Apply suggestions from code review

geoffw0 · MathiasVP · web-flow · commit e4dab173185f · 2022-08-03T18:14:14.000+01:00
Co-authored-by: Mathias Vorreiter Pedersen &lt;mathiasvp@github.com&gt;
diff --git a/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql b/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
@@ -119,7 +119,7 @@ class UnsafeWebViewFetchConfig extends TaintTracking::Configuration {
       c.getAMember() = f and
       f.getName() = ["init(string:)", "init(string:relativeTo:)"] and
       call.getFunction().(ApplyExpr).getStaticTarget() = f and
-      node1.asExpr() = call.getArgument(_).getExpr() and
+      node1.asExpr() = call.getAnArgument().getExpr() and
       node2.asExpr() = call
     )
   }
@@ -140,4 +140,4 @@ where
     config.hasFlow(_, any(DataFlow::Node n | n.asExpr() = sink.getBaseUrl())) and
     message = "Tainted data is used in a WebView fetch with a tainted base URL."
   )
-select sinkNode, sourceNode, sinkNode, message
+select sink, sourceNode, sinkNode, message

Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ class UnsafeWebViewFetchConfig extends TaintTracking::Configuration {`
`119`	`119`	`c.getAMember() = f and`
`120`	`120`	`f.getName() = ["init(string:)", "init(string:relativeTo:)"] and`
`121`	`121`	`call.getFunction().(ApplyExpr).getStaticTarget() = f and`
`122`		`- node1.asExpr() = call.getArgument(_).getExpr() and`
	`122`	`+ node1.asExpr() = call.getAnArgument().getExpr() and`
`123`	`123`	`node2.asExpr() = call`
`124`	`124`	`)`
`125`	`125`	`}`
`@@ -140,4 +140,4 @@ where`
`140`	`140`	`config.hasFlow(_, any(DataFlow::Node n \| n.asExpr() = sink.getBaseUrl())) and`
`141`	`141`	`message = "Tainted data is used in a WebView fetch with a tainted base URL."`
`142`	`142`	`)`
`143`		`-select sinkNode, sourceNode, sinkNode, message`
	`143`	`+select sink, sourceNode, sinkNode, message`