Swift: use FreeFunctionDecl/.has(Qualified)Name

d10c · d10c · commit fdd7d76ffd07 · 2022-11-03T16:14:43.000+01:00
Instead of hand-rolled predicates.
diff --git a/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql b/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
@@ -32,70 +32,58 @@ abstract class Sink extends DataFlow::Node { }
 class WKWebView extends Sink {
   WKWebView() {
     any(CallExpr ce |
-      ce.getStaticTarget() =
-        getMethodWithQualifiedName("WKWebView",
-          [
-            "evaluateJavaScript(_:)", "evaluateJavaScript(_:completionHandler:)",
-            "evaluateJavaScript(_:in:in:completionHandler:)",
-            "evaluateJavaScript(_:in:contentWorld:)",
-            "callAsyncJavaScript(_:arguments:in:in:completionHandler:)",
-            "callAsyncJavaScript(_:arguments:in:contentWorld:)"
-          ])
+      ce.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("WKWebView",
+            [
+              "evaluateJavaScript(_:)", "evaluateJavaScript(_:completionHandler:)",
+              "evaluateJavaScript(_:in:in:completionHandler:)",
+              "evaluateJavaScript(_:in:contentWorld:)",
+              "callAsyncJavaScript(_:arguments:in:in:completionHandler:)",
+              "callAsyncJavaScript(_:arguments:in:contentWorld:)"
+            ])
     ).getArgument(0).getExpr() = this.asExpr()
   }
 }
 
 class WKUserContentController extends Sink {
   WKUserContentController() {
     any(CallExpr ce |
-      ce.getStaticTarget() =
-        getMethodWithQualifiedName("WKUserContentController", "addUserScript(_:)")
+      ce.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("WKUserContentController", "addUserScript(_:)")
     ).getArgument(0).getExpr() = this.asExpr()
   }
 }
 
 class UIWebView extends Sink {
   UIWebView() {
     any(CallExpr ce |
-      ce.getStaticTarget() =
-        getMethodWithQualifiedName(["UIWebView", "WebView"], "stringByEvaluatingJavaScript(from:)")
+      ce.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName(["UIWebView", "WebView"], "stringByEvaluatingJavaScript(from:)")
     ).getArgument(0).getExpr() = this.asExpr()
   }
 }
 
 class JSContext extends Sink {
   JSContext() {
     any(CallExpr ce |
-      ce.getStaticTarget() =
-        getMethodWithQualifiedName("JSContext",
-          ["evaluateScript(_:)", "evaluateScript(_:withSourceURL:)"])
+      ce.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("JSContext", ["evaluateScript(_:)", "evaluateScript(_:withSourceURL:)"])
     ).getArgument(0).getExpr() = this.asExpr()
   }
 }
 
 class JSEvaluateScript extends Sink {
   JSEvaluateScript() {
     any(CallExpr ce |
-      ce.getStaticTarget() = getFunctionWithQualifiedName("JSEvaluateScript(_:_:_:_:_:_:)")
+      ce.getStaticTarget().(FreeFunctionDecl).hasName("JSEvaluateScript(_:_:_:_:_:_:)")
     ).getArgument(1).getExpr() = this.asExpr()
   }
 }
 
-// TODO: Consider moving the following to the library, e.g.
-// - Decl.hasQualifiedName(moduleName?, declaringDeclName?, declName)
-// - parentDecl = memberDecl.getDeclaringDecl() <=> parentDecl.getAMember() = memberDecl
-IterableDeclContext getDeclaringDeclOf(Decl member) { result.getAMember() = member }
-
-MethodDecl getMethodWithQualifiedName(string className, string methodName) {
-  result.getName() = methodName and
-  getDeclaringDeclOf(result).(NominalTypeDecl).getName() = className
-}
-
-AbstractFunctionDecl getFunctionWithQualifiedName(string funcName) {
-  result.getName() = funcName and
-  not result.hasSelfParam()
-}
-
 /**
  * A taint configuration from taint sources to sinks for this query.
  */
