Skip to content

Swift: Diff-informed queries: phase 3 (non-trivial locations) #20082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Swift: Diff-informed queries: phase 3 (non-trivial locations) #20082

wants to merge 4 commits into from
+30 −0

Conversation

d10c
Copy link
Contributor

@d10c d10c commented Jul 17, 2025

This PR enables diff-informed mode on queries that select a location other than dataflow source or sink. This entails adding a non-trivial location override that returns the locations that are actually selected.

Prior work includes PRs like #19663, #19759, and #19817. This PR uses the same patch script as those PRs to find candidate queries to convert to diff-enabled. This is the final step in mass-enabling diff-informed queries on all the languages.

Commit-by-commit reviewing is recommended.

  • I have split the commits that add/modify tests from the ones that enable/disable diff-informed queries.
  • If the commit modifies a .qll file, in the commit message I've included links to the queries that depend on that .qll for easier reviewing.
  • Feel free to delegate parts of the review to others who may be more specialized in certain languages.

@github-actions github-actions bot added the Swift label Jul 17, 2025
@d10c d10c added the no-change-note-required This PR does not need a change note label Jul 17, 2025
@d10c d10c marked this pull request as ready for review July 17, 2025 15:17
@Copilot Copilot AI review requested due to automatic review settings July 17, 2025 15:17
@d10c d10c requested a review from a team as a code owner July 17, 2025 15:17
@d10c d10c requested a review from michaelnebel July 17, 2025 15:17
Copilot
Copilot AI reviewed Jul 17, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enables diff-informed mode on Swift security queries that select non-trivial locations (other than dataflow source or sink). The changes add location override predicates to handle cases where queries select locations that need special handling for diff-informed analysis.

  • Adds observeDiffInformedIncrementalMode() predicate to four security query modules
  • Implements getASelectedSinkLocation() predicate for queries that can support diff-informed mode
  • Disables diff-informed mode for queries with location selection complexities

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
UnsafeWebViewFetchQuery.qll Disables diff-informed mode due to secondary location use in select
InsecureTLSQuery.qll Disables diff-informed mode due to Swift nodes with problematic locations
CleartextStoragePreferencesQuery.qll Enables diff-informed mode with custom sink location handling
CleartextStorageDatabaseQuery.qll Enables diff-informed mode with custom sink location handling

swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesQuery.qll

predicate observeDiffInformedIncrementalMode() { any() }

Location getASelectedSinkLocation(DataFlow::Node sink) {
Copy link
Preview

Copilot AI Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic in getASelectedSinkLocation is duplicated across CleartextStoragePreferencesQuery.qll and CleartextStorageDatabaseQuery.qll. Consider extracting this common pattern into a shared utility predicate to improve maintainability.

Copilot uses AI. Check for mistakes.

@d10c d10c requested a review from geoffw0 July 18, 2025 13:11
geoffw0
geoffw0 reviewed Jul 21, 2025
View reviewed changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the links in the commit descriptions, they were a helpful shortcut.

swift/ql/lib/codeql/swift/security/InsecureTLSQuery.qll

predicate observeDiffInformedIncrementalMode() {
none() // query selects some Swift nodes (e.g. "[post] self") that have location file://:0:0:0:0, which always fall outside the diff range.
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you recall if there's any reason we don't give post-update nodes a Location (equal to that of the pre-update node)?

I may do a quick experiment with this (probably after your PR, to avoid complicating things).

swift/ql/lib/codeql/swift/security/UnsafeWebViewFetchQuery.qll

predicate observeDiffInformedIncrementalMode() {
none() // can't override location accurately because of secondary use in select.
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the issue here? The only unusual thing I can see in that query is selecting from three possible alert messages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geoffw0 geoffw0 geoffw0 left review comments

Copilot code review Copilot Copilot left review comments

@michaelnebel michaelnebel Awaiting requested review from michaelnebel

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
no-change-note-required This PR does not need a change note Swift
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@d10c @geoffw0