Swift: And another.

Author: geoffw0

swift/ql/src/queries/Security/CWE-089/SqlInjection.ql

@@ -47,19 +47,15 @@ class CApiSqlSink extends SqlSink {
 class SQLiteSwiftSqlSink extends SqlSink {
   SQLiteSwiftSqlSink() {
     // Variants of `Connection.execute`, `connection.prepare` and `connection.scalar`.
-    exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "Connection" and
-      c.getAMember() = f and
-      f.getName() = ["execute(_:)", "prepare(_:_:)", "run(_:_:)", "scalar(_:_:)"] and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("Connection", ["execute(_:)", "prepare(_:_:)", "run(_:_:)", "scalar(_:_:)"]) and
       call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this.asExpr()
     )
     or
     // String argument to the `Statement` constructor.
-    exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call |
-      c.getName() = "Statement" and
-      c.getAMember() = f and
-      f.getName() = "init(_:_:)" and
+    exists(MethodDecl f, CallExpr call |
+      f.hasQualifiedName("Statement", "init(_:_:)") and
       call.getStaticTarget() = f and
       call.getArgument(1).getExpr() = this.asExpr()
     )