Swift: Improve documentation and examples that use encryption#17126
Conversation
|
QHelp previews: swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.qhelpCleartext storage of sensitive information in a local databaseSensitive information that is stored unencrypted in a database is accessible to an attacker who gains access to that database. For example, the information could be accessed by any process or user in a rooted device, or exposed through another vulnerability. RecommendationEither encrypt the entire database, or ensure that each piece of sensitive information is encrypted before being stored. In general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext. Avoid storing sensitive information at all if you do not need to keep it. ExampleThe following example shows three cases of storing information using the Core Data library. In the 'BAD' case, the data that is stored is sensitive (a credit card number) and is not encrypted. In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption. When encryption is used, take care to select a secure modern encryption algorithm, and put suitable key management practices into place. import CryptoKit
private func encrypt(_ text: String, _ encryptionKey: SymmetricKey) -> String {
let sealedBox = try! AES.GCM.seal(Data(text.utf8), using: encryptionKey)
return sealedBox.combined!.base64EncodedString()
}
func storeMyData(databaseObject : NSManagedObject, faveSong : String, creditCardNo : String, encryptionKey: SymmetricKey) {
// ...
// GOOD: not sensitive information
databaseObject.setValue(faveSong, forKey: "myFaveSong")
// BAD: sensitive information saved in cleartext
databaseObject.setValue(creditCardNo, forKey: "myCreditCardNo")
// GOOD: encrypted sensitive information saved
databaseObject.setValue(encrypt(creditCardNo, encryptionKey), forKey: "myCreditCardNo")
// ...
}References
swift/ql/src/queries/Security/CWE-311/CleartextTransmission.qhelpCleartext transmission of sensitive informationSensitive information that is transmitted without encryption may be accessible to an attacker. RecommendationEnsure that sensitive information is always encrypted before being transmitted over the network. In general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext. Avoid transmitting sensitive information when it is not necessary to. ExampleThe following example shows three cases of transmitting information. In the 'BAD' case, the data transmitted is sensitive (a credit card number) and is not encrypted. In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption. When encryption is used, take care to select a secure modern encryption algorithm, and put suitable key management practices into place. import CryptoKit
private func encrypt(_ text: String, _ encryptionKey: SymmetricKey) -> String {
let sealedBox = try! AES.GCM.seal(Data(text.utf8), using: encryptionKey)
return sealedBox.combined!.base64EncodedString()
}
func transmitMyData(connection : NWConnection, faveSong : String, creditCardNo : String, encryptionKey: SymmetricKey) {
// ...
// GOOD: not sensitive information
connection.send(content: faveSong, completion: .idempotent)
// BAD: sensitive information saved in cleartext
connection.send(content: creditCardNo, completion: .idempotent)
// GOOD: encrypted sensitive information saved
connection.send(content: encrypt(creditCardNo, encryptionKey), completion: .idempotent)
// ...
}References
swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.qhelpCleartext storage of sensitive information in an application preference storeSensitive information that is stored unencrypted in an application preference store, such as the user defaults database or the iCloud-backed ubiquitous key-value store, is accessible to an attacker who gains access to that data store. For example, the information could be accessed by any process or user in a rooted device, by compromised app extensions, or could be exposed through another vulnerability. RecommendationEither store the data in an encrypted database, or ensure that each piece of sensitive information is encrypted before being stored. In general, decrypt sensitive information only at the point where it is necessary for it to be used in cleartext. Avoid storing sensitive information at all if you do not need to keep it. ExampleThe following example shows three cases of storing information using UserDefaults. In the 'BAD' case, the data that is stored is sensitive (a credit card number) and is not encrypted. In the 'GOOD' cases, the data is either not sensitive, or is protected with encryption. When encryption is used, take care to select a secure modern encryption algorithm, and put suitable key management practices into place. import CryptoKit
private func encrypt(_ text: String, _ encryptionKey: SymmetricKey) -> String {
let sealedBox = try! AES.GCM.seal(Data(text.utf8), using: encryptionKey)
return sealedBox.combined!.base64EncodedString()
}
func storeMyData(faveSong : String, creditCardNo : String, encryptionKey: SymmetricKey) {
// ...
// GOOD: not sensitive information
UserDefaults.standard.set(faveSong, forKey: "myFaveSong")
// BAD: sensitive information saved in cleartext
UserDefaults.standard.set(creditCardNo, forKey: "myCreditCardNo")
// GOOD: encrypted sensitive information saved
UserDefaults.standard.set(encrypt(creditCardNo, encryptionKey), forKey: "myCreditCardNo")
// ...
}References
|
subatoi
left a comment
There was a problem hiding this comment.
Thank you! Just the "one" comment
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
Swift: Improve query documentation and examples that involve encryption:
swift/cleartext-*queries)..qhelps, and provide a reference to help with that.CBCclass in examples and tests.