hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Swift: Fix two of the qhelps by slightly modifying the sample code instead."

Browse Source 
This reverts commit 2d19d6f61e.
This commit is contained in:
Geoffrey White
2024-08-16 13:24:03 +01:00
parent 2d19d6f61e
commit 0088ece3ea
5 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
View File

@@ -46,7 +46,7 @@
</p>
<sample src="IncompleteHostnameRegexBad.swift"/>
<sample src="IncompleteHostnameRegexBad.swift" language=""/>
<p>
@@ -63,7 +63,7 @@
</p>
<sample src="IncompleteHostnameRegexGood.swift"/>
<sample src="IncompleteHostnameRegexGood.swift" language=""/>
</example>

4
swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift
View File

@@ -1,11 +1,11 @@
func handleUrl(_ urlString: String) throws {
func handleUrl(_ urlString: String) {
// get the 'url=' parameter from the URL
let components = URLComponents(string: urlString)
let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
// check we trust the host
let regex = try Regex("^(www|beta).example.com/") // BAD
let regex = #/^(www|beta).example.com//# // BAD
if let match = redirectParam?.value?.firstMatch(of: regex) {
// ... trust the URL ...
}

4
swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift
View File

@@ -1,11 +1,11 @@
func handleUrl(_ urlString: String) throws {
func handleUrl(_ urlString: String) {
// get the 'url=' parameter from the URL
let components = URLComponents(string: urlString)
let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
// check we trust the host
let regex = try Regex("^(www|beta)\\.example\\.com/") // GOOD
let regex = #/^(www|beta)\.example\.com//# // GOOD
if let match = redirectParam?.value?.firstMatch(of: regex) {
// ... trust the URL ...
}

2
swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
View File

@@ -28,7 +28,7 @@ likely to handle corner cases correctly than a custom implementation.
The following example attempts to filters out all <code>&lt;script&gt;</code> tags.
</p>
<sample src="BadTagFilterBad.swift" />
<sample src="BadTagFilterBad.swift" language="" />
<p>
The above sanitizer does not filter out all <code>&lt;script&gt;</code> tags.

2
swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift
View File

@@ -1,4 +1,4 @@
let script_tag_regex = try Regex("<script[^>]*>.*</script>")
let script_tag_regex = /<script[^>]*>.*<\/script>/
var old_html = ""
while (html != old_html) {