Swift: Update summary queries #14329
Conversation
| import codeql.swift.security.StaticInitializationVectorQuery | ||
|
|
||
| string queryForSink(DataFlow::Node sink) { | ||
| PathInjectionConfig::isSink(sink) and result = "swift/path-injection" |
There was a problem hiding this comment.
This almost makes me wish every dataflow module that fully defined a query defined a predicate like:
module PathInjectionConfig implements DataFlow::ConfigSig {
...
string queryId() {
result = "swift/path-injection"
}
}but that's probably too much effort to put into making this table-like diagnostics query.
There was a problem hiding this comment.
Yeah, that would be nice. Regardless there will be a small maintenance burden adding new queries to this list, but I think it's worth it for the data we get. At some point queryForSink may move out into a shared .qll so that we can write other queries using it.
| @@ -1,5 +1,5 @@ | |||
| /** | |||
| * @name Summary statistics | |||
| * @name Summary Statistics | |||
There was a problem hiding this comment.
There's actually no style-guide requirement to capitalize every word in the @name meta-data field. See here: https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#query-name-name.
There was a problem hiding this comment.
It does make the queries in this directory consistent, which is nice, if unimportant.
(I'll change them all to lower case if you prefer)
There was a problem hiding this comment.
Nah, I don't think it's worth running CI again for this small change.
Update summary queries. Three new queries are added:
swift/summary/regex-evals, which lists regular expression evaluations (approximately the sinks for the regex queries).swift/summary/query-sinks, which lists all other query sinks. Hopefully this will give us a much better understanding of why certain queries are under-performing.swift/summary/taint-reach, which computes the taint reach metric now instead of being done as part ofswift/summary/summary-statistics. This change is made because taint reach is expensive to compute and could potentially fail on large projects, so it's best for it to be separate.