Swift: Trivial changes - query ID / metadata, imports.

geoffw0 · geoffw0 · commit db1508d1084e · 2023-12-14T16:09:46.000Z
diff --git a/swift/ql/lib/codeql/swift/security/WeakPasswordHashingQuery.qll b/swift/ql/lib/codeql/swift/security/WeakPasswordHashingQuery.qll
@@ -3,10 +3,10 @@
  * cryptographic hashing algorithms on passwords.
  */
 
-import csharp
-import semmle.code.csharp.security.SensitiveActions
-import semmle.code.csharp.dataflow.DataFlow
-import semmle.code.csharp.dataflow.TaintTracking
+import swift
+import codeql.swift.security.SensitiveExprs
+import codeql.swift.dataflow.DataFlow
+import codeql.swift.dataflow.TaintTracking
 
 /**
  * A taint tracking configuration from password expressions to inappropriate
@@ -31,7 +31,7 @@ module WeakHashingPasswordConfig implements DataFlow::ConfigSig {
 module WeakHashingFlow = TaintTracking::Global<WeakHashingPasswordConfig>;
 
 // TODO: rewrite with data extensions in mind, ref the Swift implementation
-class WeakPasswordHashingSink extends DataFlow::Node {   
+class WeakPasswordHashingSink extends DataFlow::Node {
   string algorithm;
 
   WeakPasswordHashingSink() {
diff --git a/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.qhelp b/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.qhelp
@@ -65,12 +65,12 @@
 
             In the first case the SHA-512 hashing algorithm is used. It is vulnerable to offline brute force attacks:
         </p>
-        <sample src="WeakPasswordHashingBad.csharp"/>
+        <sample src="WeakPasswordHashingBad.swift"/>
         <p>
 
             Here is the same function using Argon2, which is suitable for password hashing:
         </p>
-        <sample src="WeakPasswordHashingGood.csharp"/>
+        <sample src="WeakPasswordHashingGood.swift"/>
 
     </example>
     <references>
diff --git a/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql b/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql
@@ -5,15 +5,15 @@
  * @problem.severity warning
  * @security-severity 7.5
  * @precision high
- * @id csharp/weak-password-hashing
+ * @id swift/weak-password-hashing
  * @tags security
  *       external/cwe/cwe-327
  *       external/cwe/cwe-328
  *       external/cwe/cwe-916
  */
 
-import csharp
-import WeakPasswordHashingQuery
+import swift
+import codeql.swift.security.WeakPasswordHashingQuery
 import WeakHashingFlow::PathGraph
 
 from
