 Oct 2022 13:18:43 +0100 Subject: [PATCH 5/5] Swift: Use UnknownFile. --- swift/ql/src/queries/Summary/SummaryStats.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/src/queries/Summary/SummaryStats.ql b/swift/ql/src/queries/Summary/SummaryStats.ql index a72f659358f0..3db662fc38b2 100644 --- a/swift/ql/src/queries/Summary/SummaryStats.ql +++ b/swift/ql/src/queries/Summary/SummaryStats.ql @@ -13,7 +13,7 @@ import codeql.swift.security.SensitiveExprs predicate statistic(string what, int value) { what = "Files" and value = count(File f) or - what = "Expressions" and value = count(Expr e | e.getFile().getName() != "") + what = "Expressions" and value = count(Expr e | not e.getFile() instanceof UnknownFile) or what = "Remote flow sources" and value = count(RemoteFlowSource s) or