Swift: Recognize more array sources.

geoffw0 · geoffw0 · commit f05be77a0bb7 · 2023-01-20T15:25:00.000Z
diff --git a/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql b/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
@@ -21,7 +21,7 @@ import DataFlow::PathGraph
  */
 class StaticInitializationVectorSource extends Expr {
   StaticInitializationVectorSource() {
-    this = any(ArrayExpr arr | arr.getType().getName() = "Array<UInt8>") or
+    this instanceof ArrayExpr or
     this instanceof StringLiteralExpr or
     this instanceof NumberLiteralExpr
   }
diff --git a/swift/ql/test/query-tests/Security/CWE-1204/StaticInitializationVector.expected b/swift/ql/test/query-tests/Security/CWE-1204/StaticInitializationVector.expected
@@ -8,6 +8,10 @@ edges
 | rncryptor.swift:61:19:61:27 | call to Data.init(_:) :  | rncryptor.swift:79:133:79:133 | myConstIV2 |
 | rncryptor.swift:61:24:61:24 | 123 :  | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  |
 | rncryptor.swift:61:24:61:24 | 123 :  | rncryptor.swift:61:19:61:27 | call to Data.init(_:) :  |
+| rncryptor.swift:62:19:62:35 | call to Data.init(_:) :  | rncryptor.swift:72:84:72:84 | myConstIV3 |
+| rncryptor.swift:62:19:62:35 | call to Data.init(_:) :  | rncryptor.swift:81:105:81:105 | myConstIV3 |
+| rncryptor.swift:62:24:62:34 | [...] :  | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  |
+| rncryptor.swift:62:24:62:34 | [...] :  | rncryptor.swift:62:19:62:35 | call to Data.init(_:) :  |
 | rncryptor.swift:63:19:63:28 | call to Data.init(_:) :  | rncryptor.swift:74:84:74:84 | myConstIV4 |
 | rncryptor.swift:63:19:63:28 | call to Data.init(_:) :  | rncryptor.swift:83:113:83:113 | myConstIV4 |
 | rncryptor.swift:63:24:63:24 | iv :  | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  |
@@ -42,13 +46,17 @@ nodes
 | rncryptor.swift:60:24:60:24 | 0 :  | semmle.label | 0 :  |
 | rncryptor.swift:61:19:61:27 | call to Data.init(_:) :  | semmle.label | call to Data.init(_:) :  |
 | rncryptor.swift:61:24:61:24 | 123 :  | semmle.label | 123 :  |
+| rncryptor.swift:62:19:62:35 | call to Data.init(_:) :  | semmle.label | call to Data.init(_:) :  |
+| rncryptor.swift:62:24:62:34 | [...] :  | semmle.label | [...] :  |
 | rncryptor.swift:63:19:63:28 | call to Data.init(_:) :  | semmle.label | call to Data.init(_:) :  |
 | rncryptor.swift:63:24:63:24 | iv :  | semmle.label | iv :  |
 | rncryptor.swift:68:104:68:104 | myConstIV1 | semmle.label | myConstIV1 |
 | rncryptor.swift:70:104:70:104 | myConstIV2 | semmle.label | myConstIV2 |
+| rncryptor.swift:72:84:72:84 | myConstIV3 | semmle.label | myConstIV3 |
 | rncryptor.swift:74:84:74:84 | myConstIV4 | semmle.label | myConstIV4 |
 | rncryptor.swift:77:125:77:125 | myConstIV1 | semmle.label | myConstIV1 |
 | rncryptor.swift:79:133:79:133 | myConstIV2 | semmle.label | myConstIV2 |
+| rncryptor.swift:81:105:81:105 | myConstIV3 | semmle.label | myConstIV3 |
 | rncryptor.swift:83:113:83:113 | myConstIV4 | semmle.label | myConstIV4 |
 | test.swift:53:19:53:34 | iv :  | semmle.label | iv :  |
 | test.swift:54:17:54:17 | iv | semmle.label | iv |
@@ -78,13 +86,16 @@ nodes
 subpaths
 | rncryptor.swift:60:24:60:24 | 0 :  | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  | rncryptor.swift:60:19:60:25 | call to Data.init(_:) :  |
 | rncryptor.swift:61:24:61:24 | 123 :  | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  | rncryptor.swift:61:19:61:27 | call to Data.init(_:) :  |
+| rncryptor.swift:62:24:62:34 | [...] :  | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  | rncryptor.swift:62:19:62:35 | call to Data.init(_:) :  |
 | rncryptor.swift:63:24:63:24 | iv :  | rncryptor.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) :  | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) :  | rncryptor.swift:63:19:63:28 | call to Data.init(_:) :  |
 #select
 | rncryptor.swift:68:104:68:104 | myConstIV1 | rncryptor.swift:60:24:60:24 | 0 :  | rncryptor.swift:68:104:68:104 | myConstIV1 | The static value '0' is used as an initialization vector for encryption. |
 | rncryptor.swift:70:104:70:104 | myConstIV2 | rncryptor.swift:61:24:61:24 | 123 :  | rncryptor.swift:70:104:70:104 | myConstIV2 | The static value '123' is used as an initialization vector for encryption. |
+| rncryptor.swift:72:84:72:84 | myConstIV3 | rncryptor.swift:62:24:62:34 | [...] :  | rncryptor.swift:72:84:72:84 | myConstIV3 | The static value '[...]' is used as an initialization vector for encryption. |
 | rncryptor.swift:74:84:74:84 | myConstIV4 | rncryptor.swift:63:24:63:24 | iv :  | rncryptor.swift:74:84:74:84 | myConstIV4 | The static value 'iv' is used as an initialization vector for encryption. |
 | rncryptor.swift:77:125:77:125 | myConstIV1 | rncryptor.swift:60:24:60:24 | 0 :  | rncryptor.swift:77:125:77:125 | myConstIV1 | The static value '0' is used as an initialization vector for encryption. |
 | rncryptor.swift:79:133:79:133 | myConstIV2 | rncryptor.swift:61:24:61:24 | 123 :  | rncryptor.swift:79:133:79:133 | myConstIV2 | The static value '123' is used as an initialization vector for encryption. |
+| rncryptor.swift:81:105:81:105 | myConstIV3 | rncryptor.swift:62:24:62:34 | [...] :  | rncryptor.swift:81:105:81:105 | myConstIV3 | The static value '[...]' is used as an initialization vector for encryption. |
 | rncryptor.swift:83:113:83:113 | myConstIV4 | rncryptor.swift:63:24:63:24 | iv :  | rncryptor.swift:83:113:83:113 | myConstIV4 | The static value 'iv' is used as an initialization vector for encryption. |
 | test.swift:54:17:54:17 | iv | test.swift:99:25:99:120 | [...] :  | test.swift:54:17:54:17 | iv | The static value '[...]' is used as an initialization vector for encryption. |
 | test.swift:112:36:112:36 | ivString | test.swift:85:3:85:3 | this string is constant :  | test.swift:112:36:112:36 | ivString | The static value 'this string is constant' is used as an initialization vector for encryption. |
diff --git a/swift/ql/test/query-tests/Security/CWE-1204/rncryptor.swift b/swift/ql/test/query-tests/Security/CWE-1204/rncryptor.swift
@@ -69,7 +69,7 @@ func test(myPassword: String) {
 	let _ = RNEncryptor(settings: kRNCryptorAES256Settings, encryptionKey: myKey, HMACKey: myHMACKey, IV: myRandomIV, handler: myHandler) // GOOD
 	let _ = RNEncryptor(settings: kRNCryptorAES256Settings, encryptionKey: myKey, HMACKey: myHMACKey, IV: myConstIV2, handler: myHandler) // BAD
 	let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, iv: myRandomIV, encryptionSalt: mySalt, hmacSalt: mySalt2, handler: myHandler) // GOOD
-	let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, iv: myConstIV3, encryptionSalt: mySalt, hmacSalt: mySalt2, handler: myHandler) // BAD [NOT DETECTED]
+	let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, iv: myConstIV3, encryptionSalt: mySalt, hmacSalt: mySalt2, handler: myHandler) // BAD
 	let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, IV: myRandomIV, encryptionSalt: mySalt, HMACSalt: mySalt2, handler: myHandler) // GOOD
 	let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, IV: myConstIV4, encryptionSalt: mySalt, HMACSalt: mySalt2, handler: myHandler) // BAD
 
@@ -78,7 +78,7 @@ func test(myPassword: String) {
 	let _ = try? myEncryptor.encryptData(myData, withSettings: kRNCryptorAES256Settings, encryptionKey: myKey, HMACKey: myHMACKey, IV: myRandomIV) // GOOD
 	let _ = try? myEncryptor.encryptData(myData, withSettings: kRNCryptorAES256Settings, encryptionKey: myKey, HMACKey: myHMACKey, IV: myConstIV2) // BAD
 	let _ = try? myEncryptor.encryptData(myData, with: kRNCryptorAES256Settings, password: myPassword, iv: myRandomIV, encryptionSalt: mySalt, hmacSalt: mySalt2) // GOOD
-	let _ = try? myEncryptor.encryptData(myData, with: kRNCryptorAES256Settings, password: myPassword, iv: myConstIV3, encryptionSalt: mySalt, hmacSalt: mySalt2) // BAD [NOT DETECTED]
+	let _ = try? myEncryptor.encryptData(myData, with: kRNCryptorAES256Settings, password: myPassword, iv: myConstIV3, encryptionSalt: mySalt, hmacSalt: mySalt2) // BAD
 	let _ = try? myEncryptor.encryptData(myData, withSettings: kRNCryptorAES256Settings, password: myPassword, IV: myRandomIV, encryptionSalt: mySalt, HMACSalt: mySalt2) // GOOD
 	let _ = try? myEncryptor.encryptData(myData, withSettings: kRNCryptorAES256Settings, password: myPassword, IV: myConstIV4, encryptionSalt: mySalt, HMACSalt: mySalt2) // BAD
 }

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ import DataFlow::PathGraph`
`21`	`21`	`*/`
`22`	`22`	`class StaticInitializationVectorSource extends Expr {`
`23`	`23`	`StaticInitializationVectorSource() {`
`24`		`- this = any(ArrayExpr arr \| arr.getType().getName() = "Array<UInt8>") or`
	`24`	`+ this instanceof ArrayExpr or`
`25`	`25`	`this instanceof StringLiteralExpr or`
`26`	`26`	`this instanceof NumberLiteralExpr`
`27`	`27`	`}`