Merge pull request github#11031 from geoffw0/simplify

MathiasVP · web-flow · commit 0a3d0c4f565e · 2022-10-28T13:58:08.000+02:00
Swift: Simplify queries using MethodDecl.hasQualifiedName
diff --git a/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql b/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
@@ -47,19 +47,15 @@ class CApiSqlSink extends SqlSink {
 class SQLiteSwiftSqlSink extends SqlSink {
   SQLiteSwiftSqlSink() {
     // Variants of `Connection.execute`, `connection.prepare` and `connection.scalar`.
-    exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "Connection" and
-      c.getAMember() = f and
-      f.getName() = ["execute(_:)", "prepare(_:_:)", "run(_:_:)", "scalar(_:_:)"] and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("Connection", ["execute(_:)", "prepare(_:_:)", "run(_:_:)", "scalar(_:_:)"]) and
       call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this.asExpr()
     )
     or
     // String argument to the `Statement` constructor.
-    exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "Statement" and
-      c.getAMember() = f and
-      f.getName() = "init(_:_:)" and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("Statement", "init(_:_:)") and
       call.getStaticTarget() = f and
       call.getArgument(1).getExpr() = this.asExpr()
     )
diff --git a/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql b/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
@@ -28,10 +28,8 @@ abstract class Stored extends DataFlow::Node { }
 class CoreDataStore extends Stored {
   CoreDataStore() {
     // `content` arg to `NWConnection.send` is a sink
-    exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "NSManagedObject" and
-      c.getAMember() = f and
-      f.getName() = ["setValue(_:forKey:)", "setPrimitiveValue(_:forKey:)"] and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("NSManagedObject", ["setValue(_:forKey:)", "setPrimitiveValue(_:forKey:)"]) and
       call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this.asExpr()
     )
diff --git a/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql b/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
@@ -28,10 +28,8 @@ abstract class Transmitted extends Expr { }
 class NWConnectionSend extends Transmitted {
   NWConnectionSend() {
     // `content` arg to `NWConnection.send` is a sink
-    exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "NWConnection" and
-      c.getAMember() = f and
-      f.getName() = "send(content:contentContext:isComplete:completion:)" and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("NWConnection", "send(content:contentContext:isComplete:completion:)") and
       call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this
     )
@@ -46,10 +44,8 @@ class Url extends Transmitted {
   Url() {
     // `string` arg in `URL.init` is a sink
     // (we assume here that the URL goes on to be used in a network operation)
-    exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "URL" and
-      c.getAMember() = f and
-      f.getName() = ["init(string:)", "init(string:relativeTo:)"] and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("URL", ["init(string:)", "init(string:relativeTo:)"]) and
       call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this
     )
diff --git a/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql b/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
@@ -26,10 +26,8 @@ abstract class Stored extends DataFlow::Node {
 /** The `DataFlow::Node` of an expression that gets written to the user defaults database */
 class UserDefaultsStore extends Stored {
   UserDefaultsStore() {
-    exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "UserDefaults" and
-      c.getAMember() = f and
-      f.getName() = "set(_:forKey:)" and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("UserDefaults", "set(_:forKey:)") and
       call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this.asExpr()
     )
@@ -41,10 +39,8 @@ class UserDefaultsStore extends Stored {
 /** The `DataFlow::Node` of an expression that gets written to the iCloud-backed NSUbiquitousKeyValueStore */
 class NSUbiquitousKeyValueStore extends Stored {
   NSUbiquitousKeyValueStore() {
-    exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "NSUbiquitousKeyValueStore" and
-      c.getAMember() = f and
-      f.getName() = "set(_:forKey:)" and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("NSUbiquitousKeyValueStore", "set(_:forKey:)") and
       call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this.asExpr()
     )
diff --git a/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
@@ -37,10 +37,11 @@ class StringLiteralSource extends KeySource instanceof StringLiteralExpr { }
 class EncryptionKeySink extends Expr {
   EncryptionKeySink() {
     // `key` arg in `init` is a sink
-    exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = ["AES", "HMAC", "ChaCha20", "CBCMAC", "CMAC", "Poly1305", "Blowfish", "Rabbit"] and
-      c.getAMember() = f and
-      f.getName().matches("init(key:%") and
+    exists(MethodDecl f, CallExpr call, string fName |
+      f.hasQualifiedName([
+          "AES", "HMAC", "ChaCha20", "CBCMAC", "CMAC", "Poly1305", "Blowfish", "Rabbit"
+        ], fName) and
+      fName.matches("init(key:%") and
       call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this
     )
diff --git a/swift/ql/src/queries/Security/ECB-Encryption/ECBEncryption.ql b/swift/ql/src/queries/Security/ECB-Encryption/ECBEncryption.ql
@@ -26,10 +26,8 @@ abstract class BlockMode extends Expr { }
 class AES extends BlockMode {
   AES() {
     // `blockMode` arg in `AES.init` is a sink
-    exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "AES" and
-      c.getAMember() = f and
-      f.getName() = ["init(key:blockMode:)", "init(key:blockMode:padding:)"] and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("AES", ["init(key:blockMode:)", "init(key:blockMode:padding:)"]) and
       call.getStaticTarget() = f and
       call.getArgument(1).getExpr() = this
     )
@@ -42,10 +40,8 @@ class AES extends BlockMode {
 class Blowfish extends BlockMode {
   Blowfish() {
     // `blockMode` arg in `Blowfish.init` is a sink
-    exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "Blowfish" and
-      c.getAMember() = f and
-      f.getName() = "init(key:blockMode:padding:)" and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("Blowfish", "init(key:blockMode:padding:)") and
       call.getStaticTarget() = f and
       call.getArgument(1).getExpr() = this
     )
@@ -60,10 +56,8 @@ class EcbEncryptionConfig extends DataFlow::Configuration {
   EcbEncryptionConfig() { this = "EcbEncryptionConfig" }
 
   override predicate isSource(DataFlow::Node node) {
-    exists(ClassOrStructDecl s, AbstractFunctionDecl f, CallExpr call |
-      s.getName() = "ECB" and
-      s.getAMember() = f and
-      f.getName() = "init()" and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("ECB", "init()") and
       call.getStaticTarget() = f and
       node.asExpr() = call
     )
