Technical information leak - Print Functions - Swift

Technical information leak - Print Functions - Swift

Need

Prevention of sensitive information exposure through print functions

Context

  • Usage of Swift for iOS and macOS app development
  • Usage of UIKit for building modern and responsive user interfaces

Description

Non compliant code

        import UIKit

class ViewController: UIViewController {

    override func viewDidLoad() {
        super.viewDidLoad()
        print("This is a sensitive information leak")
    }

    func login(username: String, password: String) {
        if username != "admin" || password != "password" {
            print("Login failed for user: \\(username) with password: \\(password)")
        } else {
            print("Login successful!")
        }
    }
}
        
        

In the above Swift code for an iOS application, we have a ViewController class with a viewDidLoad method and a login method.

The viewDidLoad method is called after the view controller has loaded its view hierarchy into memory. Here, we are using a print function to output a string "This is a sensitive information leak". This is a potential vulnerability as it exposes sensitive information to stdout.

The login method takes a username and a password as arguments. If the username and password do not match the hardcoded "admin" and "password" respectively, the application prints a message "Login failed for user: \\(username) with password: \\(password)". This is a severe security vulnerability as it can leak sensitive user information like usernames and passwords to stdout.

Also, there is a print statement "Login successful!" when the username and password match the hardcoded values. This can also expose sensitive information about the application's internal workings.

In a production environment, this kind of information leakage can be exploited by attackers to gain unauthorized access or understand the internal workings of the application. Therefore, it's crucial to avoid using print statements that output sensitive information in a production environment.

Steps

  • Remove or comment out all print statements that contain sensitive information.
  • Implement proper logging mechanisms instead of using print statements.
  • Ensure that logging is disabled or limited in the production environment.
  • Avoid logging sensitive information such as passwords or user credentials.
  • Regularly review and update the logging mechanism to ensure it is secure and does not leak sensitive information.

Compliant code

        import UIKit

class ViewController: UIViewController {

    override func viewDidLoad() {
        super.viewDidLoad()
        // print("This is a sensitive information leak")
    }

    func login(username: String, password: String) {
        if username != "admin" || password != "password" {
            // print("Login failed for user: \\(username) with password: \\(password)")
        } else {
            // print("Login successful!")
        }
    }
}
        
        

The updated code removes the print statements that were previously used to output sensitive information to the console. These print statements can potentially expose sensitive information such as usernames and passwords, especially in a production environment.

In the viewDidLoad method, the print statement has been commented out to prevent the output of the message "This is a sensitive information leak". This message could potentially provide attackers with clues about the internal workings of the application, which they could exploit.

In the login method, the print statements that output the login status and the user's credentials have also been commented out. This prevents the exposure of sensitive information such as the user's username and password.

Instead of using print statements, a proper logging mechanism should be implemented. This logging mechanism should be disabled or limited in the production environment to prevent the exposure of sensitive information. Additionally, sensitive information such as passwords or user credentials should not be logged.

Regular reviews and updates of the logging mechanism should be carried out to ensure that it remains secure and does not leak sensitive information.

References