Swift: Additional test cases.

geoffw0 · geoffw0 · commit 1c5283628b24 · 2022-08-25T22:15:13.000+01:00
diff --git a/swift/ql/test/query-tests/Security/CWE-311/testCoreData.swift b/swift/ql/test/query-tests/Security/CWE-311/testCoreData.swift
@@ -65,6 +65,11 @@ func test2(obj : MyManagedObject, password : String, password_file : String) {
 	obj.myValue = password_file // GOOD (not sensitive)
 }
 
+class MyClass {
+	var harmless = "abc"
+	var password = "123"
+}
+
 func test3(obj : NSManagedObject, x : String) {
 	// alternative evidence of sensitivity...
 
@@ -74,6 +79,10 @@ func test3(obj : NSManagedObject, x : String) {
 
 	var y = getPassword();
 	obj.setValue(y, forKey: "myKey") // BAD
+
+	var z = MyClass()
+	obj.setValue(z.harmless, forKey: "myKey") // GOOD (not sensitive)
+	obj.setValue(z.password, forKey: "myKey") // BAD
 }
 
 func test4(obj : NSManagedObject, pwd : String) {
