Skip to content

Commit b348dc2

Browse files
geoffw0geoffw0
committed
Swift: Extend cleartext logging tests (test cases).
1 parent 2a69b03 commit b348dc2

File tree

1 file changed

+47
-0
lines changed

1 file changed

+47
-0
lines changed

swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -335,3 +335,50 @@ func test5(password: String, caseNum: Int) {
335335
fatalError(password) // $ MISSING: hasCleartextLogging=335
336336
}
337337
}
338+
339+
func test6(passwordString: String) {
340+
let e = NSException(name: NSExceptionName("exception"), reason: "\(passwordString) is incorrect!", userInfo: nil) // $ MISSING: hasCleartextLogging=
341+
e.raise()
342+
343+
NSException.raise(NSExceptionName("exception"), format: "\(passwordString) is incorrect!", arguments: getVaList([])) // $ MISSING: hasCleartextLogging=
344+
NSException.raise(NSExceptionName("exception"), format: "%s is incorrect!", arguments: getVaList([passwordString])) // $ MISSING: hasCleartextLogging=
345+
346+
_ = dprintf(0, "\(passwordString) is incorrect!") // $ MISSING: hasCleartextLogging=
347+
_ = dprintf(0, "%s is incorrect!", passwordString) // $ MISSING: hasCleartextLogging=
348+
_ = dprintf(0, "%s: %s is incorrect!", "foo", passwordString) // $ MISSING: hasCleartextLogging=
349+
_ = vprintf("\(passwordString) is incorrect!", getVaList([])) // $ MISSING: hasCleartextLogging=
350+
_ = vprintf("%s is incorrect!", getVaList([passwordString])) // $ MISSING: hasCleartextLogging=
351+
_ = vfprintf(nil, "\(passwordString) is incorrect!", getVaList([])) // $ hasCleartextLogging=351
352+
_ = vfprintf(nil, "%s is incorrect!", getVaList([passwordString])) // $ hasCleartextLogging=352
353+
_ = vasprintf_l(nil, nil, "\(passwordString) is incorrect!", getVaList([])) // good (`sprintf` is not logging)
354+
_ = vasprintf_l(nil, nil, "%s is incorrect!", getVaList([passwordString])) // good (`sprintf` is not logging)
355+
}
356+
357+
func test7(authKey: String, authKey2: Int, authKey3: Float) {
358+
log(message: authKey) // $ MISSING: hasCleartextLogging=
359+
log(message: String(authKey2)) // $ MISSING: hasCleartextLogging=
360+
logging(message: authKey) // $ MISSING: hasCleartextLogging=
361+
logfile(file: 0, message: authKey) // $ MISSING: hasCleartextLogging=
362+
logMessage(NSString(string: authKey)) // $ MISSING: hasCleartextLogging=
363+
logInfo(authKey) // $ MISSING: hasCleartextLogging=
364+
logError(errorMsg: authKey) // $ MISSING: hasCleartextLogging=
365+
harmless(authKey) // GOOD: not logging
366+
logarithm(authKey3) // GOOD: not logging
367+
doLogin(login: authKey) // GOOD: not logging
368+
369+
let logger = LogFile()
370+
let msg = "authKey: " + authKey
371+
logger.log(msg) // $ MISSING: hasCleartextLogging=
372+
logger.trace(msg) // $ MISSING: hasCleartextLogging=
373+
logger.debug(msg) // $ MISSING: hasCleartextLogging=
374+
logger.info(NSString(string: msg)) // $ MISSING: hasCleartextLogging=
375+
logger.notice(msg) // $ MISSING: hasCleartextLogging=
376+
logger.warning(msg) // $ MISSING: hasCleartextLogging=
377+
logger.error(msg) // $ MISSING: hasCleartextLogging=
378+
logger.critical(msg) // $ MISSING: hasCleartextLogging=
379+
logger.fatal(msg) // $ MISSING: hasCleartextLogging=
380+
381+
let logic = Logic()
382+
logic.addInt(authKey2) // GOOD: not logging
383+
logic.addString(authKey) // GOOD: not logging
384+
}

0 commit comments

Comments
 (0)