Skip to content

Swift: Diff-informed queries: phase 3 (non-trivial locations) #20082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Swift: Diff-informed queries: phase 3 (non-trivial locations) #20082

wants to merge 4 commits into from
+30 −0

Conversation

d10c
Copy link
Contributor

@d10c d10c commented Jul 17, 2025

This PR enables diff-informed mode on queries that select a location other than dataflow source or sink. This entails adding a non-trivial location override that returns the locations that are actually selected.

Prior work includes PRs like #19663, #19759, and #19817. This PR uses the same patch script as those PRs to find candidate queries to convert to diff-enabled. This is the final step in mass-enabling diff-informed queries on all the languages.

Commit-by-commit reviewing is recommended.

  • I have split the commits that add/modify tests from the ones that enable/disable diff-informed queries.
  • If the commit modifies a .qll file, in the commit message I've included links to the queries that depend on that .qll for easier reviewing.
  • Feel free to delegate parts of the review to others who may be more specialized in certain languages.

@github-actions github-actions bot added the Swift label Jul 17, 2025
@d10c d10c added the no-change-note-required This PR does not need a change note label Jul 17, 2025
@d10c d10c marked this pull request as ready for review July 17, 2025 15:17
@Copilot Copilot AI review requested due to automatic review settings July 17, 2025 15:17
@d10c d10c requested a review from a team as a code owner July 17, 2025 15:17
@d10c d10c requested a review from michaelnebel July 17, 2025 15:17
Copilot
Copilot AI reviewed Jul 17, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enables diff-informed mode on Swift security queries that select non-trivial locations (other than dataflow source or sink). The changes add location override predicates to handle cases where queries select locations that need special handling for diff-informed analysis.

  • Adds observeDiffInformedIncrementalMode() predicate to four security query modules
  • Implements getASelectedSinkLocation() predicate for queries that can support diff-informed mode
  • Disables diff-informed mode for queries with location selection complexities

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
UnsafeWebViewFetchQuery.qll Disables diff-informed mode due to secondary location use in select
InsecureTLSQuery.qll Disables diff-informed mode due to Swift nodes with problematic locations
CleartextStoragePreferencesQuery.qll Enables diff-informed mode with custom sink location handling
CleartextStorageDatabaseQuery.qll Enables diff-informed mode with custom sink location handling

swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesQuery.qll

predicate observeDiffInformedIncrementalMode() { any() }

Location getASelectedSinkLocation(DataFlow::Node sink) {
Copy link
Preview

Copilot AI Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic in getASelectedSinkLocation is duplicated across CleartextStoragePreferencesQuery.qll and CleartextStorageDatabaseQuery.qll. Consider extracting this common pattern into a shared utility predicate to improve maintainability.

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@michaelnebel michaelnebel Awaiting requested review from michaelnebel

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
no-change-note-required This PR does not need a change note Swift
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@d10c
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy