Safety of sharing my open source app if it works with password

Odd question. I know Property fields have different behaviors relating to retaining their values depending on if compiled or not. I am building an Cocoa GUI to control my AppleScript. I have posted the project and some builds on GitHub (hidden now). I don’t think this is the case, but is there any possibility that my Administrator password could have been retained in either the .xcodeproj or in the compiled .app of my program?

I have a two relevant properties in my AppleScript:
property shellPassword : missing value
property shellPasswordField : missing value

shellPasswordField is the Referencing Outlet Delegate for a Secure Password Field Cell. It is not bound to the value of either property though, which I think would be the only reason I would need to worry.

Then the password is checked by this function:

on checkPasswd:sender
set shellPassword to shellPasswordField’s stringValue() as text
try
do shell script “sudo -K”
do shell script “/bin/echo” password shellPassword with administrator privileges
display notification “Auth Success”
delay 1
return 1
on error errMsg number errorNumber
display dialog "Debugging alert error occurred: " & errMsg as text & " Num: " & errorNumber as text
–display alert “Sorry, you’ve entered an invalid password. Please try again.”
return 0
end try
end checkPasswd:

Obviously the values are also sent as senders to other functions in the program, but I don’t think they’re relevant. I can post them if needed.

If your AppleScript code is part of an class loaded by an Xcode project, then you have no problem. if it’s a script you’re loading some other way, then it may retain the password in the property.

Very rusty with Xcode, and my experience was with Swift v1 & v2, so not sure if its a class. I greped over all the files and it doesn’t seem to be retained, but here’s the project higherarchy just in case.

I also added in display alerts to test and it doesn’t seem to be retained, but I had to specifically address the fact that my check boxes were retaining their checked status across runs, which is why I got worried about this.

If it’s a class file, it will contain property parent : class “NSObject” (or some other parent class).

script ArtifactFinder

property parent : class "NSObject"

Has been there since the beginning. All set I assume?

Yes.

Thank you! I had a strange socket based event loop running for hours on my Mac this morning from nowhere, and was worried I had somehow published the PW to GitHub