Swift: Add GOOD and BAD comments in the sensitive data hashing examples as well.

2026-04-24 16:25:15 +02:00 · 2024-01-05 13:17:21 +00:00
parent 80afa65751
commit a0ea7148cb
2 changed files with 4 additions and 4 deletions
--- a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingBad.swift
+++ b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingBad.swift
@@ -3,8 +3,8 @@ func getContentsAndHash(url: URL) -> (Data, String)? {
        return nil
    }

-    let digest = Insecure.MD5.hash(data: data)
+    let digest = Insecure.MD5.hash(data: data) // BAD: MD5 is not suitable for hashing sensitive data.
    let hash = digest.map { String(format: "%02hhx", $0) }.joined()

    return (data, hash)
-}
+}
--- a/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingGood.swift
+++ b/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashingGood.swift
@@ -3,8 +3,8 @@ func getContentsAndHash(url: URL) -> (Data, String)? {
        return nil
    }

-    let digest = SHA512.hash(data: data)
+    let digest = SHA512.hash(data: data) // GOOD: SHA-512 is suitable for hashing sensitive data.
    let hash = digest.map { String(format: "%02hhx", $0) }.joined()

    return (data, hash)
-}
+}