tighten check against the "iv" argument only

karimhamdanali · karimhamdanali · commit b1679df3d297 · 2022-11-08T11:22:18.000+02:00
diff --git a/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql b/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
@@ -41,7 +41,8 @@ class EncryptionInitializationSink extends Expr {
             ], fName) and
       fName.matches("%init(%iv:%") and
       arg = [0, 1] and
-      call.getArgument(arg).getExpr() = this
+      call.getStaticTarget().(MethodDecl).getParam(pragma[only_bind_into](arg)).getName() = "iv" and
+      call.getArgument(pragma[only_bind_into](arg)).getExpr() = this
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,8 @@ class EncryptionInitializationSink extends Expr {`
`41`	`41`	`], fName) and`
`42`	`42`	`fName.matches("%init(%iv:%") and`
`43`	`43`	`arg = [0, 1] and`
`44`		`- call.getArgument(arg).getExpr() = this`
	`44`	`+ call.getStaticTarget().(MethodDecl).getParam(pragma[only_bind_into](arg)).getName() = "iv" and`
	`45`	`+ call.getArgument(pragma[only_bind_into](arg)).getExpr() = this`
`45`	`46`	`)`
`46`	`47`	`}`
`47`	`48`	`}`