CX Sensitive_Data_In_Temp_Folders @ iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Hard Coded Keys/BrokenCryptographyExerciseVC.swift [master]

[tsunez]

Sensitive_Data_In_Temp_Folders issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Hard Coded Keys/BrokenCryptographyExerciseVC.swift in branch master

The app's viewDidLoad method takes sensitive personal data, data: at line 30 of iGoat-Swift\iGoat-Swift\Source\Exercises\Key Management\Hard Coded Keys\BrokenCryptographyExerciseVC.swift. The viewDidLoad of iGoat-Swift\iGoat-Swift\Source\Exercises\Key Management\Hard Coded Keys\BrokenCryptographyExerciseVC.swift then saves this data to disk, at line 30. However, the atomic parameter causes the operation to write the data to a temporary file.

Severity: Low

CWE:377

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: [32](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Hard Coded Keys/BrokenCryptographyExerciseVC.swift#L32) [34](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Hard Coded Keys/BrokenCryptographyExerciseVC.swift#L34)

---

[Code (Line #32):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Hard Coded Keys/BrokenCryptographyExerciseVC.swift#L32)

        let password = "b@nkP@ssword123"

---

[Code (Line #34):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Hard Coded Keys/BrokenCryptographyExerciseVC.swift#L34)

        let data = password.data(using: .utf8)

---

[tsunez]

Issue still exists.

SUMMARY

Issue has 2 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

[tsunez]

Issue still exists.

SUMMARY

Issue has 2 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)