Swift: Add test case.

2026-04-22 07:15:15 +02:00 · 2023-01-20 17:49:21 +00:00
parent beb7d9d7a1
commit daa8141414
2 changed files with 16 additions and 6 deletions
--- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected
+++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected
@@ -111,10 +111,13 @@
 | testGRDB.swift:208:81:208:81 | password | label:password, type:credential |
 | testGRDB.swift:210:85:210:85 | password | label:password, type:credential |
 | testGRDB.swift:212:99:212:99 | password | label:password, type:credential |
+| testRealm.swift:31:20:31:20 | .password | label:password, type:credential |
 | testRealm.swift:41:11:41:11 | myPassword | label:myPassword, type:credential |
 | testRealm.swift:49:11:49:11 | myPassword | label:myPassword, type:credential |
 | testRealm.swift:59:12:59:12 | myPassword | label:myPassword, type:credential |
 | testRealm.swift:66:11:66:11 | myPassword | label:myPassword, type:credential |
+| testRealm.swift:73:2:73:4 | .password | label:password, type:credential |
+| testRealm.swift:73:15:73:15 | myPassword | label:myPassword, type:credential |
 | testSend.swift:29:19:29:19 | passwordPlain | label:passwordPlain, type:credential |
 | testSend.swift:33:19:33:19 | passwordPlain | label:passwordPlain, type:credential |
 | testSend.swift:45:13:45:13 | password | label:password, type:credential |
--- a/swift/ql/test/query-tests/Security/CWE-311/testRealm.swift
+++ b/swift/ql/test/query-tests/Security/CWE-311/testRealm.swift
@@ -27,14 +27,14 @@ class MyRealmSwiftObject : RealmSwiftObject {
 	var data: String
 }

+class MyRealmSwiftObject2 : Object {
+	override init() { password = "" }

+	var username: String?
+	var password: String?
+}

-
-
-
-
-
-func test1(realm : Realm, myPassword : String, myHashedPassword : String) {
+func test1(realm : Realm, myUsername: String, myPassword : String, myHashedPassword : String) {
 	// add objects (within a transaction) ...

 	let a = MyRealmSwiftObject()
@@ -65,6 +65,13 @@ func test1(realm : Realm, myPassword : String, myHashedPassword : String) {
 	g.data = "" // GOOD (not sensitive)
 	g.data = myPassword // BAD
 	g.data = "" // GOOD (not sensitive)
+
+	// MyRealmSwiftObject2...
+
+	let h = MyRealmSwiftObject2()
+	h.username = myUsername // GOOD (not sensitive)
+	h.password = myPassword // BAD [NOT DETECTED]
+	realm.add(h)
 }

 // limitation: its possible to configure a Realm DB to be stored encrypted, if this is done correctly