Created by James Hurrell, last modified on Feb 18, 2020
This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.

On this page:

Summary: This document provides information about changes and new features introduced in this release.

1.0.5-funcrel

Updates

  • Updated the description of rule (1055036): "Avoid hard-coded passwords (Swift)"
  • Support for Swift 5.0 features (raw strings)
  • Improved parser (tested against large Swift projects)
  • Updated the dependency version CAST-AIP to 8.2.0, consistent with the minimal requirements of com.castsoftware.cfamily.

New features

  • New rule (1055026): "Avoid Superclass knowing Subclass (Swift)"

1.0.4-funcrel

Updates

  • Updated description of rule (1055006): "Avoid weak cryptographic hash (Swift)"
  • Updated description of rule (1055008): "Avoid weak encryption by providing sufficient key size (Swift)"
  • Better support of extension statements:
    • Include extended methods as code fragments inside the extended class/structure.
    • Improved resolution of method/function calls to extended methods.
    • Inheritance links are created between classes and protocols added by extensions.

1.0.3-funcrel

Updates

  • Updated rule description (1055008): Avoid weak encryption by providing sufficient key size (Swift)

Resolved issues

Internal IDCall IDSummary
SWIFT-107-Wrong cyclomatic complexity number
SWIFT-11018423Crash in Swift extension which leading to missing links to Controller method/class.
SWIFT-11118540, 19148Missing links to Controller method/ class in iOS-Swift application

1.0.2-funcrel

Updates

  •  Improvements in quality rule documentation

1.0.1-funcrel

Bug Fixes

  • Removed false positives in rule Avoid empty generic catch blocks (Swift) [1055034]
  • Solve runtime error in application level analysis

New features

  • Scope of quality rules do also consider callable code in Default Property Initializers.

1.0.0-funcrel

Summary

This first functional release provides a basic analyzer of Swift projects. One can find major objects describing Swift language features (classes, structs, functions, methods, ...) and their respective links, including links to objects generated by the parsing of StoryBoard files (and .xib). A set of 16 quality rules (mostly security oriented) are provided as well.

Updates

  • New object: Default Property Initializer
  • Improved robustness, tests performed on 20 different swift projects
  • Checksum numbers calculated for more objects (classes, structs, ...)
  • Reduce number of false positives in NSPredicate(format:) (1055032)

1.0.0-beta3

Updates

  • Added quality rule: Avoid using NSPredicate(format:) (1055032)

  • Improvement of quality rules 

  • Checksum property added for classes, structures, etc.
  • Swift methods are represented by Method objects (before they were considered as function objects)
  • Better support for custom operator definitions/overridings

1.0.0-beta2

Updates

  • New quality rules:
    • Avoid using kSecAttrAccessibleAlways attribute when storing data in the Keychain (Swift) (1055020)
    • Avoid empty generic catch blocks (Swift) (1055034)
    • Avoid hardcoded passwords (Swift) (1055036)
  • Better resolution of callLinks (Struct methods)
  • Detection of Swift version
  • Improved robustness

1.0.0-beta1

Updates

  • New security quality rules:
    • Ensure that LAContext evaluatePolicy reply block is not empty (Swift) (1055014)
    • Ensure that LAContext evaluatePolicy reply block success is checked (Swift) (1055016) 
    • Always use LAContext canEvaluatePolicy before using evaluatePolicy (Swift) (1055018)
  • Better resolution of callLinks (Enumeration methods)
  • Updated icon for Swift Protocol object
  • Partial support for .xib files

1.0.0-alpha5

Updates

  • New security quality rules:
    • Avoid using the call of web service with iOS/Swift API inside a loop (1055002)
    • Avoid creating file without protection (Swift) (1055004)
    • Avoid using risky cryptographic hash (Swift) (1055006)
    • Avoid weak encryption providing sufficient key size (Swift) (1055008)
    • Avoid synchronizing the credentials with iCloud (Swift) (1055010)
    • Avoid using deprecated SSL protocol (Swift) (1055012)
    • UIApplicationDelegate applicationDidEnterBackground must delete sensitive data (Swift) (1055022)
  • Better link resolution by interpreting the action/target pattern

1.0.0-alpha4

Updates

  • First quality rule: Avoid using unsecured cookies (1055000)
  • Files belonging to tests and external packages are automatically skipped from analysis
  • Fixed bug arising from object duplication when used Swift preprocessing directives (see Known Limitations section below)
  • Improved support for function overloading
  • Handle multiple variable declarations
  • Added icon for enumerations
  • Changed dependencies from ios to cfamily extensions

1.0.0-alpha3

Updates

  • Partial support for the action/target pattern via the addTarget method (only for the UITextField widget)
  • Icon for Enumeration objects
  • Partial support for function overloading
  • Automatic recognition of web service queries as potential end points in transactions (function point counting)