Skip to content

Commit

Permalink
(fix) keychain dumper misses entries with kSecAttrSynchronizable=true (
Browse files Browse the repository at this point in the history
…#448)

* (fix) keychain dumper misses entries that were created with kSecAttrSynchronizable=true

* (fix) keychain empty() method misses entries that were created with kSecAttrSynchronizable=true
  • Loading branch information
jpstotz authored Mar 30, 2021
1 parent 24582bb commit 8560d75
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
2 changes: 2 additions & 0 deletions agent/src/ios/keychain.ts
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ export namespace ioskeychain {
searchDictionary.setObject_forKey_(kCFBooleanTrue, kSec.kSecReturnData);
searchDictionary.setObject_forKey_(kCFBooleanTrue, kSec.kSecReturnRef);
searchDictionary.setObject_forKey_(kSec.kSecMatchLimitAll, kSec.kSecMatchLimit);
searchDictionary.setObject_forKey_(kSec.kSecAttrSynchronizableAny, kSec.kSecAttrSynchronizable);

// loop each of the keychain class types and extract data
const itemClassResults: IKeychainData[][] = itemClasses.map((clazz) => {
Expand Down Expand Up @@ -150,6 +151,7 @@ export namespace ioskeychain {
// clean out the keychain
export const empty = (): void => {
const searchDictionary: NSMutableDictionaryType = ObjC.classes.NSMutableDictionary.alloc().init();
searchDictionary.setObject_forKey_(kSec.kSecAttrSynchronizableAny, kSec.kSecAttrSynchronizable);
itemClasses.forEach((clazz) => {

// set the class-type we are querying for now & delete
Expand Down
1 change: 1 addition & 0 deletions agent/src/ios/lib/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ export enum kSec {
kSecAttrAccessControl = "accc",
kSecAttrGeneric = "gena",
kSecAttrSynchronizable = "sync",
kSecAttrSynchronizableAny = "syna",
kSecAttrModificationDate = "mdat",
kSecAttrServer = "srvr",
kSecAttrDescription = "desc",
Expand Down

0 comments on commit 8560d75

Please sign in to comment.