Swift Insecure Data No File Protection
Description
Detects when file operations in Swift code are performed without specifying file protection attributes, which could leave sensitive data exposed. Files created or written without proper protection levels may be accessible to unauthorized parties if the device is compromised.
Detection Strategy
• Identifies file operation method calls ending with 'write' or exactly matching 'FileManager.default.createFile'
• Verifies the file operation does not include file protection options in its parameters
• Reports a vulnerability when file operations lack explicit data protection attributes
Vulnerable code example
import Foundation
func storeDataInsecurely(data: Data, url: URL) throws {
// VULNERABLE: Explicitly disables file encryption by using .noFileProtection
try data.write(to: url, options: .noFileProtection)
// VULNERABLE: Also disables protection via FileProtectionType.none
let attributes = [FileAttributeKey.protectionKey: FileProtectionType.none]...✅ Secure code example
import Foundation
func storeDataSecurely(data: Data, url: URL) throws {
// SECURE: Explicitly enables complete file protection
try data.write(to: url, options: .completeFileProtection)
// SECURE: Uses FileProtectionType.complete for strong encryption
let attributes = [FileAttributeKey.protectionKey: FileProtectionType.complete]...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.