Skip to content

Commit 170fde5

Browse files
committed
Swift: Add some more test cases.
1 parent 7feab09 commit 170fde5

File tree

3 files changed

+74
-0
lines changed

3 files changed

+74
-0
lines changed

swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
edges
2+
| file://:0:0:0:0 | self [value] : | file://:0:0:0:0 | .value : |
23
| file://:0:0:0:0 | value : | file://:0:0:0:0 | [post] self [data] : |
34
| file://:0:0:0:0 | value : | file://:0:0:0:0 | [post] self [notStoredBankAccountNumber] : |
5+
| file://:0:0:0:0 | value : | file://:0:0:0:0 | [post] self [value] : |
46
| testCoreData2.swift:23:13:23:13 | value : | file://:0:0:0:0 | value : |
57
| testCoreData2.swift:37:2:37:2 | [post] obj [myValue] : | testCoreData2.swift:37:2:37:2 | [post] obj |
68
| testCoreData2.swift:37:16:37:16 | bankAccountNo : | testCoreData2.swift:37:2:37:2 | [post] obj [myValue] : |
@@ -29,6 +31,8 @@ edges
2931
| testCoreData2.swift:65:3:65:3 | [post] obj [myBankAccountNumber] : | testCoreData2.swift:65:3:65:3 | [post] obj |
3032
| testCoreData2.swift:65:29:65:29 | bankAccountNo : | testCoreData2.swift:65:3:65:3 | [post] obj [myBankAccountNumber] : |
3133
| testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : |
34+
| testCoreData2.swift:70:9:70:9 | self [value] : | file://:0:0:0:0 | self [value] : |
35+
| testCoreData2.swift:70:9:70:9 | value : | file://:0:0:0:0 | value : |
3236
| testCoreData2.swift:71:9:71:9 | self : | file://:0:0:0:0 | .value2 : |
3337
| testCoreData2.swift:79:2:79:2 | [post] dbObj [myValue] : | testCoreData2.swift:79:2:79:2 | [post] dbObj |
3438
| testCoreData2.swift:79:18:79:28 | .bankAccountNo : | testCoreData2.swift:79:2:79:2 | [post] dbObj [myValue] : |
@@ -78,6 +82,30 @@ edges
7882
| testCoreData2.swift:92:10:92:12 | .value : | testCoreData2.swift:93:18:93:18 | b : |
7983
| testCoreData2.swift:93:2:93:2 | [post] dbObj [myValue] : | testCoreData2.swift:93:2:93:2 | [post] dbObj |
8084
| testCoreData2.swift:93:18:93:18 | b : | testCoreData2.swift:93:2:93:2 | [post] dbObj [myValue] : |
85+
| testCoreData2.swift:95:10:95:10 | bankAccountNo : | testCoreData2.swift:97:12:97:12 | c : |
86+
| testCoreData2.swift:95:10:95:10 | bankAccountNo : | testCoreData2.swift:97:12:97:14 | .value : |
87+
| testCoreData2.swift:97:2:97:2 | [post] d [value] : | testCoreData2.swift:98:18:98:18 | d [value] : |
88+
| testCoreData2.swift:97:12:97:12 | c : | testCoreData2.swift:70:9:70:9 | self : |
89+
| testCoreData2.swift:97:12:97:12 | c : | testCoreData2.swift:97:12:97:14 | .value : |
90+
| testCoreData2.swift:97:12:97:14 | .value : | testCoreData2.swift:70:9:70:9 | value : |
91+
| testCoreData2.swift:97:12:97:14 | .value : | testCoreData2.swift:97:2:97:2 | [post] d [value] : |
92+
| testCoreData2.swift:98:2:98:2 | [post] dbObj [myValue] : | testCoreData2.swift:98:2:98:2 | [post] dbObj |
93+
| testCoreData2.swift:98:18:98:18 | d [value] : | testCoreData2.swift:70:9:70:9 | self [value] : |
94+
| testCoreData2.swift:98:18:98:18 | d [value] : | testCoreData2.swift:98:18:98:20 | .value : |
95+
| testCoreData2.swift:98:18:98:20 | .value : | testCoreData2.swift:98:2:98:2 | [post] dbObj [myValue] : |
96+
| testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:104:18:104:18 | e : |
97+
| testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:104:18:104:20 | .value : |
98+
| testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:105:18:105:18 | e : |
99+
| testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:105:18:105:20 | ...! : |
100+
| testCoreData2.swift:104:2:104:2 | [post] dbObj [myValue] : | testCoreData2.swift:104:2:104:2 | [post] dbObj |
101+
| testCoreData2.swift:104:18:104:18 | e : | testCoreData2.swift:70:9:70:9 | self : |
102+
| testCoreData2.swift:104:18:104:18 | e : | testCoreData2.swift:104:18:104:20 | .value : |
103+
| testCoreData2.swift:104:18:104:20 | .value : | testCoreData2.swift:104:2:104:2 | [post] dbObj [myValue] : |
104+
| testCoreData2.swift:105:2:105:2 | [post] dbObj [myValue] : | testCoreData2.swift:105:2:105:2 | [post] dbObj |
105+
| testCoreData2.swift:105:18:105:18 | e : | testCoreData2.swift:71:9:71:9 | self : |
106+
| testCoreData2.swift:105:18:105:18 | e : | testCoreData2.swift:105:18:105:20 | .value2 : |
107+
| testCoreData2.swift:105:18:105:20 | ...! : | testCoreData2.swift:105:2:105:2 | [post] dbObj [myValue] : |
108+
| testCoreData2.swift:105:18:105:20 | .value2 : | testCoreData2.swift:105:18:105:20 | ...! : |
81109
| testCoreData.swift:18:19:18:26 | value : | testCoreData.swift:19:12:19:12 | value |
82110
| testCoreData.swift:31:3:31:3 | newValue : | testCoreData.swift:32:13:32:13 | newValue |
83111
| testCoreData.swift:61:25:61:25 | password : | testCoreData.swift:18:19:18:26 | value : |
@@ -156,8 +184,12 @@ edges
156184
nodes
157185
| file://:0:0:0:0 | .value2 : | semmle.label | .value2 : |
158186
| file://:0:0:0:0 | .value : | semmle.label | .value : |
187+
| file://:0:0:0:0 | .value : | semmle.label | .value : |
159188
| file://:0:0:0:0 | [post] self [data] : | semmle.label | [post] self [data] : |
160189
| file://:0:0:0:0 | [post] self [notStoredBankAccountNumber] : | semmle.label | [post] self [notStoredBankAccountNumber] : |
190+
| file://:0:0:0:0 | [post] self [value] : | semmle.label | [post] self [value] : |
191+
| file://:0:0:0:0 | self [value] : | semmle.label | self [value] : |
192+
| file://:0:0:0:0 | value : | semmle.label | value : |
161193
| file://:0:0:0:0 | value : | semmle.label | value : |
162194
| file://:0:0:0:0 | value : | semmle.label | value : |
163195
| testCoreData2.swift:23:13:23:13 | value : | semmle.label | value : |
@@ -198,6 +230,8 @@ nodes
198230
| testCoreData2.swift:65:3:65:3 | [post] obj [myBankAccountNumber] : | semmle.label | [post] obj [myBankAccountNumber] : |
199231
| testCoreData2.swift:65:29:65:29 | bankAccountNo : | semmle.label | bankAccountNo : |
200232
| testCoreData2.swift:70:9:70:9 | self : | semmle.label | self : |
233+
| testCoreData2.swift:70:9:70:9 | self [value] : | semmle.label | self [value] : |
234+
| testCoreData2.swift:70:9:70:9 | value : | semmle.label | value : |
201235
| testCoreData2.swift:71:9:71:9 | self : | semmle.label | self : |
202236
| testCoreData2.swift:79:2:79:2 | [post] dbObj | semmle.label | [post] dbObj |
203237
| testCoreData2.swift:79:2:79:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
@@ -245,6 +279,24 @@ nodes
245279
| testCoreData2.swift:93:2:93:2 | [post] dbObj | semmle.label | [post] dbObj |
246280
| testCoreData2.swift:93:2:93:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
247281
| testCoreData2.swift:93:18:93:18 | b : | semmle.label | b : |
282+
| testCoreData2.swift:95:10:95:10 | bankAccountNo : | semmle.label | bankAccountNo : |
283+
| testCoreData2.swift:97:2:97:2 | [post] d [value] : | semmle.label | [post] d [value] : |
284+
| testCoreData2.swift:97:12:97:12 | c : | semmle.label | c : |
285+
| testCoreData2.swift:97:12:97:14 | .value : | semmle.label | .value : |
286+
| testCoreData2.swift:98:2:98:2 | [post] dbObj | semmle.label | [post] dbObj |
287+
| testCoreData2.swift:98:2:98:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
288+
| testCoreData2.swift:98:18:98:18 | d [value] : | semmle.label | d [value] : |
289+
| testCoreData2.swift:98:18:98:20 | .value : | semmle.label | .value : |
290+
| testCoreData2.swift:101:10:101:10 | bankAccountNo : | semmle.label | bankAccountNo : |
291+
| testCoreData2.swift:104:2:104:2 | [post] dbObj | semmle.label | [post] dbObj |
292+
| testCoreData2.swift:104:2:104:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
293+
| testCoreData2.swift:104:18:104:18 | e : | semmle.label | e : |
294+
| testCoreData2.swift:104:18:104:20 | .value : | semmle.label | .value : |
295+
| testCoreData2.swift:105:2:105:2 | [post] dbObj | semmle.label | [post] dbObj |
296+
| testCoreData2.swift:105:2:105:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
297+
| testCoreData2.swift:105:18:105:18 | e : | semmle.label | e : |
298+
| testCoreData2.swift:105:18:105:20 | ...! : | semmle.label | ...! : |
299+
| testCoreData2.swift:105:18:105:20 | .value2 : | semmle.label | .value2 : |
248300
| testCoreData.swift:18:19:18:26 | value : | semmle.label | value : |
249301
| testCoreData.swift:19:12:19:12 | value | semmle.label | value |
250302
| testCoreData.swift:31:3:31:3 | newValue : | semmle.label | newValue : |
@@ -392,6 +444,11 @@ subpaths
392444
| testCoreData2.swift:88:22:88:22 | bankAccountNo : | testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : | testCoreData2.swift:88:22:88:36 | .value : |
393445
| testCoreData2.swift:89:22:89:22 | ...! : | testCoreData2.swift:71:9:71:9 | self : | file://:0:0:0:0 | .value2 : | testCoreData2.swift:89:22:89:37 | .value2 : |
394446
| testCoreData2.swift:92:10:92:10 | a : | testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : | testCoreData2.swift:92:10:92:12 | .value : |
447+
| testCoreData2.swift:97:12:97:12 | c : | testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : | testCoreData2.swift:97:12:97:14 | .value : |
448+
| testCoreData2.swift:97:12:97:14 | .value : | testCoreData2.swift:70:9:70:9 | value : | file://:0:0:0:0 | [post] self [value] : | testCoreData2.swift:97:2:97:2 | [post] d [value] : |
449+
| testCoreData2.swift:98:18:98:18 | d [value] : | testCoreData2.swift:70:9:70:9 | self [value] : | file://:0:0:0:0 | .value : | testCoreData2.swift:98:18:98:20 | .value : |
450+
| testCoreData2.swift:104:18:104:18 | e : | testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : | testCoreData2.swift:104:18:104:20 | .value : |
451+
| testCoreData2.swift:105:18:105:18 | e : | testCoreData2.swift:71:9:71:9 | self : | file://:0:0:0:0 | .value2 : | testCoreData2.swift:105:18:105:20 | .value2 : |
395452
| testRealm.swift:34:11:34:11 | myPassword : | testRealm.swift:16:6:16:6 | value : | file://:0:0:0:0 | [post] self [data] : | testRealm.swift:34:2:34:2 | [post] a [data] : |
396453
| testRealm.swift:42:11:42:11 | myPassword : | testRealm.swift:16:6:16:6 | value : | file://:0:0:0:0 | [post] self [data] : | testRealm.swift:42:2:42:2 | [post] c [data] : |
397454
| testRealm.swift:52:12:52:12 | myPassword : | testRealm.swift:16:6:16:6 | value : | file://:0:0:0:0 | [post] self [data] : | testRealm.swift:52:2:52:3 | [post] ...! [data] : |
@@ -419,6 +476,9 @@ subpaths
419476
| testCoreData2.swift:88:2:88:10 | ...? | testCoreData2.swift:88:22:88:22 | bankAccountNo : | testCoreData2.swift:88:2:88:10 | [post] ...? | This operation stores '...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:88:22:88:22 | bankAccountNo : | bankAccountNo |
420477
| testCoreData2.swift:89:2:89:10 | ...? | testCoreData2.swift:89:22:89:22 | bankAccountNo2 : | testCoreData2.swift:89:2:89:10 | [post] ...? | This operation stores '...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:89:22:89:22 | bankAccountNo2 : | bankAccountNo2 |
421478
| testCoreData2.swift:93:2:93:2 | dbObj | testCoreData2.swift:91:10:91:10 | bankAccountNo : | testCoreData2.swift:93:2:93:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:91:10:91:10 | bankAccountNo : | bankAccountNo |
479+
| testCoreData2.swift:98:2:98:2 | dbObj | testCoreData2.swift:95:10:95:10 | bankAccountNo : | testCoreData2.swift:98:2:98:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:95:10:95:10 | bankAccountNo : | bankAccountNo |
480+
| testCoreData2.swift:104:2:104:2 | dbObj | testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:104:2:104:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:101:10:101:10 | bankAccountNo : | bankAccountNo |
481+
| testCoreData2.swift:105:2:105:2 | dbObj | testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:105:2:105:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:101:10:101:10 | bankAccountNo : | bankAccountNo |
422482
| testCoreData.swift:19:12:19:12 | value | testCoreData.swift:61:25:61:25 | password : | testCoreData.swift:19:12:19:12 | value | This operation stores 'value' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:61:25:61:25 | password : | password |
423483
| testCoreData.swift:32:13:32:13 | newValue | testCoreData.swift:64:16:64:16 | password : | testCoreData.swift:32:13:32:13 | newValue | This operation stores 'newValue' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:64:16:64:16 | password : | password |
424484
| testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:48:15:48:15 | password | password |

swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,8 @@
4646
| testCoreData2.swift:88:22:88:22 | bankAccountNo | label:bankAccountNo, type:private information |
4747
| testCoreData2.swift:89:22:89:22 | bankAccountNo2 | label:bankAccountNo2, type:private information |
4848
| testCoreData2.swift:91:10:91:10 | bankAccountNo | label:bankAccountNo, type:private information |
49+
| testCoreData2.swift:95:10:95:10 | bankAccountNo | label:bankAccountNo, type:private information |
50+
| testCoreData2.swift:101:10:101:10 | bankAccountNo | label:bankAccountNo, type:private information |
4951
| testCoreData.swift:48:15:48:15 | password | label:password, type:credential |
5052
| testCoreData.swift:51:24:51:24 | password | label:password, type:credential |
5153
| testCoreData.swift:58:15:58:15 | password | label:password, type:credential |

swift/ql/test/query-tests/Security/CWE-311/testCoreData2.swift

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,4 +91,16 @@ func testCoreData2_3(dbObj: MyManagedObject2, maybeObj: MyManagedObject2?, conta
9191
var a = bankAccountNo // sensitive
9292
var b = a.value
9393
dbObj.myValue = b // BAD
94+
95+
let c = bankAccountNo // sensitive
96+
var d: MyContainer = MyContainer()
97+
d.value = c.value
98+
dbObj.myValue = d.value // BAD
99+
dbObj.myValue = d.value2 // GOOD
100+
101+
let e = bankAccountNo // sensitive
102+
var f: MyContainer?
103+
f?.value = e.value
104+
dbObj.myValue = e.value // BAD
105+
dbObj.myValue = e.value2 // GOOD [FALSE POSITIVE]
94106
}

0 commit comments

Comments
 (0)