Swift Sensitive Information Compromised
Description
Detects insecure database operations in Swift applications using Vapor/Fluent frameworks that could potentially expose sensitive information. This vulnerability occurs when database save operations are performed without proper data protection mechanisms, potentially leading to sensitive data exposure.
Detection Strategy
• Application must be using both Vapor and Fluent frameworks
• Identifies database save operations in the code
• Checks if the save operation is performed on a Fluent query
• Validates if the save operation is unsafe (lacking proper data protection)
• Reports a vulnerability when an unsafe save operation is detected that could expose sensitive data
Vulnerable code example
import Vapor
import Fluent
struct User: Content, Model {
static let schema = "users"
@ID(key: .id)
var id: UUID?...✅ Secure code example
import Vapor
import Fluent
import Bcrypt
struct User: Content, Model {
static let schema = "users"
@ID(key: .id)...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.