Swift: Mention key management in the .qhelp + add a reference about key management.

Author: geoffw0

swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.qhelp

@@ -12,7 +12,7 @@
 </recommendation>
 <example>
 
-<p>The following example shows three cases of storing information using the Core Data library. In the 'BAD' case, the data that is stored is sensitive (a credit card number) and is not encrypted.  In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption.</p>
+<p>The following example shows three cases of storing information using the Core Data library. In the 'BAD' case, the data that is stored is sensitive (a credit card number) and is not encrypted. In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption. When encryption is used, care must be taken to select a secure modern encryption algorithm and put suitable key management practices into place.</p>
 
 <sample src="CleartextStorageDatabase.swift" />
 
@@ -23,6 +23,10 @@
   OWASP Top 10:2021:
   <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">A02:2021 � Cryptographic Failures</a>.
 </li>
+<li>
+  OWASP:
+  <a href="https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html">Key Management Cheat Sheet</a>.
+</li>
 
 </references>
 </qhelp>

swift/ql/src/queries/Security/CWE-311/CleartextTransmission.qhelp

@@ -12,7 +12,7 @@
 </recommendation>
 <example>
 
-<p>The following example shows three cases of transmitting information. In the 'BAD' case, the data transmitted is sensitive (a credit card number) and is not encrypted.  In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption.</p>
+<p>The following example shows three cases of transmitting information. In the 'BAD' case, the data transmitted is sensitive (a credit card number) and is not encrypted.  In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption. When encryption is used, care must be taken to select a secure modern encryption algorithm and put suitable key management practices into place.</p>
 
 <sample src="CleartextTransmission.swift" />
 
@@ -23,6 +23,10 @@
   OWASP Top 10:2021:
   <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/">A02:2021 � Cryptographic Failures</a>.
 </li>
+<li>
+  OWASP:
+  <a href="https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html">Key Management Cheat Sheet</a>.
+</li>
 
 </references>
 </qhelp>

swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.qhelp

@@ -12,7 +12,7 @@
 </recommendation>
 <example>
 
-<p>The following example shows three cases of storing information using UserDefaults. In the 'BAD' case, the data that is stored is sensitive (a credit card number) and is not encrypted.  In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption.</p>
+<p>The following example shows three cases of storing information using UserDefaults. In the 'BAD' case, the data that is stored is sensitive (a credit card number) and is not encrypted.  In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption. When encryption is used, care must be taken to select a secure modern encryption algorithm and put suitable key management practices into place.</p>
 
 <sample src="CleartextStoragePreferences.swift" />
 
@@ -26,6 +26,10 @@
 <li>
 Apple Developer Documentation: <a href="https://developer.apple.com/documentation/foundation/userdefaults">UserDefaults</a>, <a href="https://developer.apple.com/documentation/foundation/nsubiquitouskeyvaluestore">NSUbiquitousKeyValueStore</a>
 </li>
+<li>
+  OWASP:
+  <a href="https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html">Key Management Cheat Sheet</a>.
+</li>
 
 </references>
 </qhelp>