Swift: Port the qhelp examples to Swift.

Author: geoffw0

swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.qhelp

@@ -42,7 +42,7 @@
 
 		</p>
 
-		<sample src="examples/MissingRegExpAnchor_BAD.js"/>
+		<sample src="examples/MissingRegExpAnchorBad.swift"/>
 
 		<p>
 
@@ -54,7 +54,7 @@
 
 		</p>
 
-		<sample src="examples/MissingRegExpAnchor_GOOD.js"/>
+		<sample src="examples/MissingRegExpAnchorGood.swift"/>
 
 		<p>
 

swift/ql/src/queries/Security/CWE-020/MissingRegexAnchorBad.swift

@@ -0,0 +1,11 @@
+func handleUrl(_ urlString: String) {
+    // get the 'url=' parameter from the URL
+    let components = URLComponents(string: urlString)
+    let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
+
+    // check we trust the host
+    let regex = try Regex(#"https?://www\.example\.com"#) // BAD: the host of `url` may be controlled by an attacker
+    if let match = redirectParam?.value?.firstMatch(of: regex) {
+        // ... trust the URL ...
+    }
+}

swift/ql/src/queries/Security/CWE-020/MissingRegexAnchorGood.swift

@@ -0,0 +1,11 @@
+func handleUrl(_ urlString: String) {
+    // get the 'url=' parameter from the URL
+    let components = URLComponents(string: urlString)
+    let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
+
+    // check we trust the host
+    let regex = try Regex(#"^https?://www\.example\.com"#) // GOOD: the host of `url` can not be controlled by an attacker
+    if let match = redirectParam?.value?.firstMatch(of: regex) {
+        // ... trust the URL ...
+    }
+}