hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Adapt the IncompleteHostnameRegex qhelp for Swift.

Browse Source
This commit is contained in:
Geoffrey White
2023-08-22 18:33:28 +01:00
parent 1805b070dc
commit 03ca29ab96
4 changed files with 30 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.js
View File

@@ -1,9 +0,0 @@
app.get('/some/path', function(req, res) {
let url = req.param('url'),
host = urlLib.parse(url).host;
// BAD: the host of `url` may be controlled by an attacker
let regex = /^((www|beta).)?example.com/;
if (host.match(regex)) {
res.redirect(url);
}
});

11
swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
View File

@@ -46,7 +46,7 @@
</p>
<sample src="examples/IncompleteHostnameRegExp.js"/>
<sample src="IncompleteHostnameRegexBad.swift"/>
<p>
@@ -59,15 +59,16 @@
<p>
Address this vulnerability by escaping <code>.</code>
appropriately: <code>let regex = /^((www|beta)\.)?example\.com/</code>.
to <code>\.</code>:
</p>
<sample src="IncompleteHostnameRegexGood.swift"/>
</example>
<references>
<li>MDN: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions">Regular Expressions</a></li>
<li>OWASP: <a href="https://www.owasp.org/index.php/Server_Side_Request_Forgery">SSRF</a></li>
<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
<li>OWASP: <a href="https://www.owasp.org/index.php/Server_Side_Request_Forgery">Server Side Request Forgery</a></li>
<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">Unvalidated Redirects and Forwards Cheat Sheet</a></li>
</references>
</qhelp>

12
swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift Normal file
View File

@@ -0,0 +1,12 @@
func handleUrl(_ urlString: String) {
// get the 'url=' parameter from the URL
let components = URLComponents(string: urlString)
let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
// check we trust the host
let regex = #/^(www|beta).example.com//#
if let match = redirectParam?.value?.firstMatch(of: regex) {
// ... trust the URL ...
}
}

12
swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift Normal file
View File

@@ -0,0 +1,12 @@
func handleUrl(_ urlString: String) {
// get the 'url=' parameter from the URL
let components = URLComponents(string: urlString)
let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
// check we trust the host
let regex = #/^(www|beta)\.example\.com//#
if let match = redirectParam?.value?.firstMatch(of: regex) {
// ... trust the URL ...
}
}