insecure-biometrics-swift

ESS-ENN · ESS-ENN · commit 4d68bb3122a5 · 2024-12-06T18:40:00.000+05:30
diff --git a/rules/swift/security/insecure-biometrics-swift.yml b/rules/swift/security/insecure-biometrics-swift.yml
@@ -0,0 +1,54 @@
+id: insecure-biometrics-swift
+language: swift
+severity: info
+message: >-
+  The application was observed to leverage biometrics via Local
+      Authentication, which returns a simple boolean result for authentication.
+      This design is subject to bypass with runtime tampering tools such as
+      Frida, Substrate, and others. Although this is limited to rooted
+      (jailbroken) devices, consider implementing biometric authentication the
+      reliable way - via Keychain Services.
+note: >-
+  [CWE-305] Authentication Bypass by Primary Weakness
+  [REFERENCES]
+      - https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06f-testing-local-authentication
+      - https://shirazkhan030.medium.com/biometric-authentication-in-ios-6c53c54f17df
+
+rule:
+  kind: navigation_expression
+  pattern: $X.evaluatePolicy
+
+constraints:
+  X:
+    any:
+      - pattern: LAContext()
+      - kind: simple_identifier
+        inside:
+          stopBy: end
+          follows:
+            stopBy: end
+            kind: property_declaration
+            all:
+              - has:
+                  stopBy: end
+                  kind: simple_identifier
+                  pattern: $X
+              - has:
+                  stopBy: end
+                  kind: call_expression
+                  field: value
+                  pattern: LAContext()
+      - kind: simple_identifier
+        follows:
+          stopBy: end
+          kind: property_declaration
+          all:
+            - has:
+                stopBy: end
+                kind: simple_identifier
+                pattern: $X
+            - has:
+                stopBy: end
+                kind: call_expression
+                field: value
+                pattern: LAContext()
diff --git a/tests/__snapshots__/insecure-biometrics-swift-snapshot.yml b/tests/__snapshots__/insecure-biometrics-swift-snapshot.yml
@@ -0,0 +1,68 @@
+id: insecure-biometrics-swift
+snapshots:
+  ? |
+    let context = LAContext()
+    class Testing {
+      var name: LAContext
+
+      init(name: LAContext) {
+          self.name = name
+      }
+
+      func speak() {
+          // ruleid: insecure-biometrics
+          context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "Authenticate to the application") { success, evaluationError in
+          guard success else {
+              // do...
+          }
+      }
+    }
+  : labels:
+    - source: context.evaluatePolicy
+      style: primary
+      start: 179
+      end: 201
+    - source: context
+      style: secondary
+      start: 4
+      end: 11
+    - source: LAContext()
+      style: secondary
+      start: 14
+      end: 25
+    - source: let context = LAContext()
+      style: secondary
+      start: 0
+      end: 25
+    - source: let context = LAContext()
+      style: secondary
+      start: 0
+      end: 25
+  ? |
+    let context = LAContext()
+    context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "Authenticate to the application") { success, evaluationError in
+        guard success else {
+            // do...
+        }
+    }
+  : labels:
+    - source: context.evaluatePolicy
+      style: primary
+      start: 26
+      end: 48
+    - source: context
+      style: secondary
+      start: 4
+      end: 11
+    - source: LAContext()
+      style: secondary
+      start: 14
+      end: 25
+    - source: let context = LAContext()
+      style: secondary
+      start: 0
+      end: 25
+    - source: let context = LAContext()
+      style: secondary
+      start: 0
+      end: 25
diff --git a/tests/swift/insecure-biometrics-swift-test.yml b/tests/swift/insecure-biometrics-swift-test.yml
@@ -0,0 +1,32 @@
+id: insecure-biometrics-swift
+valid:
+  - |
+    let context = LAContext()
+    guard context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &error) else {
+      // do...
+    }
+invalid:
+  - |
+    let context = LAContext()
+    context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "Authenticate to the application") { success, evaluationError in
+        guard success else {
+            // do...
+        }
+    }
+  - |
+    let context = LAContext()
+    class Testing {
+      var name: LAContext
+
+      init(name: LAContext) {
+          self.name = name
+      }
+
+      func speak() {
+          // ruleid: insecure-biometrics
+          context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "Authenticate to the application") { success, evaluationError in
+          guard success else {
+              // do...
+          }
+      }
+    }
