Skip to content

Commit 840b74d

Browse files
geoffw0geoffw0
committed
Swift: Add and use ApplyExpr.getArgumentByParamName.
1 parent caf9ac5 commit 840b74d

File tree

3 files changed

+16
-13
lines changed

3 files changed

+16
-13
lines changed

swift/ql/lib/codeql/swift/elements/expr/ApplyExpr.qll

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,17 @@ class ApplyExpr extends Generated::ApplyExpr {
1919
/** Gets the method qualifier, if this is applying a method */
2020
Expr getQualifier() { none() }
2121

22+
/**
23+
* Gets the argument that has corresponding parameter name `paramName` (if
24+
* any). If this call does not have a static target, there will be no result.
25+
*/
26+
final Argument getArgumentByParamName(string paramName) {
27+
exists(int arg |
28+
this.getStaticTarget().getParam(pragma[only_bind_into](arg)).getName() = paramName and
29+
this.getArgument(pragma[only_bind_into](arg)) = result
30+
)
31+
}
32+
2233
override string toString() {
2334
result = "call to " + this.getStaticTarget().toString()
2435
or

swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,10 +26,7 @@ class Sink extends DataFlow::Node {
2626
Expr baseUrl;
2727

2828
Sink() {
29-
exists(
30-
MethodDecl funcDecl, CallExpr call, string className, string funcName, string paramName,
31-
int arg, int baseUrlArg
32-
|
29+
exists(MethodDecl funcDecl, CallExpr call, string className, string funcName, string paramName |
3330
// arguments to method calls...
3431
(
3532
// `loadHTMLString`
@@ -50,11 +47,9 @@ class Sink extends DataFlow::Node {
5047
call.getStaticTarget() = funcDecl and
5148
// match up `funcName`, `paramName`, `arg`, `node`.
5249
funcDecl.hasQualifiedName(className, funcName) and
53-
funcDecl.getParam(pragma[only_bind_into](arg)).getName() = paramName and
54-
call.getArgument(pragma[only_bind_into](arg)).getExpr() = this.asExpr() and
50+
call.getArgumentByParamName(paramName).getExpr() = this.asExpr() and
5551
// match up `baseURLArg`
56-
funcDecl.getParam(pragma[only_bind_into](baseUrlArg)).getName() = "baseURL" and
57-
call.getArgument(pragma[only_bind_into](baseUrlArg)).getExpr() = baseUrl
52+
call.getArgumentByParamName("baseURL").getExpr() = baseUrl
5853
)
5954
}
6055

swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -94,9 +94,7 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration {
9494
* that sink. We actually want to report incorrect flow states.
9595
*/
9696
predicate isSinkImpl(DataFlow::Node node, string flowstate) {
97-
exists(
98-
AbstractFunctionDecl funcDecl, CallExpr call, string funcName, string paramName, int arg
99-
|
97+
exists(AbstractFunctionDecl funcDecl, CallExpr call, string funcName, string paramName |
10098
(
10199
// arguments to method calls...
102100
exists(string className, ClassOrStructDecl c |
@@ -166,8 +164,7 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration {
166164
) and
167165
// match up `funcName`, `paramName`, `arg`, `node`.
168166
funcDecl.getName() = funcName and
169-
funcDecl.getParam(pragma[only_bind_into](arg)).getName() = paramName and
170-
call.getArgument(pragma[only_bind_into](arg)).getExpr() = node.asExpr()
167+
call.getArgumentByParamName(paramName).getExpr() = node.asExpr()
171168
)
172169
}
173170

0 commit comments

Comments
 (0)