Swift: Add some special cases to preserve (for now) result quality.

Author: geoffw0

swift/ql/lib/codeql/swift/security/SensitiveExprs.qll

@@ -29,7 +29,10 @@ abstract class SensitiveDataType extends TSensitiveDataType {
 class SensitiveCredential extends SensitiveDataType, TCredential {
   override string toString() { result = "credential" }
 
-  override string getRegexp() { result = HeuristicNames::maybeSensitiveRegexp(_) }
+  override string getRegexp() {
+    result = HeuristicNames::maybeSensitiveRegexp(_) or
+    result = "(?is).*(license.?key).*"
+  }
 }
 
 /**

swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected

@@ -37,6 +37,7 @@ nodes
 | testSend.swift:59:27:59:27 | str1 | semmle.label | str1 |
 | testSend.swift:60:27:60:27 | str2 | semmle.label | str2 |
 | testSend.swift:61:27:61:27 | str3 | semmle.label | str3 |
+| testSend.swift:65:27:65:27 | license_key | semmle.label | license_key |
 | testSend.swift:66:27:66:30 | .mobileNumber | semmle.label | .mobileNumber |
 | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... |
 | testURL.swift:13:54:13:54 | passwd | semmle.label | passwd |
@@ -57,6 +58,7 @@ subpaths
 | testSend.swift:59:27:59:27 | str1 | testSend.swift:52:13:52:13 | password | testSend.swift:59:27:59:27 | str1 | This operation transmits 'str1', which may contain unencrypted sensitive data from $@. | testSend.swift:52:13:52:13 | password | password |
 | testSend.swift:60:27:60:27 | str2 | testSend.swift:53:13:53:13 | password | testSend.swift:60:27:60:27 | str2 | This operation transmits 'str2', which may contain unencrypted sensitive data from $@. | testSend.swift:53:13:53:13 | password | password |
 | testSend.swift:61:27:61:27 | str3 | testSend.swift:54:17:54:17 | password | testSend.swift:61:27:61:27 | str3 | This operation transmits 'str3', which may contain unencrypted sensitive data from $@. | testSend.swift:54:17:54:17 | password | password |
+| testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | testSend.swift:65:27:65:27 | license_key | license_key |
 | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | This operation transmits '.mobileNumber', which may contain unencrypted sensitive data from $@. | testSend.swift:66:27:66:30 | .mobileNumber | .mobileNumber |
 | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:13:54:13:54 | passwd | passwd |
 | testURL.swift:15:22:15:55 | ... .+(_:_:) ... | testURL.swift:15:55:15:55 | account_no | testURL.swift:15:22:15:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:15:55:15:55 | account_no | account_no |

swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected

@@ -129,6 +129,7 @@
 | testSend.swift:55:23:55:23 | password | label:password, type:credential |
 | testSend.swift:56:27:56:27 | password | label:password, type:credential |
 | testSend.swift:57:27:57:27 | password | label:password, type:credential |
+| testSend.swift:65:27:65:27 | license_key | label:license_key, type:credential |
 | testSend.swift:66:27:66:30 | .mobileNumber | label:mobileNumber, type:private information |
 | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | label:passwordFeatureEnabled, type:credential |
 | testURL.swift:13:54:13:54 | passwd | label:passwd, type:credential |