Swift: Adapt the IncompleteHostnameRegex qhelp for Swift.

geoffw0 · geoffw0 · commit 03ca29ab9688 · 2023-08-23T13:04:49.000+01:00
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.js b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.js
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
@@ -46,7 +46,7 @@
 
 		</p>
 
-		<sample src="examples/IncompleteHostnameRegExp.js"/>
+		<sample src="IncompleteHostnameRegexBad.swift"/>
 
 		<p>
 
@@ -59,15 +59,16 @@
 		<p>
 
 			Address this vulnerability by escaping <code>.</code>
-			appropriately: <code>let regex = /^((www|beta)\.)?example\.com/</code>.
+			to <code>\.</code>:
 
 		</p>
 
+		<sample src="IncompleteHostnameRegexGood.swift"/>
+
 	</example>
 
 	<references>
-		<li>MDN: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions">Regular Expressions</a></li>
-		<li>OWASP: <a href="https://www.owasp.org/index.php/Server_Side_Request_Forgery">SSRF</a></li>
-		<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
+		<li>OWASP: <a href="https://www.owasp.org/index.php/Server_Side_Request_Forgery">Server Side Request Forgery</a></li>
+		<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">Unvalidated Redirects and Forwards Cheat Sheet</a></li>
 	</references>
 </qhelp>
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexBad.swift
@@ -0,0 +1,12 @@
+
+func handleUrl(_ urlString: String) {
+    // get the 'url=' parameter from the URL
+    let components = URLComponents(string: urlString)
+    let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
+
+    // check we trust the host
+    let regex = #/^(www|beta).example.com//#
+    if let match = redirectParam?.value?.firstMatch(of: regex) {
+        // ... trust the URL ...
+    }
+}
diff --git a/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift b/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegexGood.swift
@@ -0,0 +1,12 @@
+
+func handleUrl(_ urlString: String) {
+    // get the 'url=' parameter from the URL
+    let components = URLComponents(string: urlString)
+    let redirectParam = components?.queryItems?.first(where: { $0.name == "url" })
+
+    // check we trust the host
+    let regex = #/^(www|beta)\.example\.com//#
+    if let match = redirectParam?.value?.firstMatch(of: regex) {
+        // ... trust the URL ...
+    }
+}
