From f8ab76e1baff6b8b300bf96c6717c5674f0aba60 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Thu, 28 May 2026 12:14:10 +0100
Subject: [PATCH] Swift: Update the new metatype sinks to not rely on name
 matching '.Type'.

---
 .../WeakPasswordHashingExtensions.qll         | 21 ++++++++++++++-----
 .../WeakSensitiveDataHashingExtensions.qll    | 21 ++++++++++++++-----
 2 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/swift/ql/lib/codeql/swift/security/WeakPasswordHashingExtensions.qll b/swift/ql/lib/codeql/swift/security/WeakPasswordHashingExtensions.qll
index 9442812ba2c2..1700c5dc60e8 100644
--- a/swift/ql/lib/codeql/swift/security/WeakPasswordHashingExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/WeakPasswordHashingExtensions.qll
@@ -121,12 +121,23 @@ private class WeakPasswordHashingMetatypeSink extends WeakPasswordHashingSink {
   string algorithm;
 
   WeakPasswordHashingMetatypeSink() {
-    exists(CallExpr c |
-      c.getAnArgument().getExpr() = this.asExpr() and
+    exists(CallExpr ce, Type t |
+      // call target
+      ce.getStaticTarget().getName() =
+        ["hash(data:)", "hash(bufferPointer:)", "update(data:)", "update(bufferPointer:)"] and
+      // argument
+      ce.getAnArgument().getExpr() = this.asExpr() and
+      // qualifier
+      t = ce.getQualifier().getType() and
       algorithm = ["SHA256", "SHA384", "SHA512"] and
-      c.getQualifier().getType().getFullName() = algorithm + ["", ".Type"] and
-      c.getStaticTarget().getName() =
-        ["hash(data:)", "hash(bufferPointer:)", "update(data:)", "update(bufferPointer:)"]
+      (
+        t.getFullName() = algorithm
+        or
+        exists(TypeDecl td |
+          td.getInterfaceType() = t and
+          td.getFullName() = algorithm
+        )
+      )
     )
   }
 
diff --git a/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingExtensions.qll b/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingExtensions.qll
index 58d9f466b785..02cb82a22c89 100755
--- a/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingExtensions.qll
+++ b/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingExtensions.qll
@@ -86,12 +86,23 @@ private class WeakSensitiveDataHashingMetatypeSink extends WeakSensitiveDataHash
   string algorithm;
 
   WeakSensitiveDataHashingMetatypeSink() {
-    exists(CallExpr c |
-      c.getAnArgument().getExpr() = this.asExpr() and
+    exists(CallExpr ce, Type t |
+      // call target
+      ce.getStaticTarget().getName() =
+        ["hash(data:)", "hash(bufferPointer:)", "update(data:)", "update(bufferPointer:)"] and
+      // argument
+      ce.getAnArgument().getExpr() = this.asExpr() and
+      // qualifier
+      t = ce.getQualifier().getType() and
       algorithm = ["MD5", "SHA1"] and
-      c.getQualifier().getType().getFullName() = "Insecure." + algorithm + ["", ".Type"] and
-      c.getStaticTarget().getName() =
-        ["hash(data:)", "hash(bufferPointer:)", "update(data:)", "update(bufferPointer:)"]
+      (
+        t.getFullName() = "Insecure." + algorithm
+        or
+        exists(TypeDecl td |
+          td.getInterfaceType() = t and
+          td.getFullName() = "Insecure." + algorithm
+        )
+      )
     )
   }