swiftxcodesecurityowasp

Use of a broken or risky cryptographic algorithm encryption algorithm. base64EncodedString should not be used


I'm running a security code analysis with Kiuwan on one of my Swift libs and I got one issue marked as hight vulnerability that says exactly what the title read and it's point me out this portion of my code:

53 public let data: Data

54 public var base64String: String {
55    return data.base64EncodedString()
56 }

The line 55 to be precise, which is the Swift built in base64 string encoder from Data

Any Idea of what can I do in order to fix that vulnerability ?


Solution

  • If you are NOT doing encryption (wanting to perserve the confidentiality and integrity of data) then you have a false positive here. Static code analyser tools meant for security scanning are generating false positives in huge amounts. You need to dig through, understand the context and decide whether it is a bug or not yourself.

    If you are doing encryption here, then it is obviously wrong.