CWE coverage for Swift¶
An overview of CWE coverage for Swift in the latest release of CodeQL.
Overview¶
| CWE | Language | Query id | Query name |
|---|---|---|---|
| CWE-20 | Swift | swift/incomplete-hostname-regexp | Incomplete regular expression for hostnames |
| CWE-20 | Swift | swift/missing-regexp-anchor | Missing regular expression anchor |
| CWE-20 | Swift | swift/bad-tag-filter | Bad HTML filtering regexp |
| CWE-22 | Swift | swift/unsafe-unpacking | Arbitrary file write during a zip extraction from a user controlled source |
| CWE-22 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-23 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-36 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-73 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-74 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-74 | Swift | swift/command-line-injection | System command built from user-controlled sources |
| CWE-74 | Swift | swift/unsafe-webview-fetch | Unsafe WebView fetch |
| CWE-74 | Swift | swift/sql-injection | Database query built from user-controlled sources |
| CWE-74 | Swift | swift/unsafe-js-eval | JavaScript Injection |
| CWE-74 | Swift | swift/uncontrolled-format-string | Uncontrolled format string |
| CWE-74 | Swift | swift/predicate-injection | Predicate built from user-controlled sources |
| CWE-77 | Swift | swift/command-line-injection | System command built from user-controlled sources |
| CWE-78 | Swift | swift/command-line-injection | System command built from user-controlled sources |
| CWE-79 | Swift | swift/unsafe-webview-fetch | Unsafe WebView fetch |
| CWE-88 | Swift | swift/command-line-injection | System command built from user-controlled sources |
| CWE-89 | Swift | swift/sql-injection | Database query built from user-controlled sources |
| CWE-94 | Swift | swift/unsafe-webview-fetch | Unsafe WebView fetch |
| CWE-94 | Swift | swift/unsafe-js-eval | JavaScript Injection |
| CWE-95 | Swift | swift/unsafe-webview-fetch | Unsafe WebView fetch |
| CWE-95 | Swift | swift/unsafe-js-eval | JavaScript Injection |
| CWE-99 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-116 | Swift | swift/bad-tag-filter | Bad HTML filtering regexp |
| CWE-134 | Swift | swift/uncontrolled-format-string | Uncontrolled format string |
| CWE-135 | Swift | swift/string-length-conflation | String length conflation |
| CWE-185 | Swift | swift/bad-tag-filter | Bad HTML filtering regexp |
| CWE-186 | Swift | swift/bad-tag-filter | Bad HTML filtering regexp |
| CWE-200 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-227 | Swift | swift/static-initialization-vector | Static initialization vector for encryption |
| CWE-259 | Swift | swift/constant-password | Constant password |
| CWE-284 | Swift | swift/constant-password | Constant password |
| CWE-284 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-287 | Swift | swift/constant-password | Constant password |
| CWE-287 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-311 | Swift | swift/cleartext-storage-database | Cleartext storage of sensitive information in a local database |
| CWE-311 | Swift | swift/cleartext-transmission | Cleartext transmission of sensitive information |
| CWE-311 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-311 | Swift | swift/cleartext-storage-preferences | Cleartext storage of sensitive information in an application preference store |
| CWE-312 | Swift | swift/cleartext-storage-database | Cleartext storage of sensitive information in a local database |
| CWE-312 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-312 | Swift | swift/cleartext-storage-preferences | Cleartext storage of sensitive information in an application preference store |
| CWE-319 | Swift | swift/cleartext-transmission | Cleartext transmission of sensitive information |
| CWE-321 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-326 | Swift | swift/weak-password-hashing | Use of an inappropriate cryptographic hashing algorithm on passwords |
| CWE-326 | Swift | swift/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-327 | Swift | swift/ecb-encryption | Encryption using ECB |
| CWE-327 | Swift | swift/weak-password-hashing | Use of an inappropriate cryptographic hashing algorithm on passwords |
| CWE-327 | Swift | swift/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-327 | Swift | swift/constant-salt | Use of constant salts |
| CWE-327 | Swift | swift/insufficient-hash-iterations | Insufficient hash iterations |
| CWE-328 | Swift | swift/weak-password-hashing | Use of an inappropriate cryptographic hashing algorithm on passwords |
| CWE-328 | Swift | swift/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-329 | Swift | swift/static-initialization-vector | Static initialization vector for encryption |
| CWE-330 | Swift | swift/static-initialization-vector | Static initialization vector for encryption |
| CWE-330 | Swift | swift/constant-password | Constant password |
| CWE-330 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-344 | Swift | swift/constant-password | Constant password |
| CWE-344 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-359 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-400 | Swift | swift/redos | Inefficient regular expression |
| CWE-400 | Swift | swift/regex-injection | Regular expression injection |
| CWE-405 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-409 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-485 | Swift | swift/unsafe-webview-fetch | Unsafe WebView fetch |
| CWE-485 | Swift | swift/unsafe-js-eval | JavaScript Injection |
| CWE-532 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-538 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-552 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-573 | Swift | swift/static-initialization-vector | Static initialization vector for encryption |
| CWE-610 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-610 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-611 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-642 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-657 | Swift | swift/constant-password | Constant password |
| CWE-657 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-664 | Swift | swift/unsafe-unpacking | Arbitrary file write during a zip extraction from a user controlled source |
| CWE-664 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-664 | Swift | swift/unsafe-webview-fetch | Unsafe WebView fetch |
| CWE-664 | Swift | swift/unsafe-js-eval | JavaScript Injection |
| CWE-664 | Swift | swift/redos | Inefficient regular expression |
| CWE-664 | Swift | swift/constant-password | Constant password |
| CWE-664 | Swift | swift/cleartext-storage-database | Cleartext storage of sensitive information in a local database |
| CWE-664 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-664 | Swift | swift/cleartext-storage-preferences | Cleartext storage of sensitive information in an application preference store |
| CWE-664 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-664 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-664 | Swift | swift/regex-injection | Regular expression injection |
| CWE-668 | Swift | swift/unsafe-unpacking | Arbitrary file write during a zip extraction from a user controlled source |
| CWE-668 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-668 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-669 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-671 | Swift | swift/constant-password | Constant password |
| CWE-671 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-674 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-682 | Swift | swift/string-length-conflation | String length conflation |
| CWE-691 | Swift | swift/unsafe-webview-fetch | Unsafe WebView fetch |
| CWE-691 | Swift | swift/unsafe-js-eval | JavaScript Injection |
| CWE-691 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-693 | Swift | swift/incomplete-hostname-regexp | Incomplete regular expression for hostnames |
| CWE-693 | Swift | swift/missing-regexp-anchor | Missing regular expression anchor |
| CWE-693 | Swift | swift/bad-tag-filter | Bad HTML filtering regexp |
| CWE-693 | Swift | swift/constant-password | Constant password |
| CWE-693 | Swift | swift/cleartext-storage-database | Cleartext storage of sensitive information in a local database |
| CWE-693 | Swift | swift/cleartext-transmission | Cleartext transmission of sensitive information |
| CWE-693 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-693 | Swift | swift/cleartext-storage-preferences | Cleartext storage of sensitive information in an application preference store |
| CWE-693 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-693 | Swift | swift/ecb-encryption | Encryption using ECB |
| CWE-693 | Swift | swift/weak-password-hashing | Use of an inappropriate cryptographic hashing algorithm on passwords |
| CWE-693 | Swift | swift/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-693 | Swift | swift/insecure-tls | Insecure TLS configuration |
| CWE-693 | Swift | swift/constant-salt | Use of constant salts |
| CWE-693 | Swift | swift/insufficient-hash-iterations | Insufficient hash iterations |
| CWE-697 | Swift | swift/bad-tag-filter | Bad HTML filtering regexp |
| CWE-706 | Swift | swift/unsafe-unpacking | Arbitrary file write during a zip extraction from a user controlled source |
| CWE-706 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-706 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-707 | Swift | swift/path-injection | Uncontrolled data used in path expression |
| CWE-707 | Swift | swift/command-line-injection | System command built from user-controlled sources |
| CWE-707 | Swift | swift/unsafe-webview-fetch | Unsafe WebView fetch |
| CWE-707 | Swift | swift/sql-injection | Database query built from user-controlled sources |
| CWE-707 | Swift | swift/unsafe-js-eval | JavaScript Injection |
| CWE-707 | Swift | swift/bad-tag-filter | Bad HTML filtering regexp |
| CWE-707 | Swift | swift/uncontrolled-format-string | Uncontrolled format string |
| CWE-707 | Swift | swift/predicate-injection | Predicate built from user-controlled sources |
| CWE-710 | Swift | swift/static-initialization-vector | Static initialization vector for encryption |
| CWE-710 | Swift | swift/constant-password | Constant password |
| CWE-710 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-749 | Swift | swift/unsafe-webview-fetch | Unsafe WebView fetch |
| CWE-749 | Swift | swift/unsafe-js-eval | JavaScript Injection |
| CWE-757 | Swift | swift/insecure-tls | Insecure TLS configuration |
| CWE-760 | Swift | swift/constant-salt | Use of constant salts |
| CWE-776 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-798 | Swift | swift/constant-password | Constant password |
| CWE-798 | Swift | swift/hardcoded-key | Hard-coded encryption key |
| CWE-827 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-829 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-834 | Swift | swift/xxe | Resolving XML external entity in user-controlled data |
| CWE-913 | Swift | swift/unsafe-webview-fetch | Unsafe WebView fetch |
| CWE-913 | Swift | swift/unsafe-js-eval | JavaScript Injection |
| CWE-916 | Swift | swift/weak-password-hashing | Use of an inappropriate cryptographic hashing algorithm on passwords |
| CWE-916 | Swift | swift/constant-salt | Use of constant salts |
| CWE-916 | Swift | swift/insufficient-hash-iterations | Insufficient hash iterations |
| CWE-922 | Swift | swift/cleartext-storage-database | Cleartext storage of sensitive information in a local database |
| CWE-922 | Swift | swift/cleartext-logging | Cleartext logging of sensitive information |
| CWE-922 | Swift | swift/cleartext-storage-preferences | Cleartext storage of sensitive information in an application preference store |
| CWE-943 | Swift | swift/sql-injection | Database query built from user-controlled sources |
| CWE-943 | Swift | swift/predicate-injection | Predicate built from user-controlled sources |
| CWE-1204 | Swift | swift/static-initialization-vector | Static initialization vector for encryption |
| CWE-1333 | Swift | swift/redos | Inefficient regular expression |