hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Prevent potentially misleading duplicate results.

Browse Source
This commit is contained in:
Geoffrey White
2023-04-11 19:39:06 +01:00
parent 4995f13234
commit d299d92025
2 changed files with 5 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll
View File

@@ -20,6 +20,11 @@ module WeakHashingConfig implements DataFlow::ConfigSig {
predicate isBarrier(DataFlow::Node node) { node instanceof WeakSensitiveDataHashingSanitizer }
predicate isBarrierIn(DataFlow::Node node) {
// make sources barriers so that we only report the closest instance
isSource(node)
}
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(WeakSensitiveDataHashingAdditionalTaintStep s).step(nodeFrom, nodeTo)
}

12
swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected
View File

@@ -1,16 +1,8 @@
edges
| testCryptoKit.swift:56:47:56:47 | passwd : | testCryptoKit.swift:63:44:63:44 | passwd |
| testCryptoKit.swift:60:43:60:43 | credit_card_no : | testCryptoKit.swift:61:43:61:43 | credit_card_no |
| testCryptoKit.swift:60:43:60:43 | credit_card_no : | testCryptoKit.swift:61:43:61:43 | credit_card_no : |
| testCryptoKit.swift:60:43:60:43 | credit_card_no : | testCryptoKit.swift:67:44:67:44 | credit_card_no |
| testCryptoKit.swift:61:43:61:43 | credit_card_no : | testCryptoKit.swift:67:44:67:44 | credit_card_no |
nodes
| testCryptoKit.swift:56:47:56:47 | passwd | semmle.label | passwd |
| testCryptoKit.swift:56:47:56:47 | passwd : | semmle.label | passwd : |
| testCryptoKit.swift:60:43:60:43 | credit_card_no | semmle.label | credit_card_no |
| testCryptoKit.swift:60:43:60:43 | credit_card_no : | semmle.label | credit_card_no : |
| testCryptoKit.swift:61:43:61:43 | credit_card_no | semmle.label | credit_card_no |
| testCryptoKit.swift:61:43:61:43 | credit_card_no : | semmle.label | credit_card_no : |
| testCryptoKit.swift:63:44:63:44 | passwd | semmle.label | passwd |
| testCryptoKit.swift:67:44:67:44 | credit_card_no | semmle.label | credit_card_no |
| testCryptoKit.swift:90:23:90:23 | passwd | semmle.label | passwd |
@@ -25,12 +17,8 @@ subpaths
#select
| testCryptoKit.swift:56:47:56:47 | passwd | testCryptoKit.swift:56:47:56:47 | passwd | testCryptoKit.swift:56:47:56:47 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:56:47:56:47 | passwd | sensitive data (credential passwd) |
| testCryptoKit.swift:60:43:60:43 | credit_card_no | testCryptoKit.swift:60:43:60:43 | credit_card_no | testCryptoKit.swift:60:43:60:43 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:60:43:60:43 | credit_card_no | sensitive data (private information credit_card_no) |
| testCryptoKit.swift:61:43:61:43 | credit_card_no | testCryptoKit.swift:60:43:60:43 | credit_card_no : | testCryptoKit.swift:61:43:61:43 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:60:43:60:43 | credit_card_no | sensitive data (private information credit_card_no) |
| testCryptoKit.swift:61:43:61:43 | credit_card_no | testCryptoKit.swift:61:43:61:43 | credit_card_no | testCryptoKit.swift:61:43:61:43 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:61:43:61:43 | credit_card_no | sensitive data (private information credit_card_no) |
| testCryptoKit.swift:63:44:63:44 | passwd | testCryptoKit.swift:56:47:56:47 | passwd : | testCryptoKit.swift:63:44:63:44 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:56:47:56:47 | passwd | sensitive data (credential passwd) |
| testCryptoKit.swift:63:44:63:44 | passwd | testCryptoKit.swift:63:44:63:44 | passwd | testCryptoKit.swift:63:44:63:44 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:63:44:63:44 | passwd | sensitive data (credential passwd) |
| testCryptoKit.swift:67:44:67:44 | credit_card_no | testCryptoKit.swift:60:43:60:43 | credit_card_no : | testCryptoKit.swift:67:44:67:44 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:60:43:60:43 | credit_card_no | sensitive data (private information credit_card_no) |
| testCryptoKit.swift:67:44:67:44 | credit_card_no | testCryptoKit.swift:61:43:61:43 | credit_card_no : | testCryptoKit.swift:67:44:67:44 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:61:43:61:43 | credit_card_no | sensitive data (private information credit_card_no) |
| testCryptoKit.swift:67:44:67:44 | credit_card_no | testCryptoKit.swift:67:44:67:44 | credit_card_no | testCryptoKit.swift:67:44:67:44 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:67:44:67:44 | credit_card_no | sensitive data (private information credit_card_no) |
| testCryptoKit.swift:90:23:90:23 | passwd | testCryptoKit.swift:90:23:90:23 | passwd | testCryptoKit.swift:90:23:90:23 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:90:23:90:23 | passwd | sensitive data (credential passwd) |
| testCryptoKit.swift:94:23:94:23 | credit_card_no | testCryptoKit.swift:94:23:94:23 | credit_card_no | testCryptoKit.swift:94:23:94:23 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:94:23:94:23 | credit_card_no | sensitive data (private information credit_card_no) |