From 0126fbcb8f2cb9d7f38f8adce31716981f7a8422 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 16 Aug 2024 10:56:46 +0100
Subject: [PATCH 1/3] Swift: Clear the language for Swift code snippets that
are rendering incorrectly.
---
.../queries/Security/CWE-020/IncompleteHostnameRegex.qhelp | 4 ++--
swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp | 2 +-
swift/ql/src/queries/Security/CWE-1333/ReDoS.qhelp | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
index ef374fc9752..347a0ee0e29 100644
--- a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
+++ b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
@@ -46,7 +46,7 @@
-
+
@@ -63,7 +63,7 @@
-
+
diff --git a/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp b/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
index b406faf8e17..c312fb1a6f5 100644
--- a/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
+++ b/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
@@ -28,7 +28,7 @@ likely to handle corner cases correctly than a custom implementation.
The following example attempts to filters out all <script> tags.
-
+
The above sanitizer does not filter out all <script> tags.
diff --git a/swift/ql/src/queries/Security/CWE-1333/ReDoS.qhelp b/swift/ql/src/queries/Security/CWE-1333/ReDoS.qhelp
index ddbb2835bc2..e641d9b4e61 100644
--- a/swift/ql/src/queries/Security/CWE-1333/ReDoS.qhelp
+++ b/swift/ql/src/queries/Security/CWE-1333/ReDoS.qhelp
@@ -3,7 +3,7 @@
Consider the following regular expression:
-
+
/^_(__|.)+_$/
Its sub-expression "(__|.)+" can match the string
@@ -19,7 +19,7 @@
the ambiguity between the two branches of the alternative inside the
repetition:
-
+
/^_(__|[^_])+_$/
From 2d19d6f61ecc12f8a888f5a5cdd76888e0c01763 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 16 Aug 2024 11:40:57 +0100
Subject: [PATCH 2/3] Swift: Fix two of the qhelps by slightly modifying the
sample code instead.
---
.../queries/Security/CWE-020/IncompleteHostnameRegex.qhelp | 4 ++--
.../queries/Security/CWE-020/IncompleteHostnameRegexBad.swift | 4 ++--
.../Security/CWE-020/IncompleteHostnameRegexGood.swift | 4 ++--
swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp | 2 +-
swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift | 2 +-
5 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
index 347a0ee0e29..ef374fc9752 100644
--- a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
+++ b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
@@ -46,7 +46,7 @@
-
+
@@ -63,7 +63,7 @@
-
+
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift
index 3e28022ab98..6f553b2fbee 100644
--- a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift
+++ b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift
@@ -1,11 +1,11 @@
-func handleUrl(_ urlString: String) {
+func handleUrl(_ urlString: String) throws {
// get the 'url=' parameter from the URL
let components = URLComponents(string: urlString)
let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
// check we trust the host
- let regex = #/^(www|beta).example.com//# // BAD
+ let regex = try Regex("^(www|beta).example.com/") // BAD
if let match = redirectParam?.value?.firstMatch(of: regex) {
// ... trust the URL ...
}
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift
index fad4135a263..1413a7ffa73 100644
--- a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift
+++ b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift
@@ -1,11 +1,11 @@
-func handleUrl(_ urlString: String) {
+func handleUrl(_ urlString: String) throws {
// get the 'url=' parameter from the URL
let components = URLComponents(string: urlString)
let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
// check we trust the host
- let regex = #/^(www|beta)\.example\.com//# // GOOD
+ let regex = try Regex("^(www|beta)\\.example\\.com/") // GOOD
if let match = redirectParam?.value?.firstMatch(of: regex) {
// ... trust the URL ...
}
diff --git a/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp b/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
index c312fb1a6f5..b406faf8e17 100644
--- a/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
+++ b/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
@@ -28,7 +28,7 @@ likely to handle corner cases correctly than a custom implementation.
The following example attempts to filters out all <script> tags.
-
+
The above sanitizer does not filter out all <script> tags.
diff --git a/swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift b/swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift
index d399bf5a166..f2a8273d31a 100644
--- a/swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift
+++ b/swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift
@@ -1,4 +1,4 @@
-let script_tag_regex = /]*>.*<\/script>/
+let script_tag_regex = try Regex("]*>.*")
var old_html = ""
while (html != old_html) {
From 0088ece3ea7772811f7c2c75a2a75e16abb49d66 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 16 Aug 2024 13:24:03 +0100
Subject: [PATCH 3/3] Revert "Swift: Fix two of the qhelps by slightly
modifying the sample code instead."
This reverts commit 2d19d6f61ecc12f8a888f5a5cdd76888e0c01763.
---
.../queries/Security/CWE-020/IncompleteHostnameRegex.qhelp | 4 ++--
.../queries/Security/CWE-020/IncompleteHostnameRegexBad.swift | 4 ++--
.../Security/CWE-020/IncompleteHostnameRegexGood.swift | 4 ++--
swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp | 2 +-
swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift | 2 +-
5 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
index ef374fc9752..347a0ee0e29 100644
--- a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
+++ b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
@@ -46,7 +46,7 @@
-
+
@@ -63,7 +63,7 @@
-
+
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift
index 6f553b2fbee..3e28022ab98 100644
--- a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift
+++ b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift
@@ -1,11 +1,11 @@
-func handleUrl(_ urlString: String) throws {
+func handleUrl(_ urlString: String) {
// get the 'url=' parameter from the URL
let components = URLComponents(string: urlString)
let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
// check we trust the host
- let regex = try Regex("^(www|beta).example.com/") // BAD
+ let regex = #/^(www|beta).example.com//# // BAD
if let match = redirectParam?.value?.firstMatch(of: regex) {
// ... trust the URL ...
}
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift
index 1413a7ffa73..fad4135a263 100644
--- a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift
+++ b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift
@@ -1,11 +1,11 @@
-func handleUrl(_ urlString: String) throws {
+func handleUrl(_ urlString: String) {
// get the 'url=' parameter from the URL
let components = URLComponents(string: urlString)
let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
// check we trust the host
- let regex = try Regex("^(www|beta)\\.example\\.com/") // GOOD
+ let regex = #/^(www|beta)\.example\.com//# // GOOD
if let match = redirectParam?.value?.firstMatch(of: regex) {
// ... trust the URL ...
}
diff --git a/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp b/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
index b406faf8e17..c312fb1a6f5 100644
--- a/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
+++ b/swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
@@ -28,7 +28,7 @@ likely to handle corner cases correctly than a custom implementation.
The following example attempts to filters out all <script> tags.
-
+
The above sanitizer does not filter out all <script> tags.
diff --git a/swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift b/swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift
index f2a8273d31a..d399bf5a166 100644
--- a/swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift
+++ b/swift/ql/src/queries/Security/CWE-116/BadTagFilterBad.swift
@@ -1,4 +1,4 @@
-let script_tag_regex = try Regex("]*>.*")
+let script_tag_regex = /]*>.*<\/script>/
var old_html = ""
while (html != old_html) {