Swift: Various minor fixes / consistency improvements to sinks.

geoffw0 · geoffw0 · commit 256c3f66ca25 · 2023-04-11T17:04:09.000+01:00
diff --git a/swift/ql/lib/codeql/swift/security/ConstantPasswordExtensions.qll b/swift/ql/lib/codeql/swift/security/ConstantPasswordExtensions.qll
@@ -35,7 +35,7 @@ class ConstantPasswordAdditionalTaintStep extends Unit {
 private class CryptoSwiftPasswordSink extends ConstantPasswordSink {
   CryptoSwiftPasswordSink() {
     // `password` arg in `init` is a sink
-    exists(ClassOrStructDecl c, ConstructorDecl f, CallExpr call |
+    exists(NominalTypeDecl c, ConstructorDecl f, CallExpr call |
       c.getName() = ["HKDF", "PBKDF1", "PBKDF2", "Scrypt"] and
       c.getAMember() = f and
       call.getStaticTarget() = f and
diff --git a/swift/ql/lib/codeql/swift/security/ConstantSaltExtensions.qll b/swift/ql/lib/codeql/swift/security/ConstantSaltExtensions.qll
@@ -35,7 +35,7 @@ class ConstantSaltAdditionalTaintStep extends Unit {
 private class CryptoSwiftSaltSink extends ConstantSaltSink {
   CryptoSwiftSaltSink() {
     // `salt` arg in `init` is a sink
-    exists(ClassOrStructDecl c, ConstructorDecl f, CallExpr call |
+    exists(NominalTypeDecl c, ConstructorDecl f, CallExpr call |
       c.getName() = ["HKDF", "PBKDF1", "PBKDF2", "Scrypt"] and
       c.getAMember() = f and
       call.getStaticTarget() = f and
diff --git a/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyExtensions.qll b/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyExtensions.qll
@@ -35,14 +35,11 @@ class HardcodedEncryptionKeyAdditionalTaintStep extends Unit {
 private class CryptoSwiftEncryptionKeySink extends HardcodedEncryptionKeySink {
   CryptoSwiftEncryptionKeySink() {
     // `key` arg in `init` is a sink
-    exists(CallExpr call, string fName |
-      call.getStaticTarget()
-          .(MethodDecl)
-          .hasQualifiedName([
-              "AES", "HMAC", "ChaCha20", "CBCMAC", "CMAC", "Poly1305", "Blowfish", "Rabbit"
-            ], fName) and
-      fName.matches("init(key:%") and
-      call.getArgument(0).getExpr() = this.asExpr()
+    exists(NominalTypeDecl c, ConstructorDecl f, CallExpr call |
+      c.getName() = ["AES", "HMAC", "ChaCha20", "CBCMAC", "CMAC", "Poly1305", "Blowfish", "Rabbit"] and
+      c.getAMember() = f and
+      call.getStaticTarget() = f and
+      call.getArgumentWithLabel("key").getExpr() = this.asExpr()
     )
   }
 }
diff --git a/swift/ql/lib/codeql/swift/security/InsufficientHashIterationsExtensions.qll b/swift/ql/lib/codeql/swift/security/InsufficientHashIterationsExtensions.qll
@@ -36,7 +36,7 @@ class InsufficientHashIterationsAdditionalTaintStep extends Unit {
 private class CryptoSwiftHashIterationsSink extends InsufficientHashIterationsSink {
   CryptoSwiftHashIterationsSink() {
     // `iterations` arg in `init` is a sink
-    exists(ClassOrStructDecl c, ConstructorDecl f, CallExpr call |
+    exists(NominalTypeDecl c, ConstructorDecl f, CallExpr call |
       c.getName() = ["PBKDF1", "PBKDF2"] and
       c.getAMember() = f and
       call.getStaticTarget() = f and
