Insecure temporary files - Swift

Insecure temporary files - Swift

Need

Secure handling of temporary files

Context

  • Usage of Swift for iOS and macOS app development
  • Usage of Foundation for building responsive and accessible web interfaces

Description

Non compliant code

        import Foundation

func writeSensitiveDataToFile() {
    let sensitiveData = "This is sensitive data"
    let tempDirectory = NSTemporaryDirectory()
    let tempFile = tempDirectory.appending("/temp.txt")

    do {
        try sensitiveData.write(toFile: tempFile, atomically: true, encoding: .utf8)
    } catch {
        print("Failed to write to file \\(tempFile)")
    }
}
        
        

In the above Swift code, we are writing sensitive data to a temporary file. The function writeSensitiveDataToFile creates a string sensitiveData that represents the sensitive information.

Then, it gets the path to the temporary directory of the system by calling NSTemporaryDirectory(). It appends the filename /temp.txt to the path of the temporary directory to get the full path to the temporary file.

Finally, it attempts to write the sensitive data to the temporary file using the write(toFile:atomically:encoding:) method. If the write operation fails, it prints an error message.

This code is vulnerable because it writes sensitive data to a temporary file. Temporary files are insecure because they can be accessed by other processes or users on the system. An attacker could read the sensitive data from the temporary file, or they could modify the temporary file to inject malicious data.

Furthermore, if the system deploys the temporary file to the production environment, it could expose the sensitive data to anyone who has access to the production environment.

Steps

  • Avoid storing sensitive information in temporary files.
  • If sensitive data needs to be stored temporarily, consider using secure storage mechanisms provided by the platform.
  • If temporary files are necessary, ensure that they are properly secured and encrypted.
  • Avoid deploying sensitive temporary files to the production environment.
  • Implement proper file handling practices, such as securely deleting temporary files after they are no longer needed.
  • Regularly review and audit the usage of temporary files in the application to identify any potential security risks.

Compliant code

        import Foundation
import Security

func writeSensitiveDataToFile() {
    let sensitiveData = "This is sensitive data"
    let key = "com.example.app.sensitiveData"

    let data = Data(sensitiveData.utf8)
    let status = KeychainWrapper.standard.set(data, forKey: key)

    if status == errSecSuccess {
        print("Sensitive data stored successfully")
    } else {
        print("Failed to store sensitive data")
    }
}

func readSensitiveDataFromFile() {
    let key = "com.example.app.sensitiveData"

    if let data = KeychainWrapper.standard.data(forKey: key),
       let sensitiveData = String(data: data, encoding: .utf8) {
        print("Sensitive data: \\(sensitiveData)")
    } else {
        print("Failed to read sensitive data")
    }
}

func deleteSensitiveData() {
    let key = "com.example.app.sensitiveData"
    let status = KeychainWrapper.standard.removeObject(forKey: key)

    if status == errSecSuccess {
        print("Sensitive data deleted successfully")
    } else {
        print("Failed to delete sensitive data")
    }
}
        
        

The updated code no longer uses temporary files to store sensitive data. Instead, it uses the Keychain, which is a secure storage provided by iOS.

The writeSensitiveDataToFile function has been updated to store the sensitive data in the Keychain. It first converts the sensitive data to Data and then stores it in the Keychain using the set method of KeychainWrapper. The key used to store the data is "com.example.app.sensitiveData".

The readSensitiveDataFromFile function has been added to read the sensitive data from the Keychain. It uses the data method of KeychainWrapper to retrieve the data and then converts it back to a string.

The deleteSensitiveData function has been added to securely delete the sensitive data from the Keychain when it is no longer needed. It uses the removeObject method of KeychainWrapper.

This approach ensures that the sensitive data is securely stored and handled, and it avoids the risks associated with using temporary files.

References