hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12638 from geoffw0/testfix

Browse Source 
Swift: Accept test regressions
This commit is contained in:
Geoffrey White
2023-03-22 17:19:44 +00:00
committed by GitHub
parent 081d97ff72 a4e9d38abb
commit bcca18d5b2
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
View File

@@ -33,7 +33,7 @@ class ConstantPasswordSink extends Expr {
ConstantPasswordSink() {
// `password` arg in `init` is a sink
exists(ClassOrStructDecl c, ConstructorDecl f, CallExpr call |
c.getFullName() = ["HKDF", "PBKDF1", "PBKDF2", "Scrypt"] and
c.getName() = ["HKDF", "PBKDF1", "PBKDF2", "Scrypt"] and
c.getAMember() = f and
call.getStaticTarget() = f and
call.getArgumentWithLabel("password").getExpr() = this
@@ -41,7 +41,7 @@ class ConstantPasswordSink extends Expr {
or
// RNCryptor (labelled arguments)
exists(ClassOrStructDecl c, MethodDecl f, CallExpr call |
c.getFullName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
c.getName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
c.getAMember() = f and
call.getStaticTarget() = f and
call.getArgumentWithLabel(["password", "withPassword", "forPassword"]).getExpr() = this

4
swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
View File

@@ -34,7 +34,7 @@ class ConstantSaltSink extends Expr {
ConstantSaltSink() {
// `salt` arg in `init` is a sink
exists(ClassOrStructDecl c, ConstructorDecl f, CallExpr call |
c.getFullName() = ["HKDF", "PBKDF1", "PBKDF2", "Scrypt"] and
c.getName() = ["HKDF", "PBKDF1", "PBKDF2", "Scrypt"] and
c.getAMember() = f and
call.getStaticTarget() = f and
call.getArgumentWithLabel("salt").getExpr() = this
@@ -42,7 +42,7 @@ class ConstantSaltSink extends Expr {
or
// RNCryptor
exists(ClassOrStructDecl c, MethodDecl f, CallExpr call |
c.getFullName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
c.getName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
c.getAMember() = f and
call.getStaticTarget() = f and
call.getArgumentWithLabel(["salt", "encryptionSalt", "hmacSalt", "HMACSalt"]).getExpr() = this

2
swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
View File

@@ -34,7 +34,7 @@ class InsufficientHashIterationsSink extends Expr {
InsufficientHashIterationsSink() {
// `iterations` arg in `init` is a sink
exists(ClassOrStructDecl c, ConstructorDecl f, CallExpr call |
c.getFullName() = ["PBKDF1", "PBKDF2"] and
c.getName() = ["PBKDF1", "PBKDF2"] and
c.getAMember() = f and
call.getStaticTarget() = f and
call.getArgumentWithLabel("iterations").getExpr() = this

2
swift/ql/test/query-tests/Security/CWE-916/InsufficientHashIterations.expected
View File

@@ -14,4 +14,4 @@ subpaths
| test.swift:37:84:37:84 | lowIterations | test.swift:20:45:20:45 | 99999 : | test.swift:37:84:37:84 | lowIterations | The value '99999' is an insufficient number of iterations for secure password hashing. |
| test.swift:38:84:38:84 | 80000 | test.swift:38:84:38:84 | 80000 | test.swift:38:84:38:84 | 80000 | The value '80000' is an insufficient number of iterations for secure password hashing. |
| test.swift:44:84:44:84 | lowIterations | test.swift:20:45:20:45 | 99999 : | test.swift:44:84:44:84 | lowIterations | The value '99999' is an insufficient number of iterations for secure password hashing. |
| test.swift:45:84:45:84 | 80000 | test.swift:45:84:45:84 | 80000 | test.swift:45:84:45:84 | 80000 | The value '80000' is an insufficient number of iterations for secure password hashing. |
| test.swift:45:84:45:84 | 80000 | test.swift:45:84:45:84 | 80000 | test.swift:45:84:45:84 | 80000 | The value '80000' is an insufficient number of iterations for secure password hashing. |