Swift: Update test annotations.

2026-04-26 09:15:12 +02:00 · 2023-05-12 15:30:14 +01:00
parent 3f206cce00
commit 5019d3befa
2 changed files with 13 additions and 13 deletions
--- a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift
+++ b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift
@@ -12,7 +12,7 @@ struct URL
 func test1(passwd : String, encrypted_passwd : String, account_no : String, credit_card_no : String) {
 	let a = URL(string: "http://example.com/login?p=" + passwd); // BAD
 	let b = URL(string: "http://example.com/login?p=" + encrypted_passwd); // GOOD (not sensitive)
-	let c = URL(string: "http://example.com/login?ac=" + account_no); // BAD [NOT DETECTED]
+	let c = URL(string: "http://example.com/login?ac=" + account_no); // BAD
 	let d = URL(string: "http://example.com/login?cc=" + credit_card_no); // BAD

 	let base = URL(string: "http://example.com/"); // GOOD (not sensitive)
--- a/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift
+++ b/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift
@@ -54,16 +54,16 @@ enum Insecure {

 func testHashMethods(passwd : UnsafeRawBufferPointer, cert: String, encrypted_passwd : String, account_no : String, credit_card_no : String) {
    var hash = Crypto.Insecure.MD5.hash(data: passwd)  // BAD
-    hash = Crypto.Insecure.MD5.hash(data: cert)   // BAD [NOT DETECTED]
+    hash = Crypto.Insecure.MD5.hash(data: cert)   // BAD
    hash = Crypto.Insecure.MD5.hash(data: encrypted_passwd)  // GOOD  (not sensitive)
-    hash = Crypto.Insecure.MD5.hash(data: account_no)   // BAD [NOT DETECTED]
+    hash = Crypto.Insecure.MD5.hash(data: account_no)   // BAD
    hash = Crypto.Insecure.MD5.hash(data: credit_card_no)   // BAD
    hash = Crypto.Insecure.MD5.hash(data: credit_card_no)   // BAD

    hash = Crypto.Insecure.SHA1.hash(data: passwd)  // BAD
-    hash = Crypto.Insecure.SHA1.hash(data: cert)   // BAD [NOT DETECTED]
+    hash = Crypto.Insecure.SHA1.hash(data: cert)   // BAD
    hash = Crypto.Insecure.SHA1.hash(data: encrypted_passwd)  // GOOD  (not sensitive)
-    hash = Crypto.Insecure.SHA1.hash(data: account_no)   // BAD [NOT DETECTED]
+    hash = Crypto.Insecure.SHA1.hash(data: account_no)   // BAD
    hash = Crypto.Insecure.SHA1.hash(data: credit_card_no)   // BAD

    hash = Crypto.SHA256.hash(data: passwd)   // BAD [NOT DETECTED] not a computationally expensive hash
@@ -88,18 +88,18 @@ func testHashMethods(passwd : UnsafeRawBufferPointer, cert: String, encrypted_pa
 func testMD5UpdateWithData(passwd : String, cert: String, encrypted_passwd : String, account_no : String, credit_card_no : String) {
    var hash = Crypto.Insecure.MD5()
    hash.update(data: passwd)  // BAD
-    hash.update(data: cert)  // BAD [NOT DETECTED]
+    hash.update(data: cert)  // BAD
    hash.update(data: encrypted_passwd)  // GOOD  (not sensitive)
-    hash.update(data: account_no)   // BAD [NOT DETECTED]
+    hash.update(data: account_no)   // BAD
    hash.update(data: credit_card_no)   // BAD
 }

 func testSHA1UpdateWithData(passwd : String, cert: String, encrypted_passwd : String, account_no : String, credit_card_no : String) {
    var hash = Crypto.Insecure.SHA1()
    hash.update(data: passwd)  // BAD
-    hash.update(data: cert)  // BAD [NOT DETECTED]
+    hash.update(data: cert)  // BAD
    hash.update(data: encrypted_passwd)  // GOOD  (not sensitive)
-    hash.update(data: account_no)   // BAD [NOT DETECTED]
+    hash.update(data: account_no)   // BAD
    hash.update(data: credit_card_no)   // BAD
 }

@@ -130,18 +130,18 @@ func testSHA512UpdateWithData(passwd : String, cert: String, encrypted_passwd :
 func testMD5UpdateWithUnsafeRawBufferPointer(passwd : UnsafeRawBufferPointer, cert: UnsafeRawBufferPointer, encrypted_passwd : UnsafeRawBufferPointer, account_no : UnsafeRawBufferPointer, credit_card_no : UnsafeRawBufferPointer) {
    var hash = Crypto.Insecure.MD5()
    hash.update(bufferPointer: passwd)  // BAD
-    hash.update(bufferPointer: cert)  // BAD [NOT DETECTED]
+    hash.update(bufferPointer: cert)  // BAD
    hash.update(bufferPointer: encrypted_passwd)  // GOOD  (not sensitive)
-    hash.update(bufferPointer: account_no)   // BAD [NOT DETECTED]
+    hash.update(bufferPointer: account_no)   // BAD
    hash.update(bufferPointer: credit_card_no)   // BAD
 }

 func testSHA1UpdateWithUnsafeRawBufferPointer(passwd : UnsafeRawBufferPointer, cert: UnsafeRawBufferPointer, encrypted_passwd : UnsafeRawBufferPointer, account_no : UnsafeRawBufferPointer, credit_card_no : UnsafeRawBufferPointer) {
    var hash = Crypto.Insecure.SHA1()
    hash.update(bufferPointer: passwd)  // BAD
-    hash.update(bufferPointer: cert)  // BAD [NOT DETECTED]
+    hash.update(bufferPointer: cert)  // BAD
    hash.update(bufferPointer: encrypted_passwd)  // GOOD  (not sensitive)
-    hash.update(bufferPointer: account_no)   // BAD [NOT DETECTED]
+    hash.update(bufferPointer: account_no)   // BAD
    hash.update(bufferPointer: credit_card_no)   // BAD
 }