Skip to content

Commit 49a41c9

Browse files
atorralbaatorralba
committed
Test that hashed passwords are 'safe' to log
This doesn't seem completely right, but the heuristic approach we have regarding sensitive expressions has to draw the line somewhere.
1 parent 160d89f commit 49a41c9

File tree

1 file changed

+35
-23
lines changed

1 file changed

+35
-23
lines changed

swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift

Lines changed: 35 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -90,36 +90,48 @@ func test1(password: String, passwordHash : String) {
9090
print(password, separator: "", terminator: "") // $ MISSING: hasCleartextLogging=90
9191
print("", separator: password, terminator: "") // $ hasCleartextLogging=91
9292
print("", separator: "", terminator: password) // $ hasCleartextLogging=92
93+
print(passwordHash) // Safe
9394

94-
NSLog(password) // $ hasCleartextLogging=94
95-
NSLog("%@", password as! CVarArg) // $ MISSING: hasCleartextLogging=95
96-
NSLog("%@ %@", "" as! CVarArg, password as! CVarArg) // $ MISSING: hasCleartextLogging=96
97-
NSLog("\(password)") // $ hasCleartextLogging=97
98-
NSLogv("%@", getVaList([password as! CVarArg])) // $ MISSING: hasCleartextLogging=98
99-
NSLogv("%@ %@", getVaList(["" as! CVarArg, password as! CVarArg])) // $ MISSING: hasCleartextLogging=99
95+
NSLog(password) // $ hasCleartextLogging=95
96+
NSLog("%@", password as! CVarArg) // $ MISSING: hasCleartextLogging=96
97+
NSLog("%@ %@", "" as! CVarArg, password as! CVarArg) // $ MISSING: hasCleartextLogging=97
98+
NSLog("\(password)") // $ hasCleartextLogging=98
99+
NSLogv("%@", getVaList([password as! CVarArg])) // $ MISSING: hasCleartextLogging=99
100+
NSLogv("%@ %@", getVaList(["" as! CVarArg, password as! CVarArg])) // $ MISSING: hasCleartextLogging=100
101+
NSLog(passwordHash) // SAfe
102+
NSLogv("%@", getVaList([passwordHash as! CVarArg])) // Safe
100103

101104
let bankAccount: Int = 0
102105
let log = Logger()
103106
// These MISSING test cases will be fixed when we properly generate the CFG around autoclosures.
104107
log.log("\(password)") // Safe
105108
log.log("\(password, privacy: .auto)") // Safe
106109
log.log("\(password, privacy: .private)") // Safe
107-
log.log("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=107
110+
log.log("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=110
111+
log.log("\(passwordHash, privacy: .public)") // Safe
108112
log.log("\(password, privacy: .sensitive)") // Safe
109-
log.log("\(bankAccount)") // $ MISSING: hasCleartextLogging=109
110-
log.log("\(bankAccount, privacy: .auto)") // $ MISSING: hasCleartextLogging=110
113+
log.log("\(bankAccount)") // $ MISSING: hasCleartextLogging=113
114+
log.log("\(bankAccount, privacy: .auto)") // $ MISSING: hasCleartextLogging=114
111115
log.log("\(bankAccount, privacy: .private)") // Safe
112-
log.log("\(bankAccount, privacy: .public)") // $ MISSING: hasCleartextLogging=112
116+
log.log("\(bankAccount, privacy: .public)") // $ MISSING: hasCleartextLogging=116
113117
log.log("\(bankAccount, privacy: .sensitive)") // Safe
114-
log.log(level: .default, "\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=114
115-
log.trace("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=115
116-
log.debug("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=116
117-
log.info("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=117
118-
log.notice("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=118
119-
log.warning("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=119
120-
log.error("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=120
121-
log.critical("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=121
122-
log.fault("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=122
118+
log.log(level: .default, "\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=118
119+
log.trace("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=119
120+
log.trace("\(passwordHash, privacy: .public)") // Safe
121+
log.debug("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=121
122+
log.debug("\(passwordHash, privacy: .public)") // Safe
123+
log.info("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=123
124+
log.info("\(passwordHash, privacy: .public)") // Safe
125+
log.notice("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=125
126+
log.notice("\(passwordHash, privacy: .public)") // Safe
127+
log.warning("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=127
128+
log.warning("\(passwordHash, privacy: .public)") // Safe
129+
log.error("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=129
130+
log.error("\(passwordHash, privacy: .public)") // Safe
131+
log.critical("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=131
132+
log.critical("\(passwordHash, privacy: .public)") // Safe
133+
log.fault("\(password, privacy: .public)") // $ MISSING: hasCleartextLogging=133
134+
log.fault("\(passwordHash, privacy: .public)") // Safe
123135
}
124136

125137
class MyClass {
@@ -133,14 +145,14 @@ func doSomething(password: String) { }
133145
func test3(x: String) {
134146
// alternative evidence of sensitivity...
135147

136-
NSLog(x) // $ MISSING: hasCleartextLogging=137
148+
NSLog(x) // $ MISSING: hasCleartextLogging=148
137149
doSomething(password: x);
138-
NSLog(x) // $ hasCleartextLogging=137
150+
NSLog(x) // $ hasCleartextLogging=149
139151

140152
let y = getPassword();
141-
NSLog(y) // $ hasCleartextLogging=140
153+
NSLog(y) // $ hasCleartextLogging=152
142154

143155
let z = MyClass()
144156
NSLog(z.harmless) // Safe
145-
NSLog(z.password) // $ hasCleartextLogging=145
157+
NSLog(z.password) // $ hasCleartextLogging=157
146158
}

0 commit comments

Comments
 (0)