Skip to content

Commit a92e1c7

Browse files
geoffw0geoffw0
committed
Swift: Add tests for RNCryptor library.
1 parent 7f880a2 commit a92e1c7

File tree

1 file changed

+80
-0
lines changed

1 file changed

+80
-0
lines changed

swift/ql/test/query-tests/Security/CWE-760/rncryptor.swift

+80
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
2+
// --- stubs ---
3+
4+
class Data {
5+
init<S>(_ elements: S) {}
6+
}
7+
8+
class NSObject
9+
{
10+
}
11+
12+
struct _RNCryptorSettings {
13+
// ...
14+
}
15+
typealias RNCryptorSettings = _RNCryptorSettings
16+
17+
let kRNCryptorAES256Settings = RNCryptorSettings()
18+
19+
struct _RNCryptorKeyDerivationSettings {
20+
// ...
21+
}
22+
typealias RNCryptorKeyDerivationSettings = _RNCryptorKeyDerivationSettings
23+
24+
typealias RNCryptorHandler = () -> Void // simplified
25+
26+
class RNCryptor : NSObject
27+
{
28+
func key(forPassword password: String?, salt: Data?, settings keySettings: RNCryptorKeyDerivationSettings) -> Data? { return nil }
29+
func keyForPassword(_ password: String?, salt: Data?, settings keySettings: RNCryptorKeyDerivationSettings) -> Data? { return nil }
30+
}
31+
32+
class RNEncryptor : RNCryptor
33+
{
34+
override init() {}
35+
36+
init(settings: RNCryptorSettings, password: String, iv anIV: Data?, encryptionSalt anEncryptionSalt: Data?, hmacSalt anHMACSalt: Data?, handler: RNCryptorHandler?) {}
37+
init(settings: RNCryptorSettings, password: String, IV anIV: Data?, encryptionSalt anEncryptionSalt: Data?, HMACSalt anHMACSalt: Data?, handler: RNCryptorHandler?) {}
38+
39+
func encryptData(_ data: Data?, with settings: RNCryptorSettings, password: String?, iv anIV: Data?, encryptionSalt anEncryptionSalt: Data?, hmacSalt anHMACSalt: Data?) throws -> Data { return Data(0) }
40+
func encryptData(_ data: Data?, withSettings settings: RNCryptorSettings, password: String?, IV anIV: Data?, encryptionSalt anEncryptionSalt: Data?, HMACSalt anHMACSalt: Data?) throws -> Data { return Data(0) }
41+
}
42+
43+
// --- tests ---
44+
45+
func getARandomString() -> String {
46+
let charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
47+
return String("................".map{_ in charset.randomElement()!})
48+
}
49+
50+
func test(myPassword: String) {
51+
// RNCryptor
52+
let myEncryptor = RNEncryptor()
53+
let myData = Data(0)
54+
let myKeyDerivationSettings = RNCryptorKeyDerivationSettings()
55+
let myHandler = {}
56+
let myIV = Data(0)
57+
let myRandomSalt1 = Data(getARandomString())
58+
let myRandomSalt2 = Data(getARandomString())
59+
let myConstantSalt1 = Data("abcdef123456")
60+
let myConstantSalt2 = Data(0)
61+
62+
let _ = myEncryptor.key(forPassword: myPassword, salt: myRandomSalt1, settings: myKeyDerivationSettings) // GOOD
63+
let _ = myEncryptor.key(forPassword: myPassword, salt: myConstantSalt1, settings: myKeyDerivationSettings) // BAD [NOT DETECTED]
64+
let _ = myEncryptor.keyForPassword(myPassword, salt: myRandomSalt2, settings: myKeyDerivationSettings) // GOOD
65+
let _ = myEncryptor.keyForPassword(myPassword, salt: myConstantSalt2, settings: myKeyDerivationSettings) // BAD [NOT DETECTED]
66+
67+
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, iv: myIV, encryptionSalt: myRandomSalt1, hmacSalt: myRandomSalt2, handler: myHandler) // GOOD
68+
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, iv: myIV, encryptionSalt: myConstantSalt1, hmacSalt: myRandomSalt2, handler: myHandler) // BAD [NOT DETECTED]
69+
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, iv: myIV, encryptionSalt: myRandomSalt1, hmacSalt: myConstantSalt2, handler: myHandler) // BAD [NOT DETECTED]
70+
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, IV: myIV, encryptionSalt: myRandomSalt1, HMACSalt: myRandomSalt2, handler: myHandler) // GOOD
71+
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, IV: myIV, encryptionSalt: myConstantSalt1, HMACSalt: myRandomSalt2, handler: myHandler) // BAD [NOT DETECTED]
72+
let _ = RNEncryptor(settings: kRNCryptorAES256Settings, password: myPassword, IV: myIV, encryptionSalt: myRandomSalt1, HMACSalt: myConstantSalt2, handler: myHandler) // BAD [NOT DETECTED]
73+
74+
let _ = try? myEncryptor.encryptData(myData, with: kRNCryptorAES256Settings, password: myPassword, iv: myIV, encryptionSalt: myRandomSalt1, hmacSalt: myRandomSalt2) // GOOD
75+
let _ = try? myEncryptor.encryptData(myData, with: kRNCryptorAES256Settings, password: myPassword, iv: myIV, encryptionSalt: myConstantSalt1, hmacSalt: myRandomSalt2) // BAD [NOT DETECTED]
76+
let _ = try? myEncryptor.encryptData(myData, with: kRNCryptorAES256Settings, password: myPassword, iv: myIV, encryptionSalt: myRandomSalt1, hmacSalt: myConstantSalt2) // BAD [NOT DETECTED]
77+
let _ = try? myEncryptor.encryptData(myData, withSettings: kRNCryptorAES256Settings, password: myPassword, IV: myIV, encryptionSalt: myRandomSalt1, HMACSalt: myRandomSalt2) // GOOD
78+
let _ = try? myEncryptor.encryptData(myData, withSettings: kRNCryptorAES256Settings, password: myPassword, IV: myIV, encryptionSalt: myConstantSalt1, HMACSalt: myRandomSalt2) // BAD [NOT DETECTED]
79+
let _ = try? myEncryptor.encryptData(myData, withSettings: kRNCryptorAES256Settings, password: myPassword, IV: myIV, encryptionSalt: myRandomSalt1, HMACSalt: myConstantSalt2) // BAD [NOT DETECTED]
80+
}

0 commit comments

Comments
 (0)