Skip to content

Commit 4225774

Browse files
geoffw0geoffw0
committed
Swift: Add test cases for swift/hardcoded-key.
1 parent 0f75987 commit 4225774

File tree

2 files changed

+45
-9
lines changed

2 files changed

+45
-9
lines changed

swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.expected

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,15 @@ edges
5151
| misc.swift:70:41:70:41 | myConstKey | misc.swift:30:7:30:7 | value | provenance | |
5252
| misc.swift:70:41:70:41 | myConstKey | misc.swift:70:2:70:18 | [post] getter for .config | provenance | |
5353
| misc.swift:70:41:70:41 | myConstKey | misc.swift:70:2:70:18 | [post] getter for .config [encryptionKey] | provenance | |
54+
| misc.swift:73:14:73:20 | k1 | misc.swift:76:26:76:29 | .utf8 | provenance | |
55+
| misc.swift:73:28:73:34 | k2 | misc.swift:77:26:77:29 | .utf8 | provenance | |
56+
| misc.swift:76:20:76:33 | call to Array<Element>.init(_:) [Collection element] | misc.swift:76:20:76:33 | call to Array<Element>.init(_:) | provenance | |
57+
| misc.swift:76:26:76:29 | .utf8 | misc.swift:76:20:76:33 | call to Array<Element>.init(_:) [Collection element] | provenance | |
58+
| misc.swift:77:20:77:33 | call to Array<Element>.init(_:) [Collection element] | misc.swift:77:20:77:33 | call to Array<Element>.init(_:) | provenance | |
59+
| misc.swift:77:26:77:29 | .utf8 | misc.swift:77:20:77:33 | call to Array<Element>.init(_:) [Collection element] | provenance | |
60+
| misc.swift:82:10:82:10 | abc123 | misc.swift:73:14:73:20 | k1 | provenance | |
61+
| misc.swift:83:10:83:10 | abc123 | misc.swift:73:14:73:20 | k1 | provenance | |
62+
| misc.swift:83:20:83:20 | abc123 | misc.swift:73:28:73:34 | k2 | provenance | |
5463
| rncryptor.swift:60:19:60:38 | call to Data.init(_:) | rncryptor.swift:65:73:65:73 | myConstKey | provenance | |
5564
| rncryptor.swift:60:19:60:38 | call to Data.init(_:) | rncryptor.swift:66:73:66:73 | myConstKey | provenance | |
5665
| rncryptor.swift:60:19:60:38 | call to Data.init(_:) | rncryptor.swift:67:73:67:73 | myConstKey | provenance | |
@@ -131,6 +140,17 @@ nodes
131140
| misc.swift:70:2:70:18 | [post] getter for .config | semmle.label | [post] getter for .config |
132141
| misc.swift:70:2:70:18 | [post] getter for .config [encryptionKey] | semmle.label | [post] getter for .config [encryptionKey] |
133142
| misc.swift:70:41:70:41 | myConstKey | semmle.label | myConstKey |
143+
| misc.swift:73:14:73:20 | k1 | semmle.label | k1 |
144+
| misc.swift:73:28:73:34 | k2 | semmle.label | k2 |
145+
| misc.swift:76:20:76:33 | call to Array<Element>.init(_:) | semmle.label | call to Array<Element>.init(_:) |
146+
| misc.swift:76:20:76:33 | call to Array<Element>.init(_:) [Collection element] | semmle.label | call to Array<Element>.init(_:) [Collection element] |
147+
| misc.swift:76:26:76:29 | .utf8 | semmle.label | .utf8 |
148+
| misc.swift:77:20:77:33 | call to Array<Element>.init(_:) | semmle.label | call to Array<Element>.init(_:) |
149+
| misc.swift:77:20:77:33 | call to Array<Element>.init(_:) [Collection element] | semmle.label | call to Array<Element>.init(_:) [Collection element] |
150+
| misc.swift:77:26:77:29 | .utf8 | semmle.label | .utf8 |
151+
| misc.swift:82:10:82:10 | abc123 | semmle.label | abc123 |
152+
| misc.swift:83:10:83:10 | abc123 | semmle.label | abc123 |
153+
| misc.swift:83:20:83:20 | abc123 | semmle.label | abc123 |
134154
| rncryptor.swift:60:19:60:38 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
135155
| rncryptor.swift:60:24:60:24 | abcdef123456 | semmle.label | abcdef123456 |
136156
| rncryptor.swift:65:73:65:73 | myConstKey | semmle.label | myConstKey |
@@ -194,6 +214,9 @@ subpaths
194214
| misc.swift:62:41:62:41 | myConstKey | misc.swift:57:24:57:24 | abcdef123456 | misc.swift:62:41:62:41 | myConstKey | The key 'myConstKey' has been initialized with hard-coded values from $@. | misc.swift:57:24:57:24 | abcdef123456 | abcdef123456 |
195215
| misc.swift:66:2:66:2 | [post] config | misc.swift:57:24:57:24 | abcdef123456 | misc.swift:66:2:66:2 | [post] config | The key '[post] config' has been initialized with hard-coded values from $@. | misc.swift:57:24:57:24 | abcdef123456 | abcdef123456 |
196216
| misc.swift:70:2:70:18 | [post] getter for .config | misc.swift:57:24:57:24 | abcdef123456 | misc.swift:70:2:70:18 | [post] getter for .config | The key '[post] getter for .config' has been initialized with hard-coded values from $@. | misc.swift:57:24:57:24 | abcdef123456 | abcdef123456 |
217+
| misc.swift:76:20:76:33 | call to Array<Element>.init(_:) | misc.swift:82:10:82:10 | abc123 | misc.swift:76:20:76:33 | call to Array<Element>.init(_:) | The key 'call to Array<Element>.init(_:)' has been initialized with hard-coded values from $@. | misc.swift:82:10:82:10 | abc123 | abc123 |
218+
| misc.swift:76:20:76:33 | call to Array<Element>.init(_:) | misc.swift:83:10:83:10 | abc123 | misc.swift:76:20:76:33 | call to Array<Element>.init(_:) | The key 'call to Array<Element>.init(_:)' has been initialized with hard-coded values from $@. | misc.swift:83:10:83:10 | abc123 | abc123 |
219+
| misc.swift:77:20:77:33 | call to Array<Element>.init(_:) | misc.swift:83:20:83:20 | abc123 | misc.swift:77:20:77:33 | call to Array<Element>.init(_:) | The key 'call to Array<Element>.init(_:)' has been initialized with hard-coded values from $@. | misc.swift:83:20:83:20 | abc123 | abc123 |
197220
| rncryptor.swift:65:73:65:73 | myConstKey | rncryptor.swift:60:24:60:24 | abcdef123456 | rncryptor.swift:65:73:65:73 | myConstKey | The key 'myConstKey' has been initialized with hard-coded values from $@. | rncryptor.swift:60:24:60:24 | abcdef123456 | abcdef123456 |
198221
| rncryptor.swift:66:73:66:73 | myConstKey | rncryptor.swift:60:24:60:24 | abcdef123456 | rncryptor.swift:66:73:66:73 | myConstKey | The key 'myConstKey' has been initialized with hard-coded values from $@. | rncryptor.swift:60:24:60:24 | abcdef123456 | abcdef123456 |
199222
| rncryptor.swift:67:73:67:73 | myConstKey | rncryptor.swift:60:24:60:24 | abcdef123456 | rncryptor.swift:67:73:67:73 | myConstKey | The key 'myConstKey' has been initialized with hard-coded values from $@. | rncryptor.swift:60:24:60:24 | abcdef123456 | abcdef123456 |

swift/ql/test/query-tests/Security/CWE-321/misc.swift

Lines changed: 22 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11

22
// --- stubs ---
33

4-
class Data {
4+
struct Data {
55
init<S>(_ elements: S) {}
66
}
77

@@ -31,16 +31,16 @@ extension Realm {
3131
}
3232
}
3333

34+
protocol BlockMode { }
3435

36+
struct CBC: BlockMode {
37+
init(iv: Array<UInt8>) { }
38+
}
3539

36-
37-
38-
39-
40-
41-
42-
43-
40+
class AES
41+
{
42+
init(key: Array<UInt8>, blockMode: BlockMode) { }
43+
}
4444

4545
// --- tests ---
4646

@@ -69,3 +69,16 @@ func test(myVarStr: String) {
6969
configContainer.config.encryptionKey = myVarKey // GOOD
7070
configContainer.config.encryptionKey = myConstKey // BAD
7171
}
72+
73+
func useKeys(_ k1: String, _ k2: String, _ k3: String, _ myIV: Array<UInt8>) {
74+
// --- cryptoswift ---
75+
76+
let a1 = AES(key: Array(k1.utf8), blockMode: CBC(iv: myIV)) // BAD
77+
let a2 = AES(key: Array(k2.utf8), blockMode: CBC(iv: myIV)) // BAD
78+
let a3 = AES(key: Array(k3.utf8), blockMode: CBC(iv: myIV)) // GOOD
79+
}
80+
81+
func caller(varString: String, myIV: Array<UInt8>) {
82+
useKeys("abc123", varString, varString, myIV)
83+
useKeys("abc123", "abc123", varString, myIV)
84+
}

0 commit comments

Comments
 (0)