Swift: Add test cases for an alternative pattern of calls to Insecure.MD5.hash.

Author: geoffw0

swift/ql/test/query-tests/Security/CWE-328/WeakPasswordHashing.expected

@@ -3,6 +3,7 @@ edges
 | testCryptoKit.swift:199:38:199:53 | .utf8 | testCryptoKit.swift:199:33:199:57 | call to Data.init(_:) | provenance |  |
 nodes
 | testCryptoKit.swift:65:47:65:47 | passwd | semmle.label | passwd |
+| testCryptoKit.swift:71:36:71:36 | passwd | semmle.label | passwd |
 | testCryptoKit.swift:77:44:77:44 | passwd | semmle.label | passwd |
 | testCryptoKit.swift:83:37:83:37 | passwd | semmle.label | passwd |
 | testCryptoKit.swift:89:37:89:37 | passwd | semmle.label | passwd |
@@ -48,6 +49,7 @@ nodes
 subpaths
 #select
 | testCryptoKit.swift:65:47:65:47 | passwd | testCryptoKit.swift:65:47:65:47 | passwd | testCryptoKit.swift:65:47:65:47 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:65:47:65:47 | passwd | password (passwd) |
+| testCryptoKit.swift:71:36:71:36 | passwd | testCryptoKit.swift:71:36:71:36 | passwd | testCryptoKit.swift:71:36:71:36 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:71:36:71:36 | passwd | password (passwd) |
 | testCryptoKit.swift:77:44:77:44 | passwd | testCryptoKit.swift:77:44:77:44 | passwd | testCryptoKit.swift:77:44:77:44 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:77:44:77:44 | passwd | password (passwd) |
 | testCryptoKit.swift:83:37:83:37 | passwd | testCryptoKit.swift:83:37:83:37 | passwd | testCryptoKit.swift:83:37:83:37 | passwd | Insecure hashing algorithm (SHA256) depends on $@. | testCryptoKit.swift:83:37:83:37 | passwd | password (passwd) |
 | testCryptoKit.swift:89:37:89:37 | passwd | testCryptoKit.swift:89:37:89:37 | passwd | testCryptoKit.swift:89:37:89:37 | passwd | Insecure hashing algorithm (SHA384) depends on $@. | testCryptoKit.swift:89:37:89:37 | passwd | password (passwd) |

swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected

@@ -3,6 +3,9 @@ nodes
 | testCryptoKit.swift:66:43:66:43 | cert | semmle.label | cert |
 | testCryptoKit.swift:68:43:68:43 | account_no | semmle.label | account_no |
 | testCryptoKit.swift:69:43:69:43 | credit_card_no | semmle.label | credit_card_no |
+| testCryptoKit.swift:72:36:72:36 | cert | semmle.label | cert |
+| testCryptoKit.swift:74:36:74:36 | account_no | semmle.label | account_no |
+| testCryptoKit.swift:75:36:75:36 | credit_card_no | semmle.label | credit_card_no |
 | testCryptoKit.swift:78:44:78:44 | cert | semmle.label | cert |
 | testCryptoKit.swift:80:44:80:44 | account_no | semmle.label | account_no |
 | testCryptoKit.swift:81:44:81:44 | credit_card_no | semmle.label | credit_card_no |
@@ -33,6 +36,9 @@ subpaths
 | testCryptoKit.swift:66:43:66:43 | cert | testCryptoKit.swift:66:43:66:43 | cert | testCryptoKit.swift:66:43:66:43 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:66:43:66:43 | cert | sensitive data (credential cert) |
 | testCryptoKit.swift:68:43:68:43 | account_no | testCryptoKit.swift:68:43:68:43 | account_no | testCryptoKit.swift:68:43:68:43 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:68:43:68:43 | account_no | sensitive data (private information account_no) |
 | testCryptoKit.swift:69:43:69:43 | credit_card_no | testCryptoKit.swift:69:43:69:43 | credit_card_no | testCryptoKit.swift:69:43:69:43 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:69:43:69:43 | credit_card_no | sensitive data (private information credit_card_no) |
+| testCryptoKit.swift:72:36:72:36 | cert | testCryptoKit.swift:72:36:72:36 | cert | testCryptoKit.swift:72:36:72:36 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:72:36:72:36 | cert | sensitive data (credential cert) |
+| testCryptoKit.swift:74:36:74:36 | account_no | testCryptoKit.swift:74:36:74:36 | account_no | testCryptoKit.swift:74:36:74:36 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:74:36:74:36 | account_no | sensitive data (private information account_no) |
+| testCryptoKit.swift:75:36:75:36 | credit_card_no | testCryptoKit.swift:75:36:75:36 | credit_card_no | testCryptoKit.swift:75:36:75:36 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:75:36:75:36 | credit_card_no | sensitive data (private information credit_card_no) |
 | testCryptoKit.swift:78:44:78:44 | cert | testCryptoKit.swift:78:44:78:44 | cert | testCryptoKit.swift:78:44:78:44 | cert | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:78:44:78:44 | cert | sensitive data (credential cert) |
 | testCryptoKit.swift:80:44:80:44 | account_no | testCryptoKit.swift:80:44:80:44 | account_no | testCryptoKit.swift:80:44:80:44 | account_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:80:44:80:44 | account_no | sensitive data (private information account_no) |
 | testCryptoKit.swift:81:44:81:44 | credit_card_no | testCryptoKit.swift:81:44:81:44 | credit_card_no | testCryptoKit.swift:81:44:81:44 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:81:44:81:44 | credit_card_no | sensitive data (private information credit_card_no) |

swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift

@@ -68,11 +68,11 @@ func testHashMethods(passwd : UnsafeRawBufferPointer, cert: String, encrypted_pa
     hash = Crypto.Insecure.MD5.hash(data: account_no)   // BAD
     hash = Crypto.Insecure.MD5.hash(data: credit_card_no)   // BAD
 
-
-
-
-
-
+    hash = Insecure.MD5.hash(data: passwd)  // BAD
+    hash = Insecure.MD5.hash(data: cert)   // BAD
+    hash = Insecure.MD5.hash(data: encrypted_passwd)  // GOOD  (not sensitive)
+    hash = Insecure.MD5.hash(data: account_no)   // BAD
+    hash = Insecure.MD5.hash(data: credit_card_no)   // BAD
 
     hash = Crypto.Insecure.SHA1.hash(data: passwd)  // BAD
     hash = Crypto.Insecure.SHA1.hash(data: cert)   // BAD