Swift: Additional test case.

geoffw0 · geoffw0 · commit bb6aa11ce5f9 · 2023-05-02T17:12:44.000+01:00
diff --git a/swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.expected b/swift/ql/test/query-tests/Security/CWE-321/HardcodedEncryptionKey.expected
@@ -24,14 +24,19 @@ edges
 | file://:0:0:0:0 | value :  | file://:0:0:0:0 | [post] self [encryptionKey] :  |
 | misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  |
 | misc.swift:30:7:30:7 | value :  | file://:0:0:0:0 | value :  |
-| misc.swift:38:19:38:38 | call to Data.init(_:) :  | misc.swift:41:41:41:41 | myConstKey |
-| misc.swift:38:19:38:38 | call to Data.init(_:) :  | misc.swift:45:25:45:25 | myConstKey :  |
-| misc.swift:38:24:38:24 | abcdef123456 :  | misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  |
-| misc.swift:38:24:38:24 | abcdef123456 :  | misc.swift:38:19:38:38 | call to Data.init(_:) :  |
-| misc.swift:45:2:45:2 | [post] config [encryptionKey] :  | misc.swift:45:2:45:2 | [post] config |
-| misc.swift:45:25:45:25 | myConstKey :  | misc.swift:30:7:30:7 | value :  |
-| misc.swift:45:25:45:25 | myConstKey :  | misc.swift:45:2:45:2 | [post] config |
-| misc.swift:45:25:45:25 | myConstKey :  | misc.swift:45:2:45:2 | [post] config [encryptionKey] :  |
+| misc.swift:46:19:46:38 | call to Data.init(_:) :  | misc.swift:49:41:49:41 | myConstKey |
+| misc.swift:46:19:46:38 | call to Data.init(_:) :  | misc.swift:53:25:53:25 | myConstKey :  |
+| misc.swift:46:19:46:38 | call to Data.init(_:) :  | misc.swift:57:41:57:41 | myConstKey :  |
+| misc.swift:46:24:46:24 | abcdef123456 :  | misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  |
+| misc.swift:46:24:46:24 | abcdef123456 :  | misc.swift:46:19:46:38 | call to Data.init(_:) :  |
+| misc.swift:53:2:53:2 | [post] config [encryptionKey] :  | misc.swift:53:2:53:2 | [post] config |
+| misc.swift:53:25:53:25 | myConstKey :  | misc.swift:30:7:30:7 | value :  |
+| misc.swift:53:25:53:25 | myConstKey :  | misc.swift:53:2:53:2 | [post] config |
+| misc.swift:53:25:53:25 | myConstKey :  | misc.swift:53:2:53:2 | [post] config [encryptionKey] :  |
+| misc.swift:57:2:57:18 | [post] getter for .config [encryptionKey] :  | misc.swift:57:2:57:18 | [post] getter for .config |
+| misc.swift:57:41:57:41 | myConstKey :  | misc.swift:30:7:30:7 | value :  |
+| misc.swift:57:41:57:41 | myConstKey :  | misc.swift:57:2:57:18 | [post] getter for .config |
+| misc.swift:57:41:57:41 | myConstKey :  | misc.swift:57:2:57:18 | [post] getter for .config [encryptionKey] :  |
 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  |
 | rncryptor.swift:60:19:60:38 | call to Data.init(_:) :  | rncryptor.swift:65:73:65:73 | myConstKey |
 | rncryptor.swift:60:19:60:38 | call to Data.init(_:) :  | rncryptor.swift:66:73:66:73 | myConstKey |
@@ -81,12 +86,15 @@ nodes
 | file://:0:0:0:0 | value :  | semmle.label | value :  |
 | misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | semmle.label | [summary param] 0 in Data.init(_:) :  |
 | misc.swift:30:7:30:7 | value :  | semmle.label | value :  |
-| misc.swift:38:19:38:38 | call to Data.init(_:) :  | semmle.label | call to Data.init(_:) :  |
-| misc.swift:38:24:38:24 | abcdef123456 :  | semmle.label | abcdef123456 :  |
-| misc.swift:41:41:41:41 | myConstKey | semmle.label | myConstKey |
-| misc.swift:45:2:45:2 | [post] config | semmle.label | [post] config |
-| misc.swift:45:2:45:2 | [post] config [encryptionKey] :  | semmle.label | [post] config [encryptionKey] :  |
-| misc.swift:45:25:45:25 | myConstKey :  | semmle.label | myConstKey :  |
+| misc.swift:46:19:46:38 | call to Data.init(_:) :  | semmle.label | call to Data.init(_:) :  |
+| misc.swift:46:24:46:24 | abcdef123456 :  | semmle.label | abcdef123456 :  |
+| misc.swift:49:41:49:41 | myConstKey | semmle.label | myConstKey |
+| misc.swift:53:2:53:2 | [post] config | semmle.label | [post] config |
+| misc.swift:53:2:53:2 | [post] config [encryptionKey] :  | semmle.label | [post] config [encryptionKey] :  |
+| misc.swift:53:25:53:25 | myConstKey :  | semmle.label | myConstKey :  |
+| misc.swift:57:2:57:18 | [post] getter for .config | semmle.label | [post] getter for .config |
+| misc.swift:57:2:57:18 | [post] getter for .config [encryptionKey] :  | semmle.label | [post] getter for .config [encryptionKey] :  |
+| misc.swift:57:41:57:41 | myConstKey :  | semmle.label | myConstKey :  |
 | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | semmle.label | [summary param] 0 in Data.init(_:) :  |
 | rncryptor.swift:60:19:60:38 | call to Data.init(_:) :  | semmle.label | call to Data.init(_:) :  |
 | rncryptor.swift:60:24:60:24 | abcdef123456 :  | semmle.label | abcdef123456 :  |
@@ -106,9 +114,11 @@ nodes
 | rncryptor.swift:81:102:81:102 | myConstKey | semmle.label | myConstKey |
 | rncryptor.swift:83:92:83:92 | myConstKey | semmle.label | myConstKey |
 subpaths
-| misc.swift:38:24:38:24 | abcdef123456 :  | misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  | misc.swift:38:19:38:38 | call to Data.init(_:) :  |
-| misc.swift:45:25:45:25 | myConstKey :  | misc.swift:30:7:30:7 | value :  | file://:0:0:0:0 | [post] self :  | misc.swift:45:2:45:2 | [post] config |
-| misc.swift:45:25:45:25 | myConstKey :  | misc.swift:30:7:30:7 | value :  | file://:0:0:0:0 | [post] self [encryptionKey] :  | misc.swift:45:2:45:2 | [post] config [encryptionKey] :  |
+| misc.swift:46:24:46:24 | abcdef123456 :  | misc.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  | misc.swift:46:19:46:38 | call to Data.init(_:) :  |
+| misc.swift:53:25:53:25 | myConstKey :  | misc.swift:30:7:30:7 | value :  | file://:0:0:0:0 | [post] self :  | misc.swift:53:2:53:2 | [post] config |
+| misc.swift:53:25:53:25 | myConstKey :  | misc.swift:30:7:30:7 | value :  | file://:0:0:0:0 | [post] self [encryptionKey] :  | misc.swift:53:2:53:2 | [post] config [encryptionKey] :  |
+| misc.swift:57:41:57:41 | myConstKey :  | misc.swift:30:7:30:7 | value :  | file://:0:0:0:0 | [post] self :  | misc.swift:57:2:57:18 | [post] getter for .config |
+| misc.swift:57:41:57:41 | myConstKey :  | misc.swift:30:7:30:7 | value :  | file://:0:0:0:0 | [post] self [encryptionKey] :  | misc.swift:57:2:57:18 | [post] getter for .config [encryptionKey] :  |
 | rncryptor.swift:60:24:60:24 | abcdef123456 :  | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  | rncryptor.swift:60:19:60:38 | call to Data.init(_:) :  |
 #select
 | cryptoswift.swift:108:21:108:21 | keyString | cryptoswift.swift:76:3:76:3 | this string is constant :  | cryptoswift.swift:108:21:108:21 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | cryptoswift.swift:76:3:76:3 | this string is constant :  | this string is constant |
@@ -130,9 +140,10 @@ subpaths
 | cryptoswift.swift:162:24:162:24 | keyString | cryptoswift.swift:76:3:76:3 | this string is constant :  | cryptoswift.swift:162:24:162:24 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | cryptoswift.swift:76:3:76:3 | this string is constant :  | this string is constant |
 | cryptoswift.swift:163:24:163:24 | key | cryptoswift.swift:90:26:90:121 | [...] :  | cryptoswift.swift:163:24:163:24 | key | The key 'key' has been initialized with hard-coded values from $@. | cryptoswift.swift:90:26:90:121 | [...] :  | [...] |
 | cryptoswift.swift:164:24:164:24 | keyString | cryptoswift.swift:76:3:76:3 | this string is constant :  | cryptoswift.swift:164:24:164:24 | keyString | The key 'keyString' has been initialized with hard-coded values from $@. | cryptoswift.swift:76:3:76:3 | this string is constant :  | this string is constant |
-| file://:0:0:0:0 | [post] self | misc.swift:38:24:38:24 | abcdef123456 :  | file://:0:0:0:0 | [post] self | The key '[post] self' has been initialized with hard-coded values from $@. | misc.swift:38:24:38:24 | abcdef123456 :  | abcdef123456 |
-| misc.swift:41:41:41:41 | myConstKey | misc.swift:38:24:38:24 | abcdef123456 :  | misc.swift:41:41:41:41 | myConstKey | The key 'myConstKey' has been initialized with hard-coded values from $@. | misc.swift:38:24:38:24 | abcdef123456 :  | abcdef123456 |
-| misc.swift:45:2:45:2 | [post] config | misc.swift:38:24:38:24 | abcdef123456 :  | misc.swift:45:2:45:2 | [post] config | The key '[post] config' has been initialized with hard-coded values from $@. | misc.swift:38:24:38:24 | abcdef123456 :  | abcdef123456 |
+| file://:0:0:0:0 | [post] self | misc.swift:46:24:46:24 | abcdef123456 :  | file://:0:0:0:0 | [post] self | The key '[post] self' has been initialized with hard-coded values from $@. | misc.swift:46:24:46:24 | abcdef123456 :  | abcdef123456 |
+| misc.swift:49:41:49:41 | myConstKey | misc.swift:46:24:46:24 | abcdef123456 :  | misc.swift:49:41:49:41 | myConstKey | The key 'myConstKey' has been initialized with hard-coded values from $@. | misc.swift:46:24:46:24 | abcdef123456 :  | abcdef123456 |
+| misc.swift:53:2:53:2 | [post] config | misc.swift:46:24:46:24 | abcdef123456 :  | misc.swift:53:2:53:2 | [post] config | The key '[post] config' has been initialized with hard-coded values from $@. | misc.swift:46:24:46:24 | abcdef123456 :  | abcdef123456 |
+| misc.swift:57:2:57:18 | [post] getter for .config | misc.swift:46:24:46:24 | abcdef123456 :  | misc.swift:57:2:57:18 | [post] getter for .config | The key '[post] getter for .config' has been initialized with hard-coded values from $@. | misc.swift:46:24:46:24 | abcdef123456 :  | abcdef123456 |
 | rncryptor.swift:65:73:65:73 | myConstKey | rncryptor.swift:60:24:60:24 | abcdef123456 :  | rncryptor.swift:65:73:65:73 | myConstKey | The key 'myConstKey' has been initialized with hard-coded values from $@. | rncryptor.swift:60:24:60:24 | abcdef123456 :  | abcdef123456 |
 | rncryptor.swift:66:73:66:73 | myConstKey | rncryptor.swift:60:24:60:24 | abcdef123456 :  | rncryptor.swift:66:73:66:73 | myConstKey | The key 'myConstKey' has been initialized with hard-coded values from $@. | rncryptor.swift:60:24:60:24 | abcdef123456 :  | abcdef123456 |
 | rncryptor.swift:67:73:67:73 | myConstKey | rncryptor.swift:60:24:60:24 | abcdef123456 :  | rncryptor.swift:67:73:67:73 | myConstKey | The key 'myConstKey' has been initialized with hard-coded values from $@. | rncryptor.swift:60:24:60:24 | abcdef123456 :  | abcdef123456 |
diff --git a/swift/ql/test/query-tests/Security/CWE-321/misc.swift b/swift/ql/test/query-tests/Security/CWE-321/misc.swift
@@ -33,6 +33,14 @@ extension Realm {
 
 // --- tests ---
 
+class ConfigContainer {
+	init() {
+		config = Realm.Configuration()
+	}
+
+	var config: Realm.Configuration
+}
+
 func test(myVarStr: String) {
 	let myVarKey = Data(myVarStr)
 	let myConstKey = Data("abcdef123456")
@@ -43,4 +51,8 @@ func test(myVarStr: String) {
 	var config = Realm.Configuration() // GOOD
 	config.encryptionKey = myVarKey // GOOD
 	config.encryptionKey = myConstKey // BAD
+
+	var configContainer = ConfigContainer()
+	configContainer.config.encryptionKey = myVarKey // GOOD
+	configContainer.config.encryptionKey = myConstKey // BAD
 }
