Skip to content

Commit 8664017

Browse files
committed
Swift: Working tests
1 parent 8a08a3e commit 8664017

File tree

4 files changed

+193
-0
lines changed

4 files changed

+193
-0
lines changed
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
edges
2+
| testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x : | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x |
3+
| testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() : | testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y |
4+
| testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd : | testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x |
5+
| testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd : | testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y |
6+
| testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd : | testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z |
7+
| testUserDefaults.swift:41:24:41:24 | x : | testUserDefaults.swift:42:28:42:28 | x |
8+
| testUserDefaults.swift:44:10:44:22 | call to getPassword() : | testUserDefaults.swift:45:28:45:28 | y |
9+
| testUserDefaults.swift:55:10:55:10 | passwd : | testUserDefaults.swift:59:28:59:28 | x |
10+
| testUserDefaults.swift:56:10:56:10 | passwd : | testUserDefaults.swift:60:28:60:28 | y |
11+
| testUserDefaults.swift:57:10:57:10 | passwd : | testUserDefaults.swift:61:28:61:28 | z |
12+
nodes
13+
| testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | semmle.label | password |
14+
| testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x : | semmle.label | x : |
15+
| testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | semmle.label | x |
16+
| testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() : | semmle.label | call to getPassword() : |
17+
| testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | semmle.label | y |
18+
| testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | semmle.label | .password |
19+
| testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd : | semmle.label | passwd : |
20+
| testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd : | semmle.label | passwd : |
21+
| testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd : | semmle.label | passwd : |
22+
| testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | semmle.label | x |
23+
| testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | semmle.label | y |
24+
| testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | semmle.label | z |
25+
| testUserDefaults.swift:28:15:28:15 | password | semmle.label | password |
26+
| testUserDefaults.swift:41:24:41:24 | x : | semmle.label | x : |
27+
| testUserDefaults.swift:42:28:42:28 | x | semmle.label | x |
28+
| testUserDefaults.swift:44:10:44:22 | call to getPassword() : | semmle.label | call to getPassword() : |
29+
| testUserDefaults.swift:45:28:45:28 | y | semmle.label | y |
30+
| testUserDefaults.swift:49:28:49:30 | .password | semmle.label | .password |
31+
| testUserDefaults.swift:55:10:55:10 | passwd : | semmle.label | passwd : |
32+
| testUserDefaults.swift:56:10:56:10 | passwd : | semmle.label | passwd : |
33+
| testUserDefaults.swift:57:10:57:10 | passwd : | semmle.label | passwd : |
34+
| testUserDefaults.swift:59:28:59:28 | x | semmle.label | x |
35+
| testUserDefaults.swift:60:28:60:28 | y | semmle.label | y |
36+
| testUserDefaults.swift:61:28:61:28 | z | semmle.label | z |
37+
subpaths
38+
#select
39+
| testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | This operation stores 'password' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | password |
40+
| testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x : | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | This operation stores 'x' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x : | x |
41+
| testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() : | testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | This operation stores 'y' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() : | call to getPassword() |
42+
| testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | This operation stores '.password' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | .password |
43+
| testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd : | testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | This operation stores 'x' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd : | passwd |
44+
| testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd : | testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | This operation stores 'y' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd : | passwd |
45+
| testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd : | testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | This operation stores 'z' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd : | passwd |
46+
| testUserDefaults.swift:28:15:28:15 | password | testUserDefaults.swift:28:15:28:15 | password | testUserDefaults.swift:28:15:28:15 | password | This operation stores 'password' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:28:15:28:15 | password | password |
47+
| testUserDefaults.swift:42:28:42:28 | x | testUserDefaults.swift:41:24:41:24 | x : | testUserDefaults.swift:42:28:42:28 | x | This operation stores 'x' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:41:24:41:24 | x : | x |
48+
| testUserDefaults.swift:45:28:45:28 | y | testUserDefaults.swift:44:10:44:22 | call to getPassword() : | testUserDefaults.swift:45:28:45:28 | y | This operation stores 'y' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:44:10:44:22 | call to getPassword() : | call to getPassword() |
49+
| testUserDefaults.swift:49:28:49:30 | .password | testUserDefaults.swift:49:28:49:30 | .password | testUserDefaults.swift:49:28:49:30 | .password | This operation stores '.password' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:49:28:49:30 | .password | .password |
50+
| testUserDefaults.swift:59:28:59:28 | x | testUserDefaults.swift:55:10:55:10 | passwd : | testUserDefaults.swift:59:28:59:28 | x | This operation stores 'x' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:55:10:55:10 | passwd : | passwd |
51+
| testUserDefaults.swift:60:28:60:28 | y | testUserDefaults.swift:56:10:56:10 | passwd : | testUserDefaults.swift:60:28:60:28 | y | This operation stores 'y' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:56:10:56:10 | passwd : | passwd |
52+
| testUserDefaults.swift:61:28:61:28 | z | testUserDefaults.swift:57:10:57:10 | passwd : | testUserDefaults.swift:61:28:61:28 | z | This operation stores 'z' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:57:10:57:10 | passwd : | passwd |
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
queries/Security/CWE-312/CleartextStoragePreferences.ql
Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
2+
// --- stubs ---
3+
4+
class NSObject
5+
{
6+
}
7+
8+
class NSUbiquitousKeyValueStore : NSObject
9+
{
10+
class var `default`: NSUbiquitousKeyValueStore {
11+
return NSUbiquitousKeyValueStore()
12+
}
13+
14+
func set(_ value: Any?, forKey key: String) {}
15+
}
16+
17+
func encrypt(_ data: String) -> String { return data }
18+
func hash(data: inout String) { }
19+
20+
func getPassword() -> String { return "" }
21+
func doSomething(password: String) { }
22+
23+
// --- tests ---
24+
25+
func test1(password: String, passwordHash : String) {
26+
let store = NSUbiquitousKeyValueStore.default
27+
28+
store.set(password, forKey: "myKey") // BAD
29+
store.set(passwordHash, forKey: "myKey") // GOOD (not sensitive)
30+
}
31+
32+
class MyClass {
33+
var harmless = "abc"
34+
var password = "123"
35+
}
36+
37+
func test3(x: String) {
38+
// alternative evidence of sensitivity...
39+
40+
NSUbiquitousKeyValueStore.default.set(x, forKey: "myKey") // BAD [NOT REPORTED]
41+
doSomething(password: x);
42+
NSUbiquitousKeyValueStore.default.set(x, forKey: "myKey") // BAD
43+
44+
let y = getPassword();
45+
NSUbiquitousKeyValueStore.default.set(y, forKey: "myKey") // BAD
46+
47+
let z = MyClass()
48+
NSUbiquitousKeyValueStore.default.set(z.harmless, forKey: "myKey") // GOOD (not sensitive)
49+
NSUbiquitousKeyValueStore.default.set(z.password, forKey: "myKey") // BAD
50+
}
51+
52+
func test4(passwd: String) {
53+
// sanitizers...
54+
55+
var x = passwd;
56+
var y = passwd;
57+
var z = passwd;
58+
59+
NSUbiquitousKeyValueStore.default.set(x, forKey: "myKey") // BAD
60+
NSUbiquitousKeyValueStore.default.set(y, forKey: "myKey") // BAD
61+
NSUbiquitousKeyValueStore.default.set(z, forKey: "myKey") // BAD
62+
63+
x = encrypt(x);
64+
hash(data: &y);
65+
z = "";
66+
67+
NSUbiquitousKeyValueStore.default.set(x, forKey: "myKey") // GOOD (not sensitive)
68+
NSUbiquitousKeyValueStore.default.set(y, forKey: "myKey") // GOOD (not sensitive)
69+
NSUbiquitousKeyValueStore.default.set(z, forKey: "myKey") // GOOD (not sensitive)
70+
}
Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
2+
// --- stubs ---
3+
4+
class NSObject
5+
{
6+
}
7+
8+
class UserDefaults : NSObject
9+
{
10+
class var standard: UserDefaults {
11+
return UserDefaults()
12+
}
13+
14+
func set(_ value: Any?, forKey key: String) {}
15+
}
16+
17+
func encrypt(_ data: String) -> String { return data }
18+
func hash(data: inout String) { }
19+
20+
func getPassword() -> String { return "" }
21+
func doSomething(password: String) { }
22+
23+
// --- tests ---
24+
25+
func test1(password: String, passwordHash : String) {
26+
let defaults = UserDefaults.standard
27+
28+
defaults.set(password, forKey: "myKey") // BAD
29+
defaults.set(passwordHash, forKey: "myKey") // GOOD (not sensitive)
30+
}
31+
32+
class MyClass {
33+
var harmless = "abc"
34+
var password = "123"
35+
}
36+
37+
func test3(x: String) {
38+
// alternative evidence of sensitivity...
39+
40+
UserDefaults.standard.set(x, forKey: "myKey") // BAD [NOT REPORTED]
41+
doSomething(password: x);
42+
UserDefaults.standard.set(x, forKey: "myKey") // BAD
43+
44+
let y = getPassword();
45+
UserDefaults.standard.set(y, forKey: "myKey") // BAD
46+
47+
let z = MyClass()
48+
UserDefaults.standard.set(z.harmless, forKey: "myKey") // GOOD (not sensitive)
49+
UserDefaults.standard.set(z.password, forKey: "myKey") // BAD
50+
}
51+
52+
func test4(passwd: String) {
53+
// sanitizers...
54+
55+
var x = passwd;
56+
var y = passwd;
57+
var z = passwd;
58+
59+
UserDefaults.standard.set(x, forKey: "myKey") // BAD
60+
UserDefaults.standard.set(y, forKey: "myKey") // BAD
61+
UserDefaults.standard.set(z, forKey: "myKey") // BAD
62+
63+
x = encrypt(x);
64+
hash(data: &y);
65+
z = "";
66+
67+
UserDefaults.standard.set(x, forKey: "myKey") // GOOD (not sensitive)
68+
UserDefaults.standard.set(y, forKey: "myKey") // GOOD (not sensitive)
69+
UserDefaults.standard.set(z, forKey: "myKey") // GOOD (not sensitive)
70+
}

0 commit comments

Comments
 (0)