hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12471 from geoffw0/dbsinks2

Browse Source 
Swift: Better sinks for swift/cleartext-storage-database
This commit is contained in:
Geoffrey White
2023-03-27 12:51:13 +01:00
committed by GitHub
parent 907053f281 170fde5bc0
commit 28998ccafe
6 changed files with 275 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll
View File

@@ -48,10 +48,10 @@ private class CoreDataStore extends CleartextStorageDatabaseSink {
// example in `coreDataObj.data = sensitive` the post-update node corresponding
// with `coreDataObj.data` is a sink.
// (ideally this would be only members with the `@NSManaged` attribute)
exists(ClassOrStructDecl cd, Expr e |
cd.getABaseTypeDecl*().getName() = "NSManagedObject" and
exists(NominalType t, Expr e |
t.getABaseType*().getName() = "NSManagedObject" and
this.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = e and
e.getFullyConverted().getType() = cd.getType() and
e.getFullyConverted().getType() = t and
not e.(DeclRefExpr).getDecl() instanceof SelfParamDecl
)
}
@@ -66,10 +66,10 @@ private class RealmStore extends CleartextStorageDatabaseSink instanceof DataFlo
// any write into a class derived from `RealmSwiftObject` is a sink. For
// example in `realmObj.data = sensitive` the post-update node corresponding
// with `realmObj.data` is a sink.
exists(ClassOrStructDecl cd, Expr e |
cd.getABaseTypeDecl*().getName() = "RealmSwiftObject" and
exists(NominalType t, Expr e |
t.getABaseType*().getName() = "RealmSwiftObject" and
this.getPreUpdateNode().asExpr() = e and
e.getFullyConverted().getType() = cd.getType() and
e.getFullyConverted().getType() = t and
not e.(DeclRefExpr).getDecl() instanceof SelfParamDecl
)
}
@@ -122,15 +122,22 @@ private class CleartextStorageDatabaseEncryptionSanitizer extends CleartextStora
/**
* An additional taint step for cleartext database storage vulnerabilities.
* Needed until we have proper content flow through arrays.
*/
private class CleartextStorageDatabaseArrayAdditionalTaintStep extends CleartextStorageDatabaseAdditionalTaintStep
{
override predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
// needed until we have proper content flow through arrays.
exists(ArrayExpr arr |
nodeFrom.asExpr() = arr.getAnElement() and
nodeTo.asExpr() = arr
)
or
// if an object is sensitive, its fields are always sensitive
// (this is needed because the sensitive data sources are in a sense
// approximate; for example we might identify `passwordBox` as a source,
// whereas it is more accurate to say that `passwordBox.textField` is the
// true source).
nodeTo.asExpr().(MemberRefExpr).getBase() = nodeFrom.asExpr()
}
}

12
swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
View File

@@ -26,9 +26,13 @@ DataFlow::Node cleanupNode(DataFlow::Node n) {
result = n
}
from CleartextStorageConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode
where config.hasFlowPath(sourceNode, sinkNode)
select cleanupNode(sinkNode.getNode()), sourceNode, sinkNode,
"This operation stores '" + sinkNode.getNode().toString() +
from
CleartextStorageConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode,
DataFlow::Node cleanSink
where
config.hasFlowPath(sourceNode, sinkNode) and
cleanSink = cleanupNode(sinkNode.getNode())
select cleanSink, sourceNode, sinkNode,
"This operation stores '" + cleanSink.toString() +
"' in a database. It may contain unencrypted sensitive data from $@.", sourceNode,
sourceNode.getNode().toString()

12
swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
View File

@@ -25,10 +25,14 @@ DataFlow::Node cleanupNode(DataFlow::Node n) {
result = n
}
from CleartextStorageConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode
where config.hasFlowPath(sourceNode, sinkNode)
select cleanupNode(sinkNode.getNode()), sourceNode, sinkNode,
"This operation stores '" + sinkNode.getNode().toString() + "' in " +
from
CleartextStorageConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode,
DataFlow::Node cleanSink
where
config.hasFlowPath(sourceNode, sinkNode) and
cleanSink = cleanupNode(sinkNode.getNode())
select cleanSink, sourceNode, sinkNode,
"This operation stores '" + cleanSink.toString() + "' in " +
sinkNode.getNode().(CleartextStoragePreferencesSink).getStoreName() +
". It may contain unencrypted sensitive data from $@.", sourceNode,
sourceNode.getNode().toString()

211
swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected
View File

@@ -1,6 +1,8 @@
edges
| file://:0:0:0:0 | self [value] : | file://:0:0:0:0 | .value : |
| file://:0:0:0:0 | value : | file://:0:0:0:0 | [post] self [data] : |
| file://:0:0:0:0 | value : | file://:0:0:0:0 | [post] self [notStoredBankAccountNumber] : |
| file://:0:0:0:0 | value : | file://:0:0:0:0 | [post] self [value] : |
| testCoreData2.swift:23:13:23:13 | value : | file://:0:0:0:0 | value : |
| testCoreData2.swift:37:2:37:2 | [post] obj [myValue] : | testCoreData2.swift:37:2:37:2 | [post] obj |
| testCoreData2.swift:37:16:37:16 | bankAccountNo : | testCoreData2.swift:37:2:37:2 | [post] obj [myValue] : |
@@ -28,6 +30,82 @@ edges
| testCoreData2.swift:62:30:62:30 | bankAccountNo : | testCoreData2.swift:62:4:62:4 | [post] obj [myBankAccountNumber] : |
| testCoreData2.swift:65:3:65:3 | [post] obj [myBankAccountNumber] : | testCoreData2.swift:65:3:65:3 | [post] obj |
| testCoreData2.swift:65:29:65:29 | bankAccountNo : | testCoreData2.swift:65:3:65:3 | [post] obj [myBankAccountNumber] : |
| testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : |
| testCoreData2.swift:70:9:70:9 | self [value] : | file://:0:0:0:0 | self [value] : |
| testCoreData2.swift:70:9:70:9 | value : | file://:0:0:0:0 | value : |
| testCoreData2.swift:71:9:71:9 | self : | file://:0:0:0:0 | .value2 : |
| testCoreData2.swift:79:2:79:2 | [post] dbObj [myValue] : | testCoreData2.swift:79:2:79:2 | [post] dbObj |
| testCoreData2.swift:79:18:79:28 | .bankAccountNo : | testCoreData2.swift:79:2:79:2 | [post] dbObj [myValue] : |
| testCoreData2.swift:80:2:80:2 | [post] dbObj [myValue] : | testCoreData2.swift:80:2:80:2 | [post] dbObj |
| testCoreData2.swift:80:18:80:28 | ...! : | testCoreData2.swift:80:2:80:2 | [post] dbObj [myValue] : |
| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 : | testCoreData2.swift:80:18:80:28 | ...! : |
| testCoreData2.swift:82:2:82:2 | [post] dbObj [myValue] : | testCoreData2.swift:82:2:82:2 | [post] dbObj |
| testCoreData2.swift:82:18:82:18 | bankAccountNo : | testCoreData2.swift:70:9:70:9 | self : |
| testCoreData2.swift:82:18:82:18 | bankAccountNo : | testCoreData2.swift:82:18:82:32 | .value : |
| testCoreData2.swift:82:18:82:32 | .value : | testCoreData2.swift:82:2:82:2 | [post] dbObj [myValue] : |
| testCoreData2.swift:83:2:83:2 | [post] dbObj [myValue] : | testCoreData2.swift:83:2:83:2 | [post] dbObj |
| testCoreData2.swift:83:18:83:18 | bankAccountNo : | testCoreData2.swift:71:9:71:9 | self : |
| testCoreData2.swift:83:18:83:18 | bankAccountNo : | testCoreData2.swift:83:18:83:32 | ...! : |
| testCoreData2.swift:83:18:83:18 | bankAccountNo : | testCoreData2.swift:83:18:83:32 | .value2 : |
| testCoreData2.swift:83:18:83:32 | ...! : | testCoreData2.swift:83:2:83:2 | [post] dbObj [myValue] : |
| testCoreData2.swift:83:18:83:32 | .value2 : | testCoreData2.swift:83:18:83:32 | ...! : |
| testCoreData2.swift:84:2:84:2 | [post] dbObj [myValue] : | testCoreData2.swift:84:2:84:2 | [post] dbObj |
| testCoreData2.swift:84:18:84:18 | ...! : | testCoreData2.swift:70:9:70:9 | self : |
| testCoreData2.swift:84:18:84:18 | ...! : | testCoreData2.swift:84:18:84:33 | .value : |
| testCoreData2.swift:84:18:84:18 | bankAccountNo2 : | testCoreData2.swift:84:18:84:18 | ...! : |
| testCoreData2.swift:84:18:84:18 | bankAccountNo2 : | testCoreData2.swift:84:18:84:33 | .value : |
| testCoreData2.swift:84:18:84:33 | .value : | testCoreData2.swift:84:2:84:2 | [post] dbObj [myValue] : |
| testCoreData2.swift:85:2:85:2 | [post] dbObj [myValue] : | testCoreData2.swift:85:2:85:2 | [post] dbObj |
| testCoreData2.swift:85:18:85:18 | ...! : | testCoreData2.swift:71:9:71:9 | self : |
| testCoreData2.swift:85:18:85:18 | ...! : | testCoreData2.swift:85:18:85:33 | .value2 : |
| testCoreData2.swift:85:18:85:18 | bankAccountNo2 : | testCoreData2.swift:85:18:85:18 | ...! : |
| testCoreData2.swift:85:18:85:18 | bankAccountNo2 : | testCoreData2.swift:85:18:85:33 | ...! : |
| testCoreData2.swift:85:18:85:33 | ...! : | testCoreData2.swift:85:2:85:2 | [post] dbObj [myValue] : |
| testCoreData2.swift:85:18:85:33 | .value2 : | testCoreData2.swift:85:18:85:33 | ...! : |
| testCoreData2.swift:87:2:87:10 | [post] ...? [myValue] : | testCoreData2.swift:87:2:87:10 | [post] ...? |
| testCoreData2.swift:87:22:87:32 | .bankAccountNo : | testCoreData2.swift:87:2:87:10 | [post] ...? [myValue] : |
| testCoreData2.swift:88:2:88:10 | [post] ...? [myValue] : | testCoreData2.swift:88:2:88:10 | [post] ...? |
| testCoreData2.swift:88:22:88:22 | bankAccountNo : | testCoreData2.swift:70:9:70:9 | self : |
| testCoreData2.swift:88:22:88:22 | bankAccountNo : | testCoreData2.swift:88:22:88:36 | .value : |
| testCoreData2.swift:88:22:88:36 | .value : | testCoreData2.swift:88:2:88:10 | [post] ...? [myValue] : |
| testCoreData2.swift:89:2:89:10 | [post] ...? [myValue] : | testCoreData2.swift:89:2:89:10 | [post] ...? |
| testCoreData2.swift:89:22:89:22 | ...! : | testCoreData2.swift:71:9:71:9 | self : |
| testCoreData2.swift:89:22:89:22 | ...! : | testCoreData2.swift:89:22:89:37 | .value2 : |
| testCoreData2.swift:89:22:89:22 | bankAccountNo2 : | testCoreData2.swift:89:22:89:22 | ...! : |
| testCoreData2.swift:89:22:89:22 | bankAccountNo2 : | testCoreData2.swift:89:22:89:37 | ...! : |
| testCoreData2.swift:89:22:89:37 | ...! : | testCoreData2.swift:89:2:89:10 | [post] ...? [myValue] : |
| testCoreData2.swift:89:22:89:37 | .value2 : | testCoreData2.swift:89:22:89:37 | ...! : |
| testCoreData2.swift:91:10:91:10 | bankAccountNo : | testCoreData2.swift:92:10:92:10 | a : |
| testCoreData2.swift:91:10:91:10 | bankAccountNo : | testCoreData2.swift:93:18:93:18 | b : |
| testCoreData2.swift:92:10:92:10 | a : | testCoreData2.swift:70:9:70:9 | self : |
| testCoreData2.swift:92:10:92:10 | a : | testCoreData2.swift:92:10:92:12 | .value : |
| testCoreData2.swift:92:10:92:12 | .value : | testCoreData2.swift:93:18:93:18 | b : |
| testCoreData2.swift:93:2:93:2 | [post] dbObj [myValue] : | testCoreData2.swift:93:2:93:2 | [post] dbObj |
| testCoreData2.swift:93:18:93:18 | b : | testCoreData2.swift:93:2:93:2 | [post] dbObj [myValue] : |
| testCoreData2.swift:95:10:95:10 | bankAccountNo : | testCoreData2.swift:97:12:97:12 | c : |
| testCoreData2.swift:95:10:95:10 | bankAccountNo : | testCoreData2.swift:97:12:97:14 | .value : |
| testCoreData2.swift:97:2:97:2 | [post] d [value] : | testCoreData2.swift:98:18:98:18 | d [value] : |
| testCoreData2.swift:97:12:97:12 | c : | testCoreData2.swift:70:9:70:9 | self : |
| testCoreData2.swift:97:12:97:12 | c : | testCoreData2.swift:97:12:97:14 | .value : |
| testCoreData2.swift:97:12:97:14 | .value : | testCoreData2.swift:70:9:70:9 | value : |
| testCoreData2.swift:97:12:97:14 | .value : | testCoreData2.swift:97:2:97:2 | [post] d [value] : |
| testCoreData2.swift:98:2:98:2 | [post] dbObj [myValue] : | testCoreData2.swift:98:2:98:2 | [post] dbObj |
| testCoreData2.swift:98:18:98:18 | d [value] : | testCoreData2.swift:70:9:70:9 | self [value] : |
| testCoreData2.swift:98:18:98:18 | d [value] : | testCoreData2.swift:98:18:98:20 | .value : |
| testCoreData2.swift:98:18:98:20 | .value : | testCoreData2.swift:98:2:98:2 | [post] dbObj [myValue] : |
| testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:104:18:104:18 | e : |
| testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:104:18:104:20 | .value : |
| testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:105:18:105:18 | e : |
| testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:105:18:105:20 | ...! : |
| testCoreData2.swift:104:2:104:2 | [post] dbObj [myValue] : | testCoreData2.swift:104:2:104:2 | [post] dbObj |
| testCoreData2.swift:104:18:104:18 | e : | testCoreData2.swift:70:9:70:9 | self : |
| testCoreData2.swift:104:18:104:18 | e : | testCoreData2.swift:104:18:104:20 | .value : |
| testCoreData2.swift:104:18:104:20 | .value : | testCoreData2.swift:104:2:104:2 | [post] dbObj [myValue] : |
| testCoreData2.swift:105:2:105:2 | [post] dbObj [myValue] : | testCoreData2.swift:105:2:105:2 | [post] dbObj |
| testCoreData2.swift:105:18:105:18 | e : | testCoreData2.swift:71:9:71:9 | self : |
| testCoreData2.swift:105:18:105:18 | e : | testCoreData2.swift:105:18:105:20 | .value2 : |
| testCoreData2.swift:105:18:105:20 | ...! : | testCoreData2.swift:105:2:105:2 | [post] dbObj [myValue] : |
| testCoreData2.swift:105:18:105:20 | .value2 : | testCoreData2.swift:105:18:105:20 | ...! : |
| testCoreData.swift:18:19:18:26 | value : | testCoreData.swift:19:12:19:12 | value |
| testCoreData.swift:31:3:31:3 | newValue : | testCoreData.swift:32:13:32:13 | newValue |
| testCoreData.swift:61:25:61:25 | password : | testCoreData.swift:18:19:18:26 | value : |
@@ -104,8 +182,14 @@ edges
| testRealm.swift:59:11:59:11 | myPassword : | testRealm.swift:16:6:16:6 | value : |
| testRealm.swift:59:11:59:11 | myPassword : | testRealm.swift:59:2:59:2 | [post] g [data] : |
nodes
| file://:0:0:0:0 | .value2 : | semmle.label | .value2 : |
| file://:0:0:0:0 | .value : | semmle.label | .value : |
| file://:0:0:0:0 | .value : | semmle.label | .value : |
| file://:0:0:0:0 | [post] self [data] : | semmle.label | [post] self [data] : |
| file://:0:0:0:0 | [post] self [notStoredBankAccountNumber] : | semmle.label | [post] self [notStoredBankAccountNumber] : |
| file://:0:0:0:0 | [post] self [value] : | semmle.label | [post] self [value] : |
| file://:0:0:0:0 | self [value] : | semmle.label | self [value] : |
| file://:0:0:0:0 | value : | semmle.label | value : |
| file://:0:0:0:0 | value : | semmle.label | value : |
| file://:0:0:0:0 | value : | semmle.label | value : |
| testCoreData2.swift:23:13:23:13 | value : | semmle.label | value : |
@@ -145,6 +229,74 @@ nodes
| testCoreData2.swift:65:3:65:3 | [post] obj | semmle.label | [post] obj |
| testCoreData2.swift:65:3:65:3 | [post] obj [myBankAccountNumber] : | semmle.label | [post] obj [myBankAccountNumber] : |
| testCoreData2.swift:65:29:65:29 | bankAccountNo : | semmle.label | bankAccountNo : |
| testCoreData2.swift:70:9:70:9 | self : | semmle.label | self : |
| testCoreData2.swift:70:9:70:9 | self [value] : | semmle.label | self [value] : |
| testCoreData2.swift:70:9:70:9 | value : | semmle.label | value : |
| testCoreData2.swift:71:9:71:9 | self : | semmle.label | self : |
| testCoreData2.swift:79:2:79:2 | [post] dbObj | semmle.label | [post] dbObj |
| testCoreData2.swift:79:2:79:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
| testCoreData2.swift:79:18:79:28 | .bankAccountNo : | semmle.label | .bankAccountNo : |
| testCoreData2.swift:80:2:80:2 | [post] dbObj | semmle.label | [post] dbObj |
| testCoreData2.swift:80:2:80:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
| testCoreData2.swift:80:18:80:28 | ...! : | semmle.label | ...! : |
| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 : | semmle.label | .bankAccountNo2 : |
| testCoreData2.swift:82:2:82:2 | [post] dbObj | semmle.label | [post] dbObj |
| testCoreData2.swift:82:2:82:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
| testCoreData2.swift:82:18:82:18 | bankAccountNo : | semmle.label | bankAccountNo : |
| testCoreData2.swift:82:18:82:32 | .value : | semmle.label | .value : |
| testCoreData2.swift:83:2:83:2 | [post] dbObj | semmle.label | [post] dbObj |
| testCoreData2.swift:83:2:83:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
| testCoreData2.swift:83:18:83:18 | bankAccountNo : | semmle.label | bankAccountNo : |
| testCoreData2.swift:83:18:83:32 | ...! : | semmle.label | ...! : |
| testCoreData2.swift:83:18:83:32 | .value2 : | semmle.label | .value2 : |
| testCoreData2.swift:84:2:84:2 | [post] dbObj | semmle.label | [post] dbObj |
| testCoreData2.swift:84:2:84:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
| testCoreData2.swift:84:18:84:18 | ...! : | semmle.label | ...! : |
| testCoreData2.swift:84:18:84:18 | bankAccountNo2 : | semmle.label | bankAccountNo2 : |
| testCoreData2.swift:84:18:84:33 | .value : | semmle.label | .value : |
| testCoreData2.swift:85:2:85:2 | [post] dbObj | semmle.label | [post] dbObj |
| testCoreData2.swift:85:2:85:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
| testCoreData2.swift:85:18:85:18 | ...! : | semmle.label | ...! : |
| testCoreData2.swift:85:18:85:18 | bankAccountNo2 : | semmle.label | bankAccountNo2 : |
| testCoreData2.swift:85:18:85:33 | ...! : | semmle.label | ...! : |
| testCoreData2.swift:85:18:85:33 | .value2 : | semmle.label | .value2 : |
| testCoreData2.swift:87:2:87:10 | [post] ...? | semmle.label | [post] ...? |
| testCoreData2.swift:87:2:87:10 | [post] ...? [myValue] : | semmle.label | [post] ...? [myValue] : |
| testCoreData2.swift:87:22:87:32 | .bankAccountNo : | semmle.label | .bankAccountNo : |
| testCoreData2.swift:88:2:88:10 | [post] ...? | semmle.label | [post] ...? |
| testCoreData2.swift:88:2:88:10 | [post] ...? [myValue] : | semmle.label | [post] ...? [myValue] : |
| testCoreData2.swift:88:22:88:22 | bankAccountNo : | semmle.label | bankAccountNo : |
| testCoreData2.swift:88:22:88:36 | .value : | semmle.label | .value : |
| testCoreData2.swift:89:2:89:10 | [post] ...? | semmle.label | [post] ...? |
| testCoreData2.swift:89:2:89:10 | [post] ...? [myValue] : | semmle.label | [post] ...? [myValue] : |
| testCoreData2.swift:89:22:89:22 | ...! : | semmle.label | ...! : |
| testCoreData2.swift:89:22:89:22 | bankAccountNo2 : | semmle.label | bankAccountNo2 : |
| testCoreData2.swift:89:22:89:37 | ...! : | semmle.label | ...! : |
| testCoreData2.swift:89:22:89:37 | .value2 : | semmle.label | .value2 : |
| testCoreData2.swift:91:10:91:10 | bankAccountNo : | semmle.label | bankAccountNo : |
| testCoreData2.swift:92:10:92:10 | a : | semmle.label | a : |
| testCoreData2.swift:92:10:92:12 | .value : | semmle.label | .value : |
| testCoreData2.swift:93:2:93:2 | [post] dbObj | semmle.label | [post] dbObj |
| testCoreData2.swift:93:2:93:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
| testCoreData2.swift:93:18:93:18 | b : | semmle.label | b : |
| testCoreData2.swift:95:10:95:10 | bankAccountNo : | semmle.label | bankAccountNo : |
| testCoreData2.swift:97:2:97:2 | [post] d [value] : | semmle.label | [post] d [value] : |
| testCoreData2.swift:97:12:97:12 | c : | semmle.label | c : |
| testCoreData2.swift:97:12:97:14 | .value : | semmle.label | .value : |
| testCoreData2.swift:98:2:98:2 | [post] dbObj | semmle.label | [post] dbObj |
| testCoreData2.swift:98:2:98:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
| testCoreData2.swift:98:18:98:18 | d [value] : | semmle.label | d [value] : |
| testCoreData2.swift:98:18:98:20 | .value : | semmle.label | .value : |
| testCoreData2.swift:101:10:101:10 | bankAccountNo : | semmle.label | bankAccountNo : |
| testCoreData2.swift:104:2:104:2 | [post] dbObj | semmle.label | [post] dbObj |
| testCoreData2.swift:104:2:104:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
| testCoreData2.swift:104:18:104:18 | e : | semmle.label | e : |
| testCoreData2.swift:104:18:104:20 | .value : | semmle.label | .value : |
| testCoreData2.swift:105:2:105:2 | [post] dbObj | semmle.label | [post] dbObj |
| testCoreData2.swift:105:2:105:2 | [post] dbObj [myValue] : | semmle.label | [post] dbObj [myValue] : |
| testCoreData2.swift:105:18:105:18 | e : | semmle.label | e : |
| testCoreData2.swift:105:18:105:20 | ...! : | semmle.label | ...! : |
| testCoreData2.swift:105:18:105:20 | .value2 : | semmle.label | .value2 : |
| testCoreData.swift:18:19:18:26 | value : | semmle.label | value : |
| testCoreData.swift:19:12:19:12 | value | semmle.label | value |
| testCoreData.swift:31:3:31:3 | newValue : | semmle.label | newValue : |
@@ -285,29 +437,54 @@ nodes
subpaths
| testCoreData2.swift:43:35:43:35 | bankAccountNo : | testCoreData2.swift:23:13:23:13 | value : | file://:0:0:0:0 | [post] self [notStoredBankAccountNumber] : | testCoreData2.swift:43:2:43:2 | [post] obj [notStoredBankAccountNumber] : |
| testCoreData2.swift:52:41:52:41 | bankAccountNo : | testCoreData2.swift:23:13:23:13 | value : | file://:0:0:0:0 | [post] self [notStoredBankAccountNumber] : | testCoreData2.swift:52:2:52:10 | [post] ...? [notStoredBankAccountNumber] : |
| testCoreData2.swift:82:18:82:18 | bankAccountNo : | testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : | testCoreData2.swift:82:18:82:32 | .value : |
| testCoreData2.swift:83:18:83:18 | bankAccountNo : | testCoreData2.swift:71:9:71:9 | self : | file://:0:0:0:0 | .value2 : | testCoreData2.swift:83:18:83:32 | .value2 : |
| testCoreData2.swift:84:18:84:18 | ...! : | testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : | testCoreData2.swift:84:18:84:33 | .value : |
| testCoreData2.swift:85:18:85:18 | ...! : | testCoreData2.swift:71:9:71:9 | self : | file://:0:0:0:0 | .value2 : | testCoreData2.swift:85:18:85:33 | .value2 : |
| testCoreData2.swift:88:22:88:22 | bankAccountNo : | testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : | testCoreData2.swift:88:22:88:36 | .value : |
| testCoreData2.swift:89:22:89:22 | ...! : | testCoreData2.swift:71:9:71:9 | self : | file://:0:0:0:0 | .value2 : | testCoreData2.swift:89:22:89:37 | .value2 : |
| testCoreData2.swift:92:10:92:10 | a : | testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : | testCoreData2.swift:92:10:92:12 | .value : |
| testCoreData2.swift:97:12:97:12 | c : | testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : | testCoreData2.swift:97:12:97:14 | .value : |
| testCoreData2.swift:97:12:97:14 | .value : | testCoreData2.swift:70:9:70:9 | value : | file://:0:0:0:0 | [post] self [value] : | testCoreData2.swift:97:2:97:2 | [post] d [value] : |
| testCoreData2.swift:98:18:98:18 | d [value] : | testCoreData2.swift:70:9:70:9 | self [value] : | file://:0:0:0:0 | .value : | testCoreData2.swift:98:18:98:20 | .value : |
| testCoreData2.swift:104:18:104:18 | e : | testCoreData2.swift:70:9:70:9 | self : | file://:0:0:0:0 | .value : | testCoreData2.swift:104:18:104:20 | .value : |
| testCoreData2.swift:105:18:105:18 | e : | testCoreData2.swift:71:9:71:9 | self : | file://:0:0:0:0 | .value2 : | testCoreData2.swift:105:18:105:20 | .value2 : |
| testRealm.swift:34:11:34:11 | myPassword : | testRealm.swift:16:6:16:6 | value : | file://:0:0:0:0 | [post] self [data] : | testRealm.swift:34:2:34:2 | [post] a [data] : |
| testRealm.swift:42:11:42:11 | myPassword : | testRealm.swift:16:6:16:6 | value : | file://:0:0:0:0 | [post] self [data] : | testRealm.swift:42:2:42:2 | [post] c [data] : |
| testRealm.swift:52:12:52:12 | myPassword : | testRealm.swift:16:6:16:6 | value : | file://:0:0:0:0 | [post] self [data] : | testRealm.swift:52:2:52:3 | [post] ...! [data] : |
| testRealm.swift:59:11:59:11 | myPassword : | testRealm.swift:16:6:16:6 | value : | file://:0:0:0:0 | [post] self [data] : | testRealm.swift:59:2:59:2 | [post] g [data] : |
#select
| testCoreData2.swift:37:2:37:2 | obj | testCoreData2.swift:37:16:37:16 | bankAccountNo : | testCoreData2.swift:37:2:37:2 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:37:16:37:16 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:39:2:39:2 | obj | testCoreData2.swift:39:28:39:28 | bankAccountNo : | testCoreData2.swift:39:2:39:2 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:39:28:39:28 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:41:2:41:2 | obj | testCoreData2.swift:41:29:41:29 | bankAccountNo : | testCoreData2.swift:41:2:41:2 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:41:29:41:29 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:43:2:43:2 | obj | testCoreData2.swift:43:35:43:35 | bankAccountNo : | testCoreData2.swift:43:2:43:2 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:43:35:43:35 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:46:2:46:10 | ...? | testCoreData2.swift:46:22:46:22 | bankAccountNo : | testCoreData2.swift:46:2:46:10 | [post] ...? | This operation stores '[post] ...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:46:22:46:22 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:48:2:48:10 | ...? | testCoreData2.swift:48:34:48:34 | bankAccountNo : | testCoreData2.swift:48:2:48:10 | [post] ...? | This operation stores '[post] ...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:48:34:48:34 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:50:2:50:10 | ...? | testCoreData2.swift:50:35:50:35 | bankAccountNo : | testCoreData2.swift:50:2:50:10 | [post] ...? | This operation stores '[post] ...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:50:35:50:35 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:52:2:52:10 | ...? | testCoreData2.swift:52:41:52:41 | bankAccountNo : | testCoreData2.swift:52:2:52:10 | [post] ...? | This operation stores '[post] ...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:52:41:52:41 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:57:3:57:3 | obj | testCoreData2.swift:57:29:57:29 | bankAccountNo : | testCoreData2.swift:57:3:57:3 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:57:29:57:29 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:60:4:60:4 | obj | testCoreData2.swift:60:30:60:30 | bankAccountNo : | testCoreData2.swift:60:4:60:4 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:60:30:60:30 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:62:4:62:4 | obj | testCoreData2.swift:62:30:62:30 | bankAccountNo : | testCoreData2.swift:62:4:62:4 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:62:30:62:30 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:65:3:65:3 | obj | testCoreData2.swift:65:29:65:29 | bankAccountNo : | testCoreData2.swift:65:3:65:3 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:65:29:65:29 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:37:2:37:2 | obj | testCoreData2.swift:37:16:37:16 | bankAccountNo : | testCoreData2.swift:37:2:37:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:37:16:37:16 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:39:2:39:2 | obj | testCoreData2.swift:39:28:39:28 | bankAccountNo : | testCoreData2.swift:39:2:39:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:39:28:39:28 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:41:2:41:2 | obj | testCoreData2.swift:41:29:41:29 | bankAccountNo : | testCoreData2.swift:41:2:41:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:41:29:41:29 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:43:2:43:2 | obj | testCoreData2.swift:43:35:43:35 | bankAccountNo : | testCoreData2.swift:43:2:43:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:43:35:43:35 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:46:2:46:10 | ...? | testCoreData2.swift:46:22:46:22 | bankAccountNo : | testCoreData2.swift:46:2:46:10 | [post] ...? | This operation stores '...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:46:22:46:22 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:48:2:48:10 | ...? | testCoreData2.swift:48:34:48:34 | bankAccountNo : | testCoreData2.swift:48:2:48:10 | [post] ...? | This operation stores '...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:48:34:48:34 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:50:2:50:10 | ...? | testCoreData2.swift:50:35:50:35 | bankAccountNo : | testCoreData2.swift:50:2:50:10 | [post] ...? | This operation stores '...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:50:35:50:35 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:52:2:52:10 | ...? | testCoreData2.swift:52:41:52:41 | bankAccountNo : | testCoreData2.swift:52:2:52:10 | [post] ...? | This operation stores '...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:52:41:52:41 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:57:3:57:3 | obj | testCoreData2.swift:57:29:57:29 | bankAccountNo : | testCoreData2.swift:57:3:57:3 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:57:29:57:29 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:60:4:60:4 | obj | testCoreData2.swift:60:30:60:30 | bankAccountNo : | testCoreData2.swift:60:4:60:4 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:60:30:60:30 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:62:4:62:4 | obj | testCoreData2.swift:62:30:62:30 | bankAccountNo : | testCoreData2.swift:62:4:62:4 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:62:30:62:30 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:65:3:65:3 | obj | testCoreData2.swift:65:29:65:29 | bankAccountNo : | testCoreData2.swift:65:3:65:3 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:65:29:65:29 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:79:2:79:2 | dbObj | testCoreData2.swift:79:18:79:28 | .bankAccountNo : | testCoreData2.swift:79:2:79:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:79:18:79:28 | .bankAccountNo : | .bankAccountNo |
| testCoreData2.swift:80:2:80:2 | dbObj | testCoreData2.swift:80:18:80:28 | .bankAccountNo2 : | testCoreData2.swift:80:2:80:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:80:18:80:28 | .bankAccountNo2 : | .bankAccountNo2 |
| testCoreData2.swift:82:2:82:2 | dbObj | testCoreData2.swift:82:18:82:18 | bankAccountNo : | testCoreData2.swift:82:2:82:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:82:18:82:18 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:83:2:83:2 | dbObj | testCoreData2.swift:83:18:83:18 | bankAccountNo : | testCoreData2.swift:83:2:83:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:83:18:83:18 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:84:2:84:2 | dbObj | testCoreData2.swift:84:18:84:18 | bankAccountNo2 : | testCoreData2.swift:84:2:84:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:84:18:84:18 | bankAccountNo2 : | bankAccountNo2 |
| testCoreData2.swift:85:2:85:2 | dbObj | testCoreData2.swift:85:18:85:18 | bankAccountNo2 : | testCoreData2.swift:85:2:85:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:85:18:85:18 | bankAccountNo2 : | bankAccountNo2 |
| testCoreData2.swift:87:2:87:10 | ...? | testCoreData2.swift:87:22:87:32 | .bankAccountNo : | testCoreData2.swift:87:2:87:10 | [post] ...? | This operation stores '...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:87:22:87:32 | .bankAccountNo : | .bankAccountNo |
| testCoreData2.swift:88:2:88:10 | ...? | testCoreData2.swift:88:22:88:22 | bankAccountNo : | testCoreData2.swift:88:2:88:10 | [post] ...? | This operation stores '...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:88:22:88:22 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:89:2:89:10 | ...? | testCoreData2.swift:89:22:89:22 | bankAccountNo2 : | testCoreData2.swift:89:2:89:10 | [post] ...? | This operation stores '...?' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:89:22:89:22 | bankAccountNo2 : | bankAccountNo2 |
| testCoreData2.swift:93:2:93:2 | dbObj | testCoreData2.swift:91:10:91:10 | bankAccountNo : | testCoreData2.swift:93:2:93:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:91:10:91:10 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:98:2:98:2 | dbObj | testCoreData2.swift:95:10:95:10 | bankAccountNo : | testCoreData2.swift:98:2:98:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:95:10:95:10 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:104:2:104:2 | dbObj | testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:104:2:104:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:101:10:101:10 | bankAccountNo : | bankAccountNo |
| testCoreData2.swift:105:2:105:2 | dbObj | testCoreData2.swift:101:10:101:10 | bankAccountNo : | testCoreData2.swift:105:2:105:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:101:10:101:10 | bankAccountNo : | bankAccountNo |
| testCoreData.swift:19:12:19:12 | value | testCoreData.swift:61:25:61:25 | password : | testCoreData.swift:19:12:19:12 | value | This operation stores 'value' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:61:25:61:25 | password : | password |
| testCoreData.swift:32:13:32:13 | newValue | testCoreData.swift:64:16:64:16 | password : | testCoreData.swift:32:13:32:13 | newValue | This operation stores 'newValue' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:64:16:64:16 | password : | password |
| testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:48:15:48:15 | password | password |
| testCoreData.swift:51:24:51:24 | password | testCoreData.swift:51:24:51:24 | password | testCoreData.swift:51:24:51:24 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:51:24:51:24 | password | password |
| testCoreData.swift:58:15:58:15 | password | testCoreData.swift:58:15:58:15 | password | testCoreData.swift:58:15:58:15 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:58:15:58:15 | password | password |
| testCoreData.swift:64:2:64:2 | obj | testCoreData.swift:64:16:64:16 | password : | testCoreData.swift:64:2:64:2 | [post] obj | This operation stores '[post] obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:64:16:64:16 | password : | password |
| testCoreData.swift:64:2:64:2 | obj | testCoreData.swift:64:16:64:16 | password : | testCoreData.swift:64:2:64:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:64:16:64:16 | password : | password |
| testCoreData.swift:78:15:78:15 | x | testCoreData.swift:77:24:77:24 | x : | testCoreData.swift:78:15:78:15 | x | This operation stores 'x' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:77:24:77:24 | x : | x |
| testCoreData.swift:81:15:81:15 | y | testCoreData.swift:80:10:80:22 | call to getPassword() : | testCoreData.swift:81:15:81:15 | y | This operation stores 'y' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:80:10:80:22 | call to getPassword() : | call to getPassword() |
| testCoreData.swift:85:15:85:17 | .password | testCoreData.swift:85:15:85:17 | .password | testCoreData.swift:85:15:85:17 | .password | This operation stores '.password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:85:15:85:17 | .password | .password |
@@ -365,7 +542,7 @@ subpaths
| testGRDB.swift:208:80:208:89 | [...] | testGRDB.swift:208:81:208:81 | password : | testGRDB.swift:208:80:208:89 | [...] | This operation stores '[...]' in a database. It may contain unencrypted sensitive data from $@. | testGRDB.swift:208:81:208:81 | password : | password |
| testGRDB.swift:210:84:210:93 | [...] | testGRDB.swift:210:85:210:85 | password : | testGRDB.swift:210:84:210:93 | [...] | This operation stores '[...]' in a database. It may contain unencrypted sensitive data from $@. | testGRDB.swift:210:85:210:85 | password : | password |
| testGRDB.swift:212:98:212:107 | [...] | testGRDB.swift:212:99:212:99 | password : | testGRDB.swift:212:98:212:107 | [...] | This operation stores '[...]' in a database. It may contain unencrypted sensitive data from $@. | testGRDB.swift:212:99:212:99 | password : | password |
| testRealm.swift:34:2:34:2 | a | testRealm.swift:34:11:34:11 | myPassword : | testRealm.swift:34:2:34:2 | [post] a | This operation stores '[post] a' in a database. It may contain unencrypted sensitive data from $@. | testRealm.swift:34:11:34:11 | myPassword : | myPassword |
| testRealm.swift:42:2:42:2 | c | testRealm.swift:42:11:42:11 | myPassword : | testRealm.swift:42:2:42:2 | [post] c | This operation stores '[post] c' in a database. It may contain unencrypted sensitive data from $@. | testRealm.swift:42:11:42:11 | myPassword : | myPassword |
| testRealm.swift:52:2:52:3 | ...! | testRealm.swift:52:12:52:12 | myPassword : | testRealm.swift:52:2:52:3 | [post] ...! | This operation stores '[post] ...!' in a database. It may contain unencrypted sensitive data from $@. | testRealm.swift:52:12:52:12 | myPassword : | myPassword |
| testRealm.swift:59:2:59:2 | g | testRealm.swift:59:11:59:11 | myPassword : | testRealm.swift:59:2:59:2 | [post] g | This operation stores '[post] g' in a database. It may contain unencrypted sensitive data from $@. | testRealm.swift:59:11:59:11 | myPassword : | myPassword |
| testRealm.swift:34:2:34:2 | a | testRealm.swift:34:11:34:11 | myPassword : | testRealm.swift:34:2:34:2 | [post] a | This operation stores 'a' in a database. It may contain unencrypted sensitive data from $@. | testRealm.swift:34:11:34:11 | myPassword : | myPassword |
| testRealm.swift:42:2:42:2 | c | testRealm.swift:42:11:42:11 | myPassword : | testRealm.swift:42:2:42:2 | [post] c | This operation stores 'c' in a database. It may contain unencrypted sensitive data from $@. | testRealm.swift:42:11:42:11 | myPassword : | myPassword |
| testRealm.swift:52:2:52:3 | ...! | testRealm.swift:52:12:52:12 | myPassword : | testRealm.swift:52:2:52:3 | [post] ...! | This operation stores '...!' in a database. It may contain unencrypted sensitive data from $@. | testRealm.swift:52:12:52:12 | myPassword : | myPassword |
| testRealm.swift:59:2:59:2 | g | testRealm.swift:59:11:59:11 | myPassword : | testRealm.swift:59:2:59:2 | [post] g | This operation stores 'g' in a database. It may contain unencrypted sensitive data from $@. | testRealm.swift:59:11:59:11 | myPassword : | myPassword |

12
swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected
View File

@@ -36,6 +36,18 @@
| testCoreData2.swift:62:30:62:30 | bankAccountNo | label:bankAccountNo, type:private information |
| testCoreData2.swift:65:3:65:7 | .myBankAccountNumber | label:myBankAccountNumber, type:private information |
| testCoreData2.swift:65:29:65:29 | bankAccountNo | label:bankAccountNo, type:private information |
| testCoreData2.swift:79:18:79:28 | .bankAccountNo | label:bankAccountNo, type:private information |
| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 | label:bankAccountNo2, type:private information |
| testCoreData2.swift:82:18:82:18 | bankAccountNo | label:bankAccountNo, type:private information |
| testCoreData2.swift:83:18:83:18 | bankAccountNo | label:bankAccountNo, type:private information |
| testCoreData2.swift:84:18:84:18 | bankAccountNo2 | label:bankAccountNo2, type:private information |
| testCoreData2.swift:85:18:85:18 | bankAccountNo2 | label:bankAccountNo2, type:private information |
| testCoreData2.swift:87:22:87:32 | .bankAccountNo | label:bankAccountNo, type:private information |
| testCoreData2.swift:88:22:88:22 | bankAccountNo | label:bankAccountNo, type:private information |
| testCoreData2.swift:89:22:89:22 | bankAccountNo2 | label:bankAccountNo2, type:private information |
| testCoreData2.swift:91:10:91:10 | bankAccountNo | label:bankAccountNo, type:private information |
| testCoreData2.swift:95:10:95:10 | bankAccountNo | label:bankAccountNo, type:private information |
| testCoreData2.swift:101:10:101:10 | bankAccountNo | label:bankAccountNo, type:private information |
| testCoreData.swift:48:15:48:15 | password | label:password, type:credential |
| testCoreData.swift:51:24:51:24 | password | label:password, type:credential |
| testCoreData.swift:58:15:58:15 | password | label:password, type:credential |

39
swift/ql/test/query-tests/Security/CWE-311/testCoreData2.swift
View File

@@ -65,3 +65,42 @@ class testCoreData2_2 {
obj.myBankAccountNumber = bankAccountNo // BAD
}
}
class MyContainer {
var value: Int = 0
var value2: Int! = 0
var bankAccountNo: Int = 0
var bankAccountNo2: Int! = 0
}
func testCoreData2_3(dbObj: MyManagedObject2, maybeObj: MyManagedObject2?, container: MyContainer, bankAccountNo: MyContainer, bankAccountNo2: MyContainer!) {
dbObj.myValue = container.value // GOOD (not sensitive)
dbObj.myValue = container.value2 // GOOD (not sensitive)
dbObj.myValue = container.bankAccountNo // BAD
dbObj.myValue = container.bankAccountNo2 // BAD
dbObj.myValue = bankAccountNo.value // BAD
dbObj.myValue = bankAccountNo.value2 // BAD
dbObj.myValue = bankAccountNo2.value // BAD
dbObj.myValue = bankAccountNo2.value2 // BAD
maybeObj?.myValue = container.bankAccountNo // BAD
maybeObj?.myValue = bankAccountNo.value // BAD
maybeObj?.myValue = bankAccountNo2.value2 // BAD
var a = bankAccountNo // sensitive
var b = a.value
dbObj.myValue = b // BAD
let c = bankAccountNo // sensitive
var d: MyContainer = MyContainer()
d.value = c.value
dbObj.myValue = d.value // BAD
dbObj.myValue = d.value2 // GOOD
let e = bankAccountNo // sensitive
var f: MyContainer?
f?.value = e.value
dbObj.myValue = e.value // BAD
dbObj.myValue = e.value2 // GOOD [FALSE POSITIVE]
}