Swift: Move regex dataflow code into a RegexTracking library (similar to the layout in Ruby and Python).

geoffw0 · geoffw0 · commit f243e854ae97 · 2023-07-18T09:49:36.000+01:00
diff --git a/swift/ql/lib/codeql/swift/regex/Regex.qll b/swift/ql/lib/codeql/swift/regex/Regex.qll
@@ -6,32 +6,7 @@ import swift
 import codeql.swift.regex.RegexTreeView
 private import codeql.swift.dataflow.DataFlow
 private import internal.ParseRegex
-
-/**
- * A data flow configuration for tracking string literals that are used as
- * regular expressions.
- */
-private module RegexUseConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node node) { node.asExpr() instanceof StringLiteralExpr }
-
-  predicate isSink(DataFlow::Node node) { node.asExpr() = any(RegexEval eval).getRegexInput() }
-
-  predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    // flow through `Regex` initializer, i.e. from a string to a `Regex` object.
-    exists(CallExpr call |
-      (
-        call.getStaticTarget().(Method).hasQualifiedName("Regex", ["init(_:)", "init(_:as:)"]) or
-        call.getStaticTarget()
-            .(Method)
-            .hasQualifiedName("NSRegularExpression", "init(pattern:options:)")
-      ) and
-      nodeFrom.asExpr() = call.getArgument(0).getExpr() and
-      nodeTo.asExpr() = call
-    )
-  }
-}
-
-private module RegexUseFlow = DataFlow::Global<RegexUseConfig>;
+private import internal.RegexTracking
 
 /**
  * A string literal that is used as a regular expression in a regular
diff --git a/swift/ql/lib/codeql/swift/regex/internal/RegexTracking.qll b/swift/ql/lib/codeql/swift/regex/internal/RegexTracking.qll
@@ -0,0 +1,37 @@
+/**
+ * Provides classes and predicates that track strings and regular expressions
+ * to where they are used, along with properties of the regex such as parse
+ * mode flags that have been set.
+ */
+
+import swift
+import codeql.swift.regex.RegexTreeView
+private import codeql.swift.dataflow.DataFlow
+private import ParseRegex
+private import codeql.swift.regex.Regex
+
+/**
+ * A data flow configuration for tracking string literals that are used as
+ * regular expressions.
+ */
+private module RegexUseConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) { node.asExpr() instanceof StringLiteralExpr }
+
+  predicate isSink(DataFlow::Node node) { node.asExpr() = any(RegexEval eval).getRegexInput() }
+
+  predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
+    // flow through `Regex` initializer, i.e. from a string to a `Regex` object.
+    exists(CallExpr call |
+      (
+        call.getStaticTarget().(Method).hasQualifiedName("Regex", ["init(_:)", "init(_:as:)"]) or
+        call.getStaticTarget()
+            .(Method)
+            .hasQualifiedName("NSRegularExpression", "init(pattern:options:)")
+      ) and
+      nodeFrom.asExpr() = call.getArgument(0).getExpr() and
+      nodeTo.asExpr() = call
+    )
+  }
+}
+
+module RegexUseFlow = DataFlow::Global<RegexUseConfig>;
