Skip to content

Commit 9954542

Browse files
MathiasVPMathiasVP
authored
Merge pull request github#13177 from MathiasVP/recommend-secure-randomness
Swift: Recommend a proper source of randomness in `swift/hardcoded-key`
2 parents 3bd16fa + 9def3dd commit 9954542

File tree

1 file changed

+10
-7
lines changed

1 file changed

+10
-7
lines changed

swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,16 @@ func encrypt(padding : Padding) {
1313

1414

1515
// GOOD: Using randomly generated keys for encryption
16-
let key = (0..<10).map({ _ in UInt8.random(in: 0...UInt8.max) })
17-
let keyString = String(cString: key)
18-
let ivString = getRandomIV()
19-
_ = try AES(key: key, blockMode: CBC(), padding: padding)
20-
_ = try AES(key: keyString, iv: ivString)
21-
_ = try Blowfish(key: key, blockMode: CBC(), padding: padding)
22-
_ = try Blowfish(key: keyString, iv: ivString)
16+
var key = [Int8](repeating: 0, count: 10)
17+
let status = SecRandomCopyBytes(kSecRandomDefault, key.count - 1, &key)
18+
if status == errSecSuccess {
19+
let keyString = String(cString: key)
20+
let ivString = getRandomIV()
21+
_ = try AES(key: key, blockMode: CBC(), padding: padding)
22+
_ = try AES(key: keyString, iv: ivString)
23+
_ = try Blowfish(key: key, blockMode: CBC(), padding: padding)
24+
_ = try Blowfish(key: keyString, iv: ivString)
25+
}
2326

2427
// ...
2528
}

0 commit comments

Comments
 (0)