Swift: Have swift/unsafe-webview-fetch use indices instead of parameter names.

Author: geoffw0

swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql

@@ -26,30 +26,35 @@ class Sink extends DataFlow::Node {
   Expr baseUrl;
 
   Sink() {
-    exists(MethodDecl funcDecl, CallExpr call, string className, string funcName, string paramName |
+    exists(
+      MethodDecl funcDecl, CallExpr call, string className, string funcName, int arg, int baseArg
+    |
       // arguments to method calls...
       (
         // `loadHTMLString`
         className = ["UIWebView", "WKWebView"] and
         funcName = "loadHTMLString(_:baseURL:)" and
-        paramName = "string"
+        arg = 0 and
+        baseArg = 1
         or
         // `UIWebView.load`
         className = "UIWebView" and
         funcName = "load(_:mimeType:textEncodingName:baseURL:)" and
-        paramName = "data"
+        arg = 0 and
+        baseArg = 3
         or
         // `WKWebView.load`
         className = "WKWebView" and
         funcName = "load(_:mimeType:characterEncodingName:baseURL:)" and
-        paramName = "data"
+        arg = 0 and
+        baseArg = 3
       ) and
       call.getStaticTarget() = funcDecl and
       // match up `funcName`, `paramName`, `arg`, `node`.
       funcDecl.hasQualifiedName(className, funcName) and
-      call.getArgumentByParamName(paramName).getExpr() = this.asExpr() and
+      call.getArgument(arg).getExpr() = this.asExpr() and
       // match up `baseURLArg`
-      call.getArgumentByParamName("baseURL").getExpr() = baseUrl
+      call.getArgument(baseArg).getExpr() = baseUrl
     )
   }