Swift: Make the RNCryptor sources wider (actual usage seems to vary).

geoffw0 · geoffw0 · commit d4cc86cd050a · 2023-04-06T20:36:12.000+01:00
diff --git a/swift/ql/lib/codeql/swift/security/ConstantPasswordExtensions.qll b/swift/ql/lib/codeql/swift/security/ConstantPasswordExtensions.qll
@@ -50,8 +50,12 @@ private class DefaultConstantPasswordSink extends ConstantPasswordSink {
 private class RnCryptorPasswordSink extends ConstantPasswordSink {
   RnCryptorPasswordSink() {
     // RNCryptor (labelled arguments)
-    exists(ClassOrStructDecl c, MethodDecl f, CallExpr call |
-      c.getName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
+    exists(NominalTypeDecl c, MethodDecl f, CallExpr call |
+      c.getName() =
+        [
+          "RNCryptor", "RNEncryptor", "RNDecryptor", "RNCryptor.EncryptorV3",
+          "RNCryptor.DecryptorV3"
+        ] and
       c.getAMember() = f and
       call.getStaticTarget() = f and
       call.getArgumentWithLabel(["password", "withPassword", "forPassword"]).getExpr() =
diff --git a/swift/ql/lib/codeql/swift/security/ConstantSaltExtensions.qll b/swift/ql/lib/codeql/swift/security/ConstantSaltExtensions.qll
@@ -49,8 +49,12 @@ private class CryptoSwiftSaltSink extends ConstantSaltSink {
  */
 private class RnCryptorSaltSink extends ConstantSaltSink {
   RnCryptorSaltSink() {
-    exists(ClassOrStructDecl c, MethodDecl f, CallExpr call |
-      c.getName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
+    exists(NominalTypeDecl c, MethodDecl f, CallExpr call |
+      c.getName() =
+        [
+          "RNCryptor", "RNEncryptor", "RNDecryptor", "RNCryptor.EncryptorV3",
+          "RNCryptor.DecryptorV3"
+        ] and
       c.getAMember() = f and
       call.getStaticTarget() = f and
       call.getArgumentWithLabel(["salt", "encryptionSalt", "hmacSalt", "HMACSalt"]).getExpr() =
diff --git a/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyExtensions.qll b/swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyExtensions.qll
@@ -52,8 +52,12 @@ private class CryptoSwiftEncryptionKeySink extends HardcodedEncryptionKeySink {
  */
 private class RnCryptorEncryptionKeySink extends HardcodedEncryptionKeySink {
   RnCryptorEncryptionKeySink() {
-    exists(ClassOrStructDecl c, MethodDecl f, CallExpr call |
-      c.getFullName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
+    exists(NominalTypeDecl c, MethodDecl f, CallExpr call |
+      c.getFullName() =
+        [
+          "RNCryptor", "RNEncryptor", "RNDecryptor", "RNCryptor.EncryptorV3",
+          "RNCryptor.DecryptorV3"
+        ] and
       c.getAMember() = f and
       call.getStaticTarget() = f and
       call.getArgumentWithLabel(["encryptionKey", "withEncryptionKey"]).getExpr() = this.asExpr()
diff --git a/swift/ql/lib/codeql/swift/security/StaticInitializationVectorExtensions.qll b/swift/ql/lib/codeql/swift/security/StaticInitializationVectorExtensions.qll
@@ -51,8 +51,12 @@ private class CryptoSwiftInitializationVectorSink extends StaticInitializationVe
  */
 private class RnCryptorInitializationVectorSink extends StaticInitializationVectorSink {
   RnCryptorInitializationVectorSink() {
-    exists(ClassOrStructDecl c, MethodDecl f, CallExpr call |
-      c.getFullName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
+    exists(NominalTypeDecl c, MethodDecl f, CallExpr call |
+      c.getFullName() =
+        [
+          "RNCryptor", "RNEncryptor", "RNDecryptor", "RNCryptor.EncryptorV3",
+          "RNCryptor.DecryptorV3"
+        ] and
       c.getAMember() = f and
       call.getStaticTarget() = f and
       call.getArgumentWithLabel(["iv", "IV"]).getExpr() = this.asExpr()
