Merge pull request github#11034 from geoffw0/global

Swift: Add and use AbstractFunctionDecl.hasGlobalName predicate.

Author: geoffw0

swift/ql/lib/codeql/swift/elements/decl/AbstractFunctionDecl.qll

@@ -1,5 +1,9 @@
 private import codeql.swift.generated.decl.AbstractFunctionDecl
+private import codeql.swift.elements.decl.MethodDecl
 
+/**
+ * A function.
+ */
 class AbstractFunctionDecl extends Generated::AbstractFunctionDecl {
   override string toString() { result = this.getName() }
 
@@ -8,3 +12,10 @@ class AbstractFunctionDecl extends Generated::AbstractFunctionDecl {
    */
   predicate hasName(string funcName) { this.getName() = funcName }
 }
+
+/**
+ * A free (non-member) function.
+ */
+class FreeFunctionDecl extends AbstractFunctionDecl {
+  FreeFunctionDecl() { not this instanceof MethodDecl }
+}

swift/ql/lib/codeql/swift/elements/decl/MethodDecl.qll

@@ -9,6 +9,9 @@ private Decl getAMember(IterableDeclContext ctx) {
   )
 }
 
+/**
+ * A function that is a member of a class, struct, enum or protocol.
+ */
 class MethodDecl extends AbstractFunctionDecl {
   MethodDecl() {
     this = getAMember(any(ClassDecl c))

swift/ql/src/queries/Security/CWE-089/SqlInjection.ql

@@ -28,13 +28,14 @@ class CApiSqlSink extends SqlSink {
   CApiSqlSink() {
     // `sqlite3_exec` and variants of `sqlite3_prepare`.
     exists(CallExpr call |
-      call.getStaticTarget().getName() =
-        [
-          "sqlite3_exec(_:_:_:_:_:)", "sqlite3_prepare(_:_:_:_:_:)",
-          "sqlite3_prepare_v2(_:_:_:_:_:)", "sqlite3_prepare_v3(_:_:_:_:_:_:)",
-          "sqlite3_prepare16(_:_:_:_:_:)", "sqlite3_prepare16_v2(_:_:_:_:_:)",
-          "sqlite3_prepare16_v3(_:_:_:_:_:_:)"
-        ] and
+      call.getStaticTarget()
+          .(FreeFunctionDecl)
+          .hasName([
+              "sqlite3_exec(_:_:_:_:_:)", "sqlite3_prepare(_:_:_:_:_:)",
+              "sqlite3_prepare_v2(_:_:_:_:_:)", "sqlite3_prepare_v3(_:_:_:_:_:_:)",
+              "sqlite3_prepare16(_:_:_:_:_:)", "sqlite3_prepare16_v2(_:_:_:_:_:)",
+              "sqlite3_prepare16_v3(_:_:_:_:_:_:)"
+            ]) and
       call.getArgument(1).getExpr() = this.asExpr()
     )
   }