hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Fix unwanted flows.

Browse Source
This commit is contained in:
Geoffrey White
2024-11-14 17:51:47 +00:00
parent e589b1fcd0
commit 8245e6c2b9
3 changed files with 2 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll
View File

@@ -32,8 +32,8 @@ private class CollectionSummaries extends SummaryModelCsv {
";Collection;true;dropLast(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
";Collection;true;flatMap(_:);;;Argument[-1];ReturnValue;taint",
";Collection;true;flatMap(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
";Collection;true;map(_:);;;Argument[-1];ReturnValue;taint",
";Collection;true;map(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value",
//";Collection;true;map(_:);;;Argument[-1];ReturnValue;taint", --- disabled due to dubious results in practice
//";Collection;true;map(_:);;;Argument[-1].CollectionElement;ReturnValue.CollectionElement;value", --- disabled due to dubious results in practice
";Collection;true;split(maxSplits:omittingEmptySubsequences:whereSeparator:);;;Argument[-1];ReturnValue;taint",
";Collection;true;split(separator:maxSplits:omittingEmptySubsequences:);;;Argument[-1];ReturnValue;taint",
";Collection;true;removeFirst();;;Argument[-1];ReturnValue;taint",

25
swift/ql/test/query-tests/Security/CWE-259/ConstantPassword.expected
View File

@@ -1,17 +1,4 @@
edges
| rncryptor.swift:60:9:60:65 | call to String.init(_:) | rncryptor.swift:68:25:68:44 | call to getARandomPassword() | provenance | |
| rncryptor.swift:60:9:60:65 | call to String.init(_:) [Collection element] | rncryptor.swift:68:25:68:44 | call to getARandomPassword() [Collection element] | provenance | |
| rncryptor.swift:60:16:60:16 | ............ | rncryptor.swift:60:16:60:64 | call to map(_:) | provenance | |
| rncryptor.swift:60:16:60:64 | call to map(_:) | rncryptor.swift:60:9:60:65 | call to String.init(_:) | provenance | |
| rncryptor.swift:60:16:60:64 | call to map(_:) | rncryptor.swift:60:9:60:65 | call to String.init(_:) [Collection element] | provenance | |
| rncryptor.swift:68:25:68:44 | call to getARandomPassword() | rncryptor.swift:74:89:74:89 | myRandomPassword | provenance | |
| rncryptor.swift:68:25:68:44 | call to getARandomPassword() | rncryptor.swift:75:56:75:56 | myRandomPassword | provenance | |
| rncryptor.swift:68:25:68:44 | call to getARandomPassword() | rncryptor.swift:80:89:80:89 | myMaybePassword | provenance | |
| rncryptor.swift:68:25:68:44 | call to getARandomPassword() | rncryptor.swift:81:56:81:56 | myMaybePassword | provenance | |
| rncryptor.swift:68:25:68:44 | call to getARandomPassword() [Collection element] | rncryptor.swift:74:89:74:89 | myRandomPassword | provenance | |
| rncryptor.swift:68:25:68:44 | call to getARandomPassword() [Collection element] | rncryptor.swift:75:56:75:56 | myRandomPassword | provenance | |
| rncryptor.swift:68:25:68:44 | call to getARandomPassword() [Collection element] | rncryptor.swift:80:89:80:89 | myMaybePassword | provenance | |
| rncryptor.swift:68:25:68:44 | call to getARandomPassword() [Collection element] | rncryptor.swift:81:56:81:56 | myMaybePassword | provenance | |
| rncryptor.swift:69:24:69:24 | abc123 | rncryptor.swift:77:89:77:89 | myConstPassword | provenance | |
| rncryptor.swift:69:24:69:24 | abc123 | rncryptor.swift:78:56:78:56 | myConstPassword | provenance | |
| rncryptor.swift:69:24:69:24 | abc123 | rncryptor.swift:80:89:80:89 | myMaybePassword | provenance | |
@@ -43,15 +30,7 @@ edges
| test.swift:44:31:44:48 | call to getConstantArray() [Collection element] | test.swift:63:40:63:40 | constantStringPassword | provenance | |
| test.swift:44:31:44:48 | call to getConstantArray() [Collection element] | test.swift:68:34:68:34 | constantStringPassword | provenance | |
nodes
| rncryptor.swift:60:9:60:65 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| rncryptor.swift:60:9:60:65 | call to String.init(_:) [Collection element] | semmle.label | call to String.init(_:) [Collection element] |
| rncryptor.swift:60:16:60:16 | ............ | semmle.label | ............ |
| rncryptor.swift:60:16:60:64 | call to map(_:) | semmle.label | call to map(_:) |
| rncryptor.swift:68:25:68:44 | call to getARandomPassword() | semmle.label | call to getARandomPassword() |
| rncryptor.swift:68:25:68:44 | call to getARandomPassword() [Collection element] | semmle.label | call to getARandomPassword() [Collection element] |
| rncryptor.swift:69:24:69:24 | abc123 | semmle.label | abc123 |
| rncryptor.swift:74:89:74:89 | myRandomPassword | semmle.label | myRandomPassword |
| rncryptor.swift:75:56:75:56 | myRandomPassword | semmle.label | myRandomPassword |
| rncryptor.swift:77:89:77:89 | myConstPassword | semmle.label | myConstPassword |
| rncryptor.swift:78:56:78:56 | myConstPassword | semmle.label | myConstPassword |
| rncryptor.swift:80:89:80:89 | myMaybePassword | semmle.label | myMaybePassword |
@@ -86,13 +65,9 @@ nodes
| test.swift:68:34:68:34 | constantStringPassword | semmle.label | constantStringPassword |
subpaths
#select
| rncryptor.swift:74:89:74:89 | myRandomPassword | rncryptor.swift:60:16:60:16 | ............ | rncryptor.swift:74:89:74:89 | myRandomPassword | The value '............' is used as a constant password. |
| rncryptor.swift:75:56:75:56 | myRandomPassword | rncryptor.swift:60:16:60:16 | ............ | rncryptor.swift:75:56:75:56 | myRandomPassword | The value '............' is used as a constant password. |
| rncryptor.swift:77:89:77:89 | myConstPassword | rncryptor.swift:69:24:69:24 | abc123 | rncryptor.swift:77:89:77:89 | myConstPassword | The value 'abc123' is used as a constant password. |
| rncryptor.swift:78:56:78:56 | myConstPassword | rncryptor.swift:69:24:69:24 | abc123 | rncryptor.swift:78:56:78:56 | myConstPassword | The value 'abc123' is used as a constant password. |
| rncryptor.swift:80:89:80:89 | myMaybePassword | rncryptor.swift:60:16:60:16 | ............ | rncryptor.swift:80:89:80:89 | myMaybePassword | The value '............' is used as a constant password. |
| rncryptor.swift:80:89:80:89 | myMaybePassword | rncryptor.swift:69:24:69:24 | abc123 | rncryptor.swift:80:89:80:89 | myMaybePassword | The value 'abc123' is used as a constant password. |
| rncryptor.swift:81:56:81:56 | myMaybePassword | rncryptor.swift:60:16:60:16 | ............ | rncryptor.swift:81:56:81:56 | myMaybePassword | The value '............' is used as a constant password. |
| rncryptor.swift:81:56:81:56 | myMaybePassword | rncryptor.swift:69:24:69:24 | abc123 | rncryptor.swift:81:56:81:56 | myMaybePassword | The value 'abc123' is used as a constant password. |
| rncryptor.swift:91:39:91:39 | myConstPassword | rncryptor.swift:69:24:69:24 | abc123 | rncryptor.swift:91:39:91:39 | myConstPassword | The value 'abc123' is used as a constant password. |
| rncryptor.swift:92:37:92:37 | myConstPassword | rncryptor.swift:69:24:69:24 | abc123 | rncryptor.swift:92:37:92:37 | myConstPassword | The value 'abc123' is used as a constant password. |

67
swift/ql/test/query-tests/Security/CWE-760/ConstantSalt.expected
View File

@@ -1,28 +1,4 @@
edges
| rncryptor.swift:47:9:47:69 | call to String.init(_:) | rncryptor.swift:57:27:57:44 | call to getARandomString() | provenance | |
| rncryptor.swift:47:9:47:69 | call to String.init(_:) | rncryptor.swift:58:27:58:44 | call to getARandomString() | provenance | |
| rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:47:16:47:68 | call to map(_:) | provenance | |
| rncryptor.swift:47:16:47:68 | call to map(_:) | rncryptor.swift:47:9:47:69 | call to String.init(_:) | provenance | |
| rncryptor.swift:57:22:57:45 | call to Data.init(_:) | rncryptor.swift:62:57:62:57 | myRandomSalt1 | provenance | |
| rncryptor.swift:57:22:57:45 | call to Data.init(_:) | rncryptor.swift:67:106:67:106 | myRandomSalt1 | provenance | |
| rncryptor.swift:57:22:57:45 | call to Data.init(_:) | rncryptor.swift:69:106:69:106 | myRandomSalt1 | provenance | |
| rncryptor.swift:57:22:57:45 | call to Data.init(_:) | rncryptor.swift:70:106:70:106 | myRandomSalt1 | provenance | |
| rncryptor.swift:57:22:57:45 | call to Data.init(_:) | rncryptor.swift:72:106:72:106 | myRandomSalt1 | provenance | |
| rncryptor.swift:57:22:57:45 | call to Data.init(_:) | rncryptor.swift:74:127:74:127 | myRandomSalt1 | provenance | |
| rncryptor.swift:57:22:57:45 | call to Data.init(_:) | rncryptor.swift:76:127:76:127 | myRandomSalt1 | provenance | |
| rncryptor.swift:57:22:57:45 | call to Data.init(_:) | rncryptor.swift:77:135:77:135 | myRandomSalt1 | provenance | |
| rncryptor.swift:57:22:57:45 | call to Data.init(_:) | rncryptor.swift:79:135:79:135 | myRandomSalt1 | provenance | |
| rncryptor.swift:57:27:57:44 | call to getARandomString() | rncryptor.swift:57:22:57:45 | call to Data.init(_:) | provenance | |
| rncryptor.swift:58:22:58:45 | call to Data.init(_:) | rncryptor.swift:64:55:64:55 | myRandomSalt2 | provenance | |
| rncryptor.swift:58:22:58:45 | call to Data.init(_:) | rncryptor.swift:67:131:67:131 | myRandomSalt2 | provenance | |
| rncryptor.swift:58:22:58:45 | call to Data.init(_:) | rncryptor.swift:68:133:68:133 | myRandomSalt2 | provenance | |
| rncryptor.swift:58:22:58:45 | call to Data.init(_:) | rncryptor.swift:70:131:70:131 | myRandomSalt2 | provenance | |
| rncryptor.swift:58:22:58:45 | call to Data.init(_:) | rncryptor.swift:71:133:71:133 | myRandomSalt2 | provenance | |
| rncryptor.swift:58:22:58:45 | call to Data.init(_:) | rncryptor.swift:74:152:74:152 | myRandomSalt2 | provenance | |
| rncryptor.swift:58:22:58:45 | call to Data.init(_:) | rncryptor.swift:75:154:75:154 | myRandomSalt2 | provenance | |
| rncryptor.swift:58:22:58:45 | call to Data.init(_:) | rncryptor.swift:77:160:77:160 | myRandomSalt2 | provenance | |
| rncryptor.swift:58:22:58:45 | call to Data.init(_:) | rncryptor.swift:78:162:78:162 | myRandomSalt2 | provenance | |
| rncryptor.swift:58:27:58:44 | call to getARandomString() | rncryptor.swift:58:22:58:45 | call to Data.init(_:) | provenance | |
| rncryptor.swift:59:24:59:43 | call to Data.init(_:) | rncryptor.swift:63:57:63:57 | myConstantSalt1 | provenance | |
| rncryptor.swift:59:24:59:43 | call to Data.init(_:) | rncryptor.swift:68:106:68:106 | myConstantSalt1 | provenance | |
| rncryptor.swift:59:24:59:43 | call to Data.init(_:) | rncryptor.swift:71:106:71:106 | myConstantSalt1 | provenance | |
@@ -48,44 +24,19 @@ edges
| test.swift:44:27:44:44 | call to getConstantArray() [Collection element] | test.swift:63:59:63:59 | constantStringSalt | provenance | |
| test.swift:44:27:44:44 | call to getConstantArray() [Collection element] | test.swift:68:53:68:53 | constantStringSalt | provenance | |
nodes
| rncryptor.swift:47:9:47:69 | call to String.init(_:) | semmle.label | call to String.init(_:) |
| rncryptor.swift:47:16:47:16 | ................ | semmle.label | ................ |
| rncryptor.swift:47:16:47:68 | call to map(_:) | semmle.label | call to map(_:) |
| rncryptor.swift:57:22:57:45 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
| rncryptor.swift:57:27:57:44 | call to getARandomString() | semmle.label | call to getARandomString() |
| rncryptor.swift:58:22:58:45 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
| rncryptor.swift:58:27:58:44 | call to getARandomString() | semmle.label | call to getARandomString() |
| rncryptor.swift:59:24:59:43 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
| rncryptor.swift:59:29:59:29 | abcdef123456 | semmle.label | abcdef123456 |
| rncryptor.swift:60:24:60:30 | call to Data.init(_:) | semmle.label | call to Data.init(_:) |
| rncryptor.swift:60:29:60:29 | 0 | semmle.label | 0 |
| rncryptor.swift:62:57:62:57 | myRandomSalt1 | semmle.label | myRandomSalt1 |
| rncryptor.swift:63:57:63:57 | myConstantSalt1 | semmle.label | myConstantSalt1 |
| rncryptor.swift:64:55:64:55 | myRandomSalt2 | semmle.label | myRandomSalt2 |
| rncryptor.swift:65:55:65:55 | myConstantSalt2 | semmle.label | myConstantSalt2 |
| rncryptor.swift:67:106:67:106 | myRandomSalt1 | semmle.label | myRandomSalt1 |
| rncryptor.swift:67:131:67:131 | myRandomSalt2 | semmle.label | myRandomSalt2 |
| rncryptor.swift:68:106:68:106 | myConstantSalt1 | semmle.label | myConstantSalt1 |
| rncryptor.swift:68:133:68:133 | myRandomSalt2 | semmle.label | myRandomSalt2 |
| rncryptor.swift:69:106:69:106 | myRandomSalt1 | semmle.label | myRandomSalt1 |
| rncryptor.swift:69:131:69:131 | myConstantSalt2 | semmle.label | myConstantSalt2 |
| rncryptor.swift:70:106:70:106 | myRandomSalt1 | semmle.label | myRandomSalt1 |
| rncryptor.swift:70:131:70:131 | myRandomSalt2 | semmle.label | myRandomSalt2 |
| rncryptor.swift:71:106:71:106 | myConstantSalt1 | semmle.label | myConstantSalt1 |
| rncryptor.swift:71:133:71:133 | myRandomSalt2 | semmle.label | myRandomSalt2 |
| rncryptor.swift:72:106:72:106 | myRandomSalt1 | semmle.label | myRandomSalt1 |
| rncryptor.swift:72:131:72:131 | myConstantSalt2 | semmle.label | myConstantSalt2 |
| rncryptor.swift:74:127:74:127 | myRandomSalt1 | semmle.label | myRandomSalt1 |
| rncryptor.swift:74:152:74:152 | myRandomSalt2 | semmle.label | myRandomSalt2 |
| rncryptor.swift:75:127:75:127 | myConstantSalt1 | semmle.label | myConstantSalt1 |
| rncryptor.swift:75:154:75:154 | myRandomSalt2 | semmle.label | myRandomSalt2 |
| rncryptor.swift:76:127:76:127 | myRandomSalt1 | semmle.label | myRandomSalt1 |
| rncryptor.swift:76:152:76:152 | myConstantSalt2 | semmle.label | myConstantSalt2 |
| rncryptor.swift:77:135:77:135 | myRandomSalt1 | semmle.label | myRandomSalt1 |
| rncryptor.swift:77:160:77:160 | myRandomSalt2 | semmle.label | myRandomSalt2 |
| rncryptor.swift:78:135:78:135 | myConstantSalt1 | semmle.label | myConstantSalt1 |
| rncryptor.swift:78:162:78:162 | myRandomSalt2 | semmle.label | myRandomSalt2 |
| rncryptor.swift:79:135:79:135 | myRandomSalt1 | semmle.label | myRandomSalt1 |
| rncryptor.swift:79:160:79:160 | myConstantSalt2 | semmle.label | myConstantSalt2 |
| test.swift:29:3:29:3 | this string is constant | semmle.label | this string is constant |
| test.swift:33:2:33:34 | call to Array<Element>.init(_:) [Collection element] | semmle.label | call to Array<Element>.init(_:) [Collection element] |
@@ -103,33 +54,15 @@ nodes
| test.swift:68:53:68:53 | constantStringSalt | semmle.label | constantStringSalt |
subpaths
#select
| rncryptor.swift:62:57:62:57 | myRandomSalt1 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:62:57:62:57 | myRandomSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:63:57:63:57 | myConstantSalt1 | rncryptor.swift:59:29:59:29 | abcdef123456 | rncryptor.swift:63:57:63:57 | myConstantSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:59:29:59:29 | abcdef123456 | abcdef123456 |
| rncryptor.swift:64:55:64:55 | myRandomSalt2 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:64:55:64:55 | myRandomSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:65:55:65:55 | myConstantSalt2 | rncryptor.swift:60:29:60:29 | 0 | rncryptor.swift:65:55:65:55 | myConstantSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:60:29:60:29 | 0 | 0 |
| rncryptor.swift:67:106:67:106 | myRandomSalt1 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:67:106:67:106 | myRandomSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:67:131:67:131 | myRandomSalt2 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:67:131:67:131 | myRandomSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:68:106:68:106 | myConstantSalt1 | rncryptor.swift:59:29:59:29 | abcdef123456 | rncryptor.swift:68:106:68:106 | myConstantSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:59:29:59:29 | abcdef123456 | abcdef123456 |
| rncryptor.swift:68:133:68:133 | myRandomSalt2 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:68:133:68:133 | myRandomSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:69:106:69:106 | myRandomSalt1 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:69:106:69:106 | myRandomSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:69:131:69:131 | myConstantSalt2 | rncryptor.swift:60:29:60:29 | 0 | rncryptor.swift:69:131:69:131 | myConstantSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:60:29:60:29 | 0 | 0 |
| rncryptor.swift:70:106:70:106 | myRandomSalt1 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:70:106:70:106 | myRandomSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:70:131:70:131 | myRandomSalt2 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:70:131:70:131 | myRandomSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:71:106:71:106 | myConstantSalt1 | rncryptor.swift:59:29:59:29 | abcdef123456 | rncryptor.swift:71:106:71:106 | myConstantSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:59:29:59:29 | abcdef123456 | abcdef123456 |
| rncryptor.swift:71:133:71:133 | myRandomSalt2 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:71:133:71:133 | myRandomSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:72:106:72:106 | myRandomSalt1 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:72:106:72:106 | myRandomSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:72:131:72:131 | myConstantSalt2 | rncryptor.swift:60:29:60:29 | 0 | rncryptor.swift:72:131:72:131 | myConstantSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:60:29:60:29 | 0 | 0 |
| rncryptor.swift:74:127:74:127 | myRandomSalt1 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:74:127:74:127 | myRandomSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:74:152:74:152 | myRandomSalt2 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:74:152:74:152 | myRandomSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:75:127:75:127 | myConstantSalt1 | rncryptor.swift:59:29:59:29 | abcdef123456 | rncryptor.swift:75:127:75:127 | myConstantSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:59:29:59:29 | abcdef123456 | abcdef123456 |
| rncryptor.swift:75:154:75:154 | myRandomSalt2 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:75:154:75:154 | myRandomSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:76:127:76:127 | myRandomSalt1 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:76:127:76:127 | myRandomSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:76:152:76:152 | myConstantSalt2 | rncryptor.swift:60:29:60:29 | 0 | rncryptor.swift:76:152:76:152 | myConstantSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:60:29:60:29 | 0 | 0 |
| rncryptor.swift:77:135:77:135 | myRandomSalt1 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:77:135:77:135 | myRandomSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:77:160:77:160 | myRandomSalt2 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:77:160:77:160 | myRandomSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:78:135:78:135 | myConstantSalt1 | rncryptor.swift:59:29:59:29 | abcdef123456 | rncryptor.swift:78:135:78:135 | myConstantSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:59:29:59:29 | abcdef123456 | abcdef123456 |
| rncryptor.swift:78:162:78:162 | myRandomSalt2 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:78:162:78:162 | myRandomSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:79:135:79:135 | myRandomSalt1 | rncryptor.swift:47:16:47:16 | ................ | rncryptor.swift:79:135:79:135 | myRandomSalt1 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:47:16:47:16 | ................ | ................ |
| rncryptor.swift:79:160:79:160 | myConstantSalt2 | rncryptor.swift:60:29:60:29 | 0 | rncryptor.swift:79:160:79:160 | myConstantSalt2 | The value $@ is used as a constant, which is insecure for hashing passwords. | rncryptor.swift:60:29:60:29 | 0 | 0 |
| test.swift:51:49:51:49 | constantSalt | test.swift:43:35:43:130 | [...] | test.swift:51:49:51:49 | constantSalt | The value $@ is used as a constant, which is insecure for hashing passwords. | test.swift:43:35:43:130 | [...] | [...] |
| test.swift:52:49:52:49 | constantStringSalt | test.swift:29:3:29:3 | this string is constant | test.swift:52:49:52:49 | constantStringSalt | The value $@ is used as a constant, which is insecure for hashing passwords. | test.swift:29:3:29:3 | this string is constant | this string is constant |