Swift Local Sensitive Information
Description
Detects when sensitive information is stored in Swift's UserDefaults local storage, which is not secure for confidential data. This can expose sensitive user information to unauthorized access since UserDefaults stores data in plain text within the application bundle.
Detection Strategy
• Confirms the Vapor framework is imported in the Swift codebase
• Identifies calls to UserDefaults.standard.set method
• Examines the arguments passed to UserDefaults.standard.set to check if they contain sensitive information
• Reports a vulnerability when sensitive data (like passwords, tokens, or personal information) is stored using UserDefaults
Vulnerable code example
import Foundation
struct User {
let username: String
let password: String
}
func saveUserCredentials(user: User) {...✅ Secure code example
import Foundation
import CryptoKit
struct User {
let username: String
let password: String
}
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.