diff --git a/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql b/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql index 455cd7e3751..3009f0d0d03 100644 --- a/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql +++ b/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql @@ -31,7 +31,7 @@ class Sink extends DataFlow::Node { int baseUrlArg | // arguments to method calls... - exists(string className, ClassDecl c | + exists(string className, ClassOrStructDecl c | ( // `loadHTMLString` className = ["UIWebView", "WKWebView"] and diff --git a/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql b/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql index 397d5826fe5..5e4bcbf3ffa 100644 --- a/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql +++ b/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql @@ -99,7 +99,7 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration { | ( // arguments to method calls... - exists(string className, ClassDecl c | + exists(string className, ClassOrStructDecl c | ( // `NSRange.init` className = "NSRange" and @@ -127,7 +127,7 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration { paramName = "at" ) and c.getName() = className and - c.getABaseTypeDecl*().(ClassDecl).getAMember() = funcDecl and + c.getABaseTypeDecl*().(ClassOrStructDecl).getAMember() = funcDecl and call.getStaticTarget() = funcDecl and flowstate = "NSString" ) diff --git a/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql b/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql index 5e655c0dc90..49f4e6ab7e9 100644 --- a/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql +++ b/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql @@ -28,7 +28,7 @@ abstract class Stored extends DataFlow::Node { } class CoreDataStore extends Stored { CoreDataStore() { // `content` arg to `NWConnection.send` is a sink - exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call | + exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call | c.getName() = "NSManagedObject" and c.getAMember() = f and f.getName() = ["setValue(_:forKey:)", "setPrimitiveValue(_:forKey:)"] and @@ -47,7 +47,7 @@ class RealmStore extends Stored instanceof DataFlow::PostUpdateNode { // any write into a class derived from `RealmSwiftObject` is a sink. For // example in `realmObj.data = sensitive` the post-update node corresponding // with `realmObj.data` is a sink. - exists(ClassDecl cd, Expr e | + exists(ClassOrStructDecl cd, Expr e | cd.getABaseTypeDecl*().getName() = "RealmSwiftObject" and this.getPreUpdateNode().asExpr() = e and e.getFullyConverted().getType() = cd.getType() and @@ -81,7 +81,7 @@ class CleartextStorageConfig extends TaintTracking::Configuration { // flow out from fields of a `RealmSwiftObject` at the sink, for example in // `realmObj.data = sensitive`. isSink(node) and - exists(ClassDecl cd | + exists(ClassOrStructDecl cd | c.getAReadContent().(DataFlow::Content::FieldContent).getField() = cd.getAMember() and cd.getABaseTypeDecl*().getName() = "RealmSwiftObject" ) diff --git a/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql b/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql index ba2d2a17807..d2dec5a104a 100644 --- a/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql +++ b/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql @@ -28,7 +28,7 @@ abstract class Transmitted extends Expr { } class NWConnectionSend extends Transmitted { NWConnectionSend() { // `content` arg to `NWConnection.send` is a sink - exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call | + exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call | c.getName() = "NWConnection" and c.getAMember() = f and f.getName() = "send(content:contentContext:isComplete:completion:)" and @@ -46,7 +46,7 @@ class Url extends Transmitted { Url() { // `string` arg in `URL.init` is a sink // (we assume here that the URL goes on to be used in a network operation) - exists(StructDecl c, AbstractFunctionDecl f, CallExpr call | + exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call | c.getName() = "URL" and c.getAMember() = f and f.getName() = ["init(string:)", "init(string:relativeTo:)"] and diff --git a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql index b697a9a01dd..5a6fc396257 100755 --- a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql +++ b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql @@ -42,7 +42,7 @@ module WeakHashingConfig { call.getAnArgument().getExpr() = this.asExpr() and call.getStaticTarget() = func and func.getName().matches(["hash(%", "update(%"]) and - algorithm = func.getEnclosingDecl().(StructDecl).getName() and + algorithm = func.getEnclosingDecl().(ClassOrStructDecl).getName() and algorithm = ["MD5", "SHA1"] ) } diff --git a/swift/ql/src/queries/Security/ECB-Encryption/ECBEncryption.ql b/swift/ql/src/queries/Security/ECB-Encryption/ECBEncryption.ql index d0170d84237..cb531c1a4b8 100644 --- a/swift/ql/src/queries/Security/ECB-Encryption/ECBEncryption.ql +++ b/swift/ql/src/queries/Security/ECB-Encryption/ECBEncryption.ql @@ -26,7 +26,7 @@ abstract class BlockMode extends Expr { } class AES extends BlockMode { AES() { // `blockMode` arg in `AES.init` is a sink - exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call | + exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call | c.getName() = "AES" and c.getAMember() = f and f.getName() = ["init(key:blockMode:)", "init(key:blockMode:padding:)"] and @@ -42,7 +42,7 @@ class AES extends BlockMode { class Blowfish extends BlockMode { Blowfish() { // `blockMode` arg in `Blowfish.init` is a sink - exists(ClassDecl c, AbstractFunctionDecl f, CallExpr call | + exists(ClassOrStructDecl c, AbstractFunctionDecl f, CallExpr call | c.getName() = "Blowfish" and c.getAMember() = f and f.getName() = "init(key:blockMode:padding:)" and @@ -60,7 +60,7 @@ class EcbEncryptionConfig extends DataFlow::Configuration { EcbEncryptionConfig() { this = "EcbEncryptionConfig" } override predicate isSource(DataFlow::Node node) { - exists(StructDecl s, AbstractFunctionDecl f, CallExpr call | + exists(ClassOrStructDecl s, AbstractFunctionDecl f, CallExpr call | s.getName() = "ECB" and s.getAMember() = f and f.getName() = "init()" and diff --git a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift index 87d140b1eea..506b3a921e3 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift @@ -1,7 +1,7 @@ // --- stubs --- -class Data { +struct Data { init(_ elements: S) {} } @@ -13,7 +13,7 @@ class NWConnection { class ContentContext { static let defaultMessage = ContentContext() } - + func send(content: Data?, contentContext: NWConnection.ContentContext = .defaultMessage, isComplete: Bool = true, completion: NWConnection.SendCompletion) { } func send(content: Content?, contentContext: NWConnection.ContentContext = .defaultMessage, isComplete: Bool = true, completion: NWConnection.SendCompletion) { } }