From aa5820c0611d1e1a044caa18816e402641e07e42 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 11 Sep 2023 19:33:37 +0100 Subject: [PATCH] Swift: Add some test cases. --- .../Security/CWE-311/SensitiveExprs.expected | 1 + .../query-tests/Security/CWE-311/testSend.swift | 14 ++++++++++++++ .../Security/CWE-312/cleartextLoggingTest.swift | 14 ++++++++++++++ .../Security/CWE-312/testUserDefaults.swift | 14 ++++++++++++++ 4 files changed, 43 insertions(+) diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 2b93ec420b8..1ab1da921d7 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -133,6 +133,7 @@ | testSend.swift:78:27:78:30 | .CarePlanID | label:CarePlanID, type:private information | | testSend.swift:79:27:79:30 | .BankCardNo | label:BankCardNo, type:private information | | testSend.swift:80:27:80:30 | .MyCreditRating | label:MyCreditRating, type:private information | +| testSend.swift:94:27:94:30 | .password | label:password, type:credential | | testURL.swift:17:54:17:54 | passwd | label:passwd, type:credential | | testURL.swift:19:55:19:55 | account_no | label:account_no, type:private information | | testURL.swift:20:55:20:55 | credit_card_no | label:credit_card_no, type:private information | diff --git a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift index cd94a60136b..77db1b25da9 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift @@ -80,3 +80,17 @@ func test2(password : String, license_key: String, ms: MyStruct, connection : NW connection.send(content: ms.MyCreditRating, completion: .idempotent) // BAD connection.send(content: ms.OneTimeCode, completion: .idempotent) // BAD [NOT DETECTED] } + +struct MyOuter { + struct MyInner { + var value: String + } + + var password: MyInner + var harmless: MyInner +} + +func test3(mo : MyOuter, connection : NWConnection) { + connection.send(content: mo.password.value, completion: .idempotent) // BAD [NOT DETECTED] + connection.send(content: mo.harmless.value, completion: .idempotent) // GOOD +} diff --git a/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift b/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift index 8f8cd40c7cf..00d6e50ada9 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift +++ b/swift/ql/test/query-tests/Security/CWE-312/cleartextLoggingTest.swift @@ -159,3 +159,17 @@ func test3(x: String) { NSLog(z.harmless) // Safe NSLog(z.password) // $ hasCleartextLogging=160 } + +struct MyOuter { + struct MyInner { + var value: String + } + + var password: MyInner + var harmless: MyInner +} + +func test3(mo : MyOuter) { + NSLog(mo.password.value) // BAD [NOT DETECTED] + NSLog(mo.harmless.value) // GOOD +} diff --git a/swift/ql/test/query-tests/Security/CWE-312/testUserDefaults.swift b/swift/ql/test/query-tests/Security/CWE-312/testUserDefaults.swift index 343b5a9f0a1..fb50a82a783 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/testUserDefaults.swift +++ b/swift/ql/test/query-tests/Security/CWE-312/testUserDefaults.swift @@ -68,3 +68,17 @@ func test4(passwd: String) { UserDefaults.standard.set(y, forKey: "myKey") // GOOD (not sensitive) UserDefaults.standard.set(z, forKey: "myKey") // GOOD (not sensitive) } + +struct MyOuter { + struct MyInner { + var value: String + } + + var password: MyInner + var harmless: MyInner +} + +func test5(mo : MyOuter) { + UserDefaults.standard.set(mo.password.value, forKey: "myKey") // BAD [NOT DETECTED] + UserDefaults.standard.set(mo.harmless.value, forKey: "myKey") // GOOD +}