Swift: Simplify out some variables.

Author: geoffw0

swift/ql/src/queries/Security/CWE-089/SqlInjection.ql

@@ -27,15 +27,14 @@ abstract class SqlSink extends DataFlow::Node { }
 class CApiSqlSink extends SqlSink {
   CApiSqlSink() {
     // `sqlite3_exec` and variants of `sqlite3_prepare`.
-    exists(AbstractFunctionDecl f, CallExpr call |
-      f.getName() =
+    exists(CallExpr call |
+      call.getStaticTarget().getName() =
         [
           "sqlite3_exec(_:_:_:_:_:)", "sqlite3_prepare(_:_:_:_:_:)",
           "sqlite3_prepare_v2(_:_:_:_:_:)", "sqlite3_prepare_v3(_:_:_:_:_:_:)",
           "sqlite3_prepare16(_:_:_:_:_:)", "sqlite3_prepare16_v2(_:_:_:_:_:)",
           "sqlite3_prepare16_v3(_:_:_:_:_:_:)"
         ] and
-      call.getStaticTarget() = f and
       call.getArgument(1).getExpr() = this.asExpr()
     )
   }
@@ -47,16 +46,17 @@ class CApiSqlSink extends SqlSink {
 class SQLiteSwiftSqlSink extends SqlSink {
   SQLiteSwiftSqlSink() {
     // Variants of `Connection.execute`, `connection.prepare` and `connection.scalar`.
-    exists(MethodDecl f, CallExpr call |
-      f.hasQualifiedName("Connection", ["execute(_:)", "prepare(_:_:)", "run(_:_:)", "scalar(_:_:)"]) and
-      call.getStaticTarget() = f and
+    exists(CallExpr call |
+      call.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("Connection",
+            ["execute(_:)", "prepare(_:_:)", "run(_:_:)", "scalar(_:_:)"]) and
       call.getArgument(0).getExpr() = this.asExpr()
     )
     or
     // String argument to the `Statement` constructor.
-    exists(MethodDecl f, CallExpr call |
-      f.hasQualifiedName("Statement", "init(_:_:)") and
-      call.getStaticTarget() = f and
+    exists(CallExpr call |
+      call.getStaticTarget().(MethodDecl).hasQualifiedName("Statement", "init(_:_:)") and
       call.getArgument(1).getExpr() = this.asExpr()
     )
   }

swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql

@@ -28,9 +28,11 @@ abstract class Stored extends DataFlow::Node { }
 class CoreDataStore extends Stored {
   CoreDataStore() {
     // values written into Core Data objects are a sink
-    exists(MethodDecl f, CallExpr call |
-      f.hasQualifiedName("NSManagedObject", ["setValue(_:forKey:)", "setPrimitiveValue(_:forKey:)"]) and
-      call.getStaticTarget() = f and
+    exists(CallExpr call |
+      call.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("NSManagedObject",
+            ["setValue(_:forKey:)", "setPrimitiveValue(_:forKey:)"]) and
       call.getArgument(0).getExpr() = this.asExpr()
     )
   }

swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql

@@ -28,9 +28,10 @@ abstract class Transmitted extends Expr { }
 class NWConnectionSend extends Transmitted {
   NWConnectionSend() {
     // `content` arg to `NWConnection.send` is a sink
-    exists(MethodDecl f, CallExpr call |
-      f.hasQualifiedName("NWConnection", "send(content:contentContext:isComplete:completion:)") and
-      call.getStaticTarget() = f and
+    exists(CallExpr call |
+      call.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("NWConnection", "send(content:contentContext:isComplete:completion:)") and
       call.getArgument(0).getExpr() = this
     )
   }
@@ -44,9 +45,10 @@ class Url extends Transmitted {
   Url() {
     // `string` arg in `URL.init` is a sink
     // (we assume here that the URL goes on to be used in a network operation)
-    exists(MethodDecl f, CallExpr call |
-      f.hasQualifiedName("URL", ["init(string:)", "init(string:relativeTo:)"]) and
-      call.getStaticTarget() = f and
+    exists(CallExpr call |
+      call.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("URL", ["init(string:)", "init(string:relativeTo:)"]) and
       call.getArgument(0).getExpr() = this
     )
   }

swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql

@@ -26,9 +26,8 @@ abstract class Stored extends DataFlow::Node {
 /** The `DataFlow::Node` of an expression that gets written to the user defaults database */
 class UserDefaultsStore extends Stored {
   UserDefaultsStore() {
-    exists(MethodDecl f, CallExpr call |
-      f.hasQualifiedName("UserDefaults", "set(_:forKey:)") and
-      call.getStaticTarget() = f and
+    exists(CallExpr call |
+      call.getStaticTarget().(MethodDecl).hasQualifiedName("UserDefaults", "set(_:forKey:)") and
       call.getArgument(0).getExpr() = this.asExpr()
     )
   }
@@ -39,9 +38,10 @@ class UserDefaultsStore extends Stored {
 /** The `DataFlow::Node` of an expression that gets written to the iCloud-backed NSUbiquitousKeyValueStore */
 class NSUbiquitousKeyValueStore extends Stored {
   NSUbiquitousKeyValueStore() {
-    exists(MethodDecl f, CallExpr call |
-      f.hasQualifiedName("NSUbiquitousKeyValueStore", "set(_:forKey:)") and
-      call.getStaticTarget() = f and
+    exists(CallExpr call |
+      call.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("NSUbiquitousKeyValueStore", "set(_:forKey:)") and
       call.getArgument(0).getExpr() = this.asExpr()
     )
   }

swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql

@@ -37,12 +37,13 @@ class StringLiteralSource extends KeySource instanceof StringLiteralExpr { }
 class EncryptionKeySink extends Expr {
   EncryptionKeySink() {
     // `key` arg in `init` is a sink
-    exists(MethodDecl f, CallExpr call, string fName |
-      f.hasQualifiedName([
-          "AES", "HMAC", "ChaCha20", "CBCMAC", "CMAC", "Poly1305", "Blowfish", "Rabbit"
-        ], fName) and
+    exists(CallExpr call, string fName |
+      call.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName([
+              "AES", "HMAC", "ChaCha20", "CBCMAC", "CMAC", "Poly1305", "Blowfish", "Rabbit"
+            ], fName) and
       fName.matches("init(key:%") and
-      call.getStaticTarget() = f and
       call.getArgument(0).getExpr() = this
     )
   }

swift/ql/src/queries/Security/ECB-Encryption/ECBEncryption.ql

@@ -26,9 +26,10 @@ abstract class BlockMode extends Expr { }
 class AES extends BlockMode {
   AES() {
     // `blockMode` arg in `AES.init` is a sink
-    exists(MethodDecl f, CallExpr call |
-      f.hasQualifiedName("AES", ["init(key:blockMode:)", "init(key:blockMode:padding:)"]) and
-      call.getStaticTarget() = f and
+    exists(CallExpr call |
+      call.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("AES", ["init(key:blockMode:)", "init(key:blockMode:padding:)"]) and
       call.getArgument(1).getExpr() = this
     )
   }
@@ -40,9 +41,10 @@ class AES extends BlockMode {
 class Blowfish extends BlockMode {
   Blowfish() {
     // `blockMode` arg in `Blowfish.init` is a sink
-    exists(MethodDecl f, CallExpr call |
-      f.hasQualifiedName("Blowfish", "init(key:blockMode:padding:)") and
-      call.getStaticTarget() = f and
+    exists(CallExpr call |
+      call.getStaticTarget()
+          .(MethodDecl)
+          .hasQualifiedName("Blowfish", "init(key:blockMode:padding:)") and
       call.getArgument(1).getExpr() = this
     )
   }
@@ -56,9 +58,8 @@ class EcbEncryptionConfig extends DataFlow::Configuration {
   EcbEncryptionConfig() { this = "EcbEncryptionConfig" }
 
   override predicate isSource(DataFlow::Node node) {
-    exists(MethodDecl f, CallExpr call |
-      f.hasQualifiedName("ECB", "init()") and
-      call.getStaticTarget() = f and
+    exists(CallExpr call |
+      call.getStaticTarget().(MethodDecl).hasQualifiedName("ECB", "init()") and
       node.asExpr() = call
     )
   }