hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Upgrade SecKeyCopyExternalRepresentation source to be considered a password / key rather than a miscellaneous credential.

Browse Source
This commit is contained in:
Geoffrey White
2023-12-12 17:08:05 +00:00
parent 10b4c98e80
commit 22ed20dd7c
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Security.qll
View File

@@ -8,6 +8,6 @@ private import codeql.swift.dataflow.ExternalFlow
private class SensitiveSources extends SourceModelCsv {
override predicate row(string row) {
row = ";;false;SecKeyCopyExternalRepresentation(_:_:);;;ReturnValue;sensitive-credential"
row = ";;false;SecKeyCopyExternalRepresentation(_:_:);;;ReturnValue;sensitive-password"
}
}

2
swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected
View File

@@ -175,4 +175,4 @@
| testURL.swift:73:52:73:67 | call to get_secret_key() | label:get_secret_key, type:credential |
| testURL.swift:75:53:75:69 | call to get_cert_string() | label:get_cert_string, type:credential |
| testURL.swift:96:51:96:51 | certificate | label:certificate, type:credential |
| testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | label:credential, type:credential |
| testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | label:password, type:password |