Skip to content

Commit da338c2

Browse files
geoffw0geoffw0
committed
Swift: Add a few more test cases for sensitive data.
1 parent bdad847 commit da338c2

File tree

3 files changed

+57
-0
lines changed

3 files changed

+57
-0
lines changed

swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,13 @@ edges
2828
| testCoreData2.swift:62:30:62:30 | bankAccountNo : | testCoreData2.swift:62:4:62:4 | [post] obj [myBankAccountNumber] : |
2929
| testCoreData2.swift:65:3:65:3 | [post] obj [myBankAccountNumber] : | testCoreData2.swift:65:3:65:3 | [post] obj |
3030
| testCoreData2.swift:65:29:65:29 | bankAccountNo : | testCoreData2.swift:65:3:65:3 | [post] obj [myBankAccountNumber] : |
31+
| testCoreData2.swift:79:2:79:2 | [post] dbObj [myValue] : | testCoreData2.swift:79:2:79:2 | [post] dbObj |
32+
| testCoreData2.swift:79:18:79:28 | .bankAccountNo : | testCoreData2.swift:79:2:79:2 | [post] dbObj [myValue] : |
33+
| testCoreData2.swift:80:2:80:2 | [post] dbObj [myValue] : | testCoreData2.swift:80:2:80:2 | [post] dbObj |
34+
| testCoreData2.swift:80:18:80:28 | ...! : | testCoreData2.swift:80:2:80:2 | [post] dbObj [myValue] : |
35+
| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 : | testCoreData2.swift:80:18:80:28 | ...! : |
36+
| testCoreData2.swift:87:2:87:10 | [post] ...? [myValue] : | testCoreData2.swift:87:2:87:10 | [post] ...? |
37+
| testCoreData2.swift:87:22:87:32 | .bankAccountNo : | testCoreData2.swift:87:2:87:10 | [post] ...? [myValue] : |
3138
| testCoreData.swift:18:19:18:26 | value : | testCoreData.swift:19:12:19:12 | value |
3239
| testCoreData.swift:31:3:31:3 | newValue : | testCoreData.swift:32:13:32:13 | newValue |
3340
| testCoreData.swift:61:25:61:25 | password : | testCoreData.swift:18:19:18:26 | value : |
@@ -145,6 +152,16 @@ nodes
145152
| testCoreData2.swift:65:3:65:3 | [post] obj | semmle.label | [post] obj |
146153
| testCoreData2.swift:65:3:65:3 | [post] obj [myBankAccountNumber] : | semmle.label | [post] obj [myBankAccountNumber] : |
147154
| testCoreData2.swift:65:29:65:29 | bankAccountNo : | semmle.label | bankAccountNo : |
155+
| testCoreData2.swift:79:2:79:2 | [post] dbObj | semmle.label | [post] dbObj |
156+
| testCoreData2.swift:79:2:79:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
157+
| testCoreData2.swift:79:18:79:28 | .bankAccountNo : | semmle.label | .bankAccountNo : |
158+
| testCoreData2.swift:80:2:80:2 | [post] dbObj | semmle.label | [post] dbObj |
159+
| testCoreData2.swift:80:2:80:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
160+
| testCoreData2.swift:80:18:80:28 | ...! : | semmle.label | ...! : |
161+
| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 : | semmle.label | .bankAccountNo2 : |
162+
| testCoreData2.swift:87:2:87:10 | [post] ...? | semmle.label | [post] ...? |
163+
| testCoreData2.swift:87:2:87:10 | [post] ...? [myValue] : | semmle.label | [post] ...? [myValue] : |
164+
| testCoreData2.swift:87:22:87:32 | .bankAccountNo : | semmle.label | .bankAccountNo : |
148165
| testCoreData.swift:18:19:18:26 | value : | semmle.label | value : |
149166
| testCoreData.swift:19:12:19:12 | value | semmle.label | value |
150167
| testCoreData.swift:31:3:31:3 | newValue : | semmle.label | newValue : |
@@ -302,6 +319,9 @@ subpaths
302319
| testCoreData2.swift:60:4:60:4 | obj | testCoreData2.swift:60:30:60:30 | bankAccountNo : | testCoreData2.swift:60:4:60:4 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:60:30:60:30 | bankAccountNo : | bankAccountNo |
303320
| testCoreData2.swift:62:4:62:4 | obj | testCoreData2.swift:62:30:62:30 | bankAccountNo : | testCoreData2.swift:62:4:62:4 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:62:30:62:30 | bankAccountNo : | bankAccountNo |
304321
| testCoreData2.swift:65:3:65:3 | obj | testCoreData2.swift:65:29:65:29 | bankAccountNo : | testCoreData2.swift:65:3:65:3 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:65:29:65:29 | bankAccountNo : | bankAccountNo |
322+
| testCoreData2.swift:79:2:79:2 | dbObj | testCoreData2.swift:79:18:79:28 | .bankAccountNo : | testCoreData2.swift:79:2:79:2 | [post] dbObj | This operation stores '[post] dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:79:18:79:28 | .bankAccountNo : | .bankAccountNo |
323+
| testCoreData2.swift:80:2:80:2 | dbObj | testCoreData2.swift:80:18:80:28 | .bankAccountNo2 : | testCoreData2.swift:80:2:80:2 | [post] dbObj | This operation stores '[post] dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:80:18:80:28 | .bankAccountNo2 : | .bankAccountNo2 |
324+
| testCoreData2.swift:87:2:87:10 | ...? | testCoreData2.swift:87:22:87:32 | .bankAccountNo : | testCoreData2.swift:87:2:87:10 | [post] ...? | This operation stores '[post] ...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:87:22:87:32 | .bankAccountNo : | .bankAccountNo |
305325
| testCoreData.swift:19:12:19:12 | value | testCoreData.swift:61:25:61:25 | password : | testCoreData.swift:19:12:19:12 | value | This operation stores 'value' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:61:25:61:25 | password : | password |
306326
| testCoreData.swift:32:13:32:13 | newValue | testCoreData.swift:64:16:64:16 | password : | testCoreData.swift:32:13:32:13 | newValue | This operation stores 'newValue' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:64:16:64:16 | password : | password |
307327
| testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:48:15:48:15 | password | password |

swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,16 @@
3636
| testCoreData2.swift:62:30:62:30 | bankAccountNo | label:bankAccountNo, type:private information |
3737
| testCoreData2.swift:65:3:65:7 | .myBankAccountNumber | label:myBankAccountNumber, type:private information |
3838
| testCoreData2.swift:65:29:65:29 | bankAccountNo | label:bankAccountNo, type:private information |
39+
| testCoreData2.swift:79:18:79:28 | .bankAccountNo | label:bankAccountNo, type:private information |
40+
| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 | label:bankAccountNo2, type:private information |
41+
| testCoreData2.swift:82:18:82:18 | bankAccountNo | label:bankAccountNo, type:private information |
42+
| testCoreData2.swift:83:18:83:18 | bankAccountNo | label:bankAccountNo, type:private information |
43+
| testCoreData2.swift:84:18:84:18 | bankAccountNo2 | label:bankAccountNo2, type:private information |
44+
| testCoreData2.swift:85:18:85:18 | bankAccountNo2 | label:bankAccountNo2, type:private information |
45+
| testCoreData2.swift:87:22:87:32 | .bankAccountNo | label:bankAccountNo, type:private information |
46+
| testCoreData2.swift:88:22:88:22 | bankAccountNo | label:bankAccountNo, type:private information |
47+
| testCoreData2.swift:89:22:89:22 | bankAccountNo2 | label:bankAccountNo2, type:private information |
48+
| testCoreData2.swift:91:10:91:10 | bankAccountNo | label:bankAccountNo, type:private information |
3949
| testCoreData.swift:48:15:48:15 | password | label:password, type:credential |
4050
| testCoreData.swift:51:24:51:24 | password | label:password, type:credential |
4151
| testCoreData.swift:58:15:58:15 | password | label:password, type:credential |

swift/ql/test/query-tests/Security/CWE-311/testCoreData2.swift

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,3 +65,30 @@ class testCoreData2_2 {
6565
obj.myBankAccountNumber = bankAccountNo // BAD
6666
}
6767
}
68+
69+
class MyContainer {
70+
var value: Int = 0
71+
var value2: Int! = 0
72+
var bankAccountNo: Int = 0
73+
var bankAccountNo2: Int! = 0
74+
}
75+
76+
func testCoreData2_3(dbObj: MyManagedObject2, maybeObj: MyManagedObject2?, container: MyContainer, bankAccountNo: MyContainer, bankAccountNo2: MyContainer!) {
77+
dbObj.myValue = container.value // GOOD (not sensitive)
78+
dbObj.myValue = container.value2 // GOOD (not sensitive)
79+
dbObj.myValue = container.bankAccountNo // BAD
80+
dbObj.myValue = container.bankAccountNo2 // BAD
81+
82+
dbObj.myValue = bankAccountNo.value // BAD [NOT DETECTED]
83+
dbObj.myValue = bankAccountNo.value2 // BAD [NOT DETECTED]
84+
dbObj.myValue = bankAccountNo2.value // BAD [NOT DETECTED]
85+
dbObj.myValue = bankAccountNo2.value2 // BAD [NOT DETECTED]
86+
87+
maybeObj?.myValue = container.bankAccountNo // BAD
88+
maybeObj?.myValue = bankAccountNo.value // BAD [NOT DETECTED]
89+
maybeObj?.myValue = bankAccountNo2.value2 // BAD [NOT DETECTED]
90+
91+
var a = bankAccountNo // sensitive
92+
var b = a.value
93+
dbObj.myValue = b // BAD [NOT DETECTED]
94+
}

0 commit comments

Comments
 (0)