Shared: add outdated Swift sink kinds

csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll

@@ -47,7 +47,7 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
@@ -55,6 +55,8 @@ class OutdatedSinkKind extends string {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {

go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll

@@ -47,7 +47,7 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
@@ -55,6 +55,8 @@ class OutdatedSinkKind extends string {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {

java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll

@@ -47,7 +47,7 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
@@ -55,6 +55,8 @@ class OutdatedSinkKind extends string {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {

javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll

@@ -47,7 +47,7 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
@@ -55,6 +55,8 @@ class OutdatedSinkKind extends string {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {

python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll

@@ -47,7 +47,7 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
@@ -55,6 +55,8 @@ class OutdatedSinkKind extends string {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {

ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll

@@ -47,7 +47,7 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
@@ -55,6 +55,8 @@ class OutdatedSinkKind extends string {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {

swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll

@@ -47,7 +47,7 @@ class OutdatedSinkKind extends string {
         "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", "ldap",
         "pending-intent-sent", "intent-start", "set-hostname-verifier", "header-splitting", "xss",
         "write-file", "create-file", "read-file", "open-url", "jdbc-url", "command-line-injection",
-        "code", "html", "remote"
+        "code", "html", "remote", "uncontrolled-format-string", "js-eval"
       ]
   }
 
@@ -55,6 +55,8 @@ class OutdatedSinkKind extends string {
     this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap", "code", "html"] and
     result = this + "-injection"
     or
+    this = "js-eval" and result = "code-injection"
+    or
     this = "url-redirect" and result = "url-redirection"
     or
     this = "ssti" and result = "template-injection"
@@ -78,6 +80,8 @@ class OutdatedSinkKind extends string {
     this = ["open-url", "jdbc-url"] and result = "request-forgery"
     or
     this = "command-line-injection" and result = "command-injection"
+    or
+    this = "uncontrolled-format-string" and result = "format-string"
   }
 
   string outdatedMessage() {