add false negatives to the test case

karimhamdanali · karimhamdanali · commit bbc03a1578da · 2022-10-17T12:54:34.000+02:00
diff --git a/swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.expected b/swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.expected
@@ -1,71 +1,65 @@
 edges
-| test.swift:76:3:76:3 | this string is constant :  | test.swift:91:18:91:36 | call to getConstantString() :  |
-| test.swift:90:26:90:121 | [...] :  | test.swift:105:21:105:21 | key |
-| test.swift:90:26:90:121 | [...] :  | test.swift:106:21:106:21 | key |
-| test.swift:90:26:90:121 | [...] :  | test.swift:116:22:116:22 | key |
+| test.swift:76:3:76:3 | this string is constant :  | test.swift:92:18:92:36 | call to getConstantString() :  |
 | test.swift:90:26:90:121 | [...] :  | test.swift:117:22:117:22 | key |
-| test.swift:90:26:90:121 | [...] :  | test.swift:127:26:127:26 | key |
-| test.swift:90:26:90:121 | [...] :  | test.swift:134:25:134:25 | key |
-| test.swift:90:26:90:121 | [...] :  | test.swift:139:25:139:25 | key |
-| test.swift:90:26:90:121 | [...] :  | test.swift:144:26:144:26 | key |
-| test.swift:90:26:90:121 | [...] :  | test.swift:149:26:149:26 | key |
+| test.swift:90:26:90:121 | [...] :  | test.swift:118:22:118:22 | key |
+| test.swift:90:26:90:121 | [...] :  | test.swift:128:26:128:26 | key |
+| test.swift:90:26:90:121 | [...] :  | test.swift:135:25:135:25 | key |
+| test.swift:90:26:90:121 | [...] :  | test.swift:140:25:140:25 | key |
+| test.swift:90:26:90:121 | [...] :  | test.swift:145:26:145:26 | key |
 | test.swift:90:26:90:121 | [...] :  | test.swift:150:26:150:26 | key |
-| test.swift:90:26:90:121 | [...] :  | test.swift:160:24:160:24 | key |
-| test.swift:90:26:90:121 | [...] :  | test.swift:162:24:162:24 | key |
-| test.swift:91:18:91:36 | call to getConstantString() :  | test.swift:107:21:107:21 | keyString |
-| test.swift:91:18:91:36 | call to getConstantString() :  | test.swift:108:21:108:21 | keyString |
-| test.swift:91:18:91:36 | call to getConstantString() :  | test.swift:118:22:118:22 | keyString |
-| test.swift:91:18:91:36 | call to getConstantString() :  | test.swift:119:22:119:22 | keyString |
-| test.swift:91:18:91:36 | call to getConstantString() :  | test.swift:128:26:128:26 | keyString |
-| test.swift:91:18:91:36 | call to getConstantString() :  | test.swift:151:26:151:26 | keyString |
-| test.swift:91:18:91:36 | call to getConstantString() :  | test.swift:152:26:152:26 | keyString |
-| test.swift:91:18:91:36 | call to getConstantString() :  | test.swift:161:24:161:24 | keyString |
-| test.swift:91:18:91:36 | call to getConstantString() :  | test.swift:163:24:163:24 | keyString |
+| test.swift:90:26:90:121 | [...] :  | test.swift:151:26:151:26 | key |
+| test.swift:90:26:90:121 | [...] :  | test.swift:161:24:161:24 | key |
+| test.swift:90:26:90:121 | [...] :  | test.swift:163:24:163:24 | key |
+| test.swift:92:18:92:36 | call to getConstantString() :  | test.swift:108:21:108:21 | keyString |
+| test.swift:92:18:92:36 | call to getConstantString() :  | test.swift:109:21:109:21 | keyString |
+| test.swift:92:18:92:36 | call to getConstantString() :  | test.swift:119:22:119:22 | keyString |
+| test.swift:92:18:92:36 | call to getConstantString() :  | test.swift:120:22:120:22 | keyString |
+| test.swift:92:18:92:36 | call to getConstantString() :  | test.swift:129:26:129:26 | keyString |
+| test.swift:92:18:92:36 | call to getConstantString() :  | test.swift:152:26:152:26 | keyString |
+| test.swift:92:18:92:36 | call to getConstantString() :  | test.swift:153:26:153:26 | keyString |
+| test.swift:92:18:92:36 | call to getConstantString() :  | test.swift:162:24:162:24 | keyString |
+| test.swift:92:18:92:36 | call to getConstantString() :  | test.swift:164:24:164:24 | keyString |
 nodes
 | test.swift:76:3:76:3 | this string is constant :  | semmle.label | this string is constant :  |
 | test.swift:90:26:90:121 | [...] :  | semmle.label | [...] :  |
-| test.swift:91:18:91:36 | call to getConstantString() :  | semmle.label | call to getConstantString() :  |
-| test.swift:105:21:105:21 | key | semmle.label | key |
-| test.swift:106:21:106:21 | key | semmle.label | key |
-| test.swift:107:21:107:21 | keyString | semmle.label | keyString |
+| test.swift:92:18:92:36 | call to getConstantString() :  | semmle.label | call to getConstantString() :  |
 | test.swift:108:21:108:21 | keyString | semmle.label | keyString |
-| test.swift:116:22:116:22 | key | semmle.label | key |
+| test.swift:109:21:109:21 | keyString | semmle.label | keyString |
 | test.swift:117:22:117:22 | key | semmle.label | key |
-| test.swift:118:22:118:22 | keyString | semmle.label | keyString |
+| test.swift:118:22:118:22 | key | semmle.label | key |
 | test.swift:119:22:119:22 | keyString | semmle.label | keyString |
-| test.swift:127:26:127:26 | key | semmle.label | key |
-| test.swift:128:26:128:26 | keyString | semmle.label | keyString |
-| test.swift:134:25:134:25 | key | semmle.label | key |
-| test.swift:139:25:139:25 | key | semmle.label | key |
-| test.swift:144:26:144:26 | key | semmle.label | key |
-| test.swift:149:26:149:26 | key | semmle.label | key |
+| test.swift:120:22:120:22 | keyString | semmle.label | keyString |
+| test.swift:128:26:128:26 | key | semmle.label | key |
+| test.swift:129:26:129:26 | keyString | semmle.label | keyString |
+| test.swift:135:25:135:25 | key | semmle.label | key |
+| test.swift:140:25:140:25 | key | semmle.label | key |
+| test.swift:145:26:145:26 | key | semmle.label | key |
 | test.swift:150:26:150:26 | key | semmle.label | key |
-| test.swift:151:26:151:26 | keyString | semmle.label | keyString |
+| test.swift:151:26:151:26 | key | semmle.label | key |
 | test.swift:152:26:152:26 | keyString | semmle.label | keyString |
-| test.swift:160:24:160:24 | key | semmle.label | key |
-| test.swift:161:24:161:24 | keyString | semmle.label | keyString |
-| test.swift:162:24:162:24 | key | semmle.label | key |
-| test.swift:163:24:163:24 | keyString | semmle.label | keyString |
+| test.swift:153:26:153:26 | keyString | semmle.label | keyString |
+| test.swift:161:24:161:24 | key | semmle.label | key |
+| test.swift:162:24:162:24 | keyString | semmle.label | keyString |
+| test.swift:163:24:163:24 | key | semmle.label | key |
+| test.swift:164:24:164:24 | keyString | semmle.label | keyString |
 subpaths
 #select
-| test.swift:105:21:105:21 | key | test.swift:90:26:90:121 | [...] :  | test.swift:105:21:105:21 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
-| test.swift:106:21:106:21 | key | test.swift:90:26:90:121 | [...] :  | test.swift:106:21:106:21 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
-| test.swift:107:21:107:21 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:107:21:107:21 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
 | test.swift:108:21:108:21 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:108:21:108:21 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
-| test.swift:116:22:116:22 | key | test.swift:90:26:90:121 | [...] :  | test.swift:116:22:116:22 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
+| test.swift:109:21:109:21 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:109:21:109:21 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
 | test.swift:117:22:117:22 | key | test.swift:90:26:90:121 | [...] :  | test.swift:117:22:117:22 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
-| test.swift:118:22:118:22 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:118:22:118:22 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
+| test.swift:118:22:118:22 | key | test.swift:90:26:90:121 | [...] :  | test.swift:118:22:118:22 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
 | test.swift:119:22:119:22 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:119:22:119:22 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
-| test.swift:127:26:127:26 | key | test.swift:90:26:90:121 | [...] :  | test.swift:127:26:127:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
-| test.swift:128:26:128:26 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:128:26:128:26 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
-| test.swift:134:25:134:25 | key | test.swift:90:26:90:121 | [...] :  | test.swift:134:25:134:25 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
-| test.swift:139:25:139:25 | key | test.swift:90:26:90:121 | [...] :  | test.swift:139:25:139:25 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
-| test.swift:144:26:144:26 | key | test.swift:90:26:90:121 | [...] :  | test.swift:144:26:144:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
-| test.swift:149:26:149:26 | key | test.swift:90:26:90:121 | [...] :  | test.swift:149:26:149:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
+| test.swift:120:22:120:22 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:120:22:120:22 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
+| test.swift:128:26:128:26 | key | test.swift:90:26:90:121 | [...] :  | test.swift:128:26:128:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
+| test.swift:129:26:129:26 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:129:26:129:26 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
+| test.swift:135:25:135:25 | key | test.swift:90:26:90:121 | [...] :  | test.swift:135:25:135:25 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
+| test.swift:140:25:140:25 | key | test.swift:90:26:90:121 | [...] :  | test.swift:140:25:140:25 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
+| test.swift:145:26:145:26 | key | test.swift:90:26:90:121 | [...] :  | test.swift:145:26:145:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
 | test.swift:150:26:150:26 | key | test.swift:90:26:90:121 | [...] :  | test.swift:150:26:150:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
-| test.swift:151:26:151:26 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:151:26:151:26 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
+| test.swift:151:26:151:26 | key | test.swift:90:26:90:121 | [...] :  | test.swift:151:26:151:26 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
 | test.swift:152:26:152:26 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:152:26:152:26 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
-| test.swift:160:24:160:24 | key | test.swift:90:26:90:121 | [...] :  | test.swift:160:24:160:24 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
-| test.swift:161:24:161:24 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:161:24:161:24 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
-| test.swift:162:24:162:24 | key | test.swift:90:26:90:121 | [...] :  | test.swift:162:24:162:24 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
-| test.swift:163:24:163:24 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:163:24:163:24 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
+| test.swift:153:26:153:26 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:153:26:153:26 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
+| test.swift:161:24:161:24 | key | test.swift:90:26:90:121 | [...] :  | test.swift:161:24:161:24 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
+| test.swift:162:24:162:24 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:162:24:162:24 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
+| test.swift:163:24:163:24 | key | test.swift:90:26:90:121 | [...] :  | test.swift:163:24:163:24 | key | The key 'key' has been initialized with hard-coded values from $@. | test.swift:90:26:90:121 | [...] :  | [...] |
+| test.swift:164:24:164:24 | keyString | test.swift:76:3:76:3 | this string is constant :  | test.swift:164:24:164:24 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | test.swift:76:3:76:3 | this string is constant :  | this string is constant |
diff --git a/swift/ql/test/query-tests/Security/CWE-321/test.swift b/swift/ql/test/query-tests/Security/CWE-321/test.swift
@@ -88,6 +88,7 @@ func getRandomArray() -> Array<UInt8> {
 
 func test() {
 	let key: Array<UInt8> = [0x2a, 0x3a, 0x80, 0x05, 0xaf, 0x46, 0x58, 0x2d, 0x66, 0x52, 0x10, 0xae, 0x86, 0xd3, 0x8e, 0x8f]
+	let key2 = getConstantArray()
 	let keyString = getConstantString()
 
 	let randomArray = getRandomArray()
@@ -102,8 +103,8 @@ func test() {
 	let ivString = String(cString: iv)
 
 	// AES test cases
-	let ab1 = AES(key: key, blockMode: blockMode, padding: padding) // BAD
-	let ab2 = AES(key: key, blockMode: blockMode) // BAD
+	let ab1 = AES(key: key2, blockMode: blockMode, padding: padding) // BAD [NOT DETECTED]
+	let ab2 = AES(key: key2, blockMode: blockMode) // BAD [NOT DETECTED]
 	let ab3 = AES(key: keyString, iv: ivString) // BAD
 	let ab4 = AES(key: keyString, iv: ivString, padding: padding) // BAD
 
