Swift: Revise the qhelp.

geoffw0 · geoffw0 · commit 1f581525ff52 · 2023-06-23T16:04:32.000+01:00
diff --git a/swift/ql/src/queries/Security/CWE-1333/ReDoS.qhelp b/swift/ql/src/queries/Security/CWE-1333/ReDoS.qhelp
@@ -3,10 +3,10 @@
   <include src="ReDoSIntroduction.inc.qhelp" />
   <example>
     <p>Consider this regular expression:</p>
-    <sample language="ruby">
+    <sample language="swift">
 /^_(__|.)+_$/</sample>
     <p>
-      Its sub-expression <code>"(__|.)+?"</code> can match the string
+      Its sub-expression <code>"(__|.)+"</code> can match the string
       <code>"__"</code> either by the first alternative <code>"__"</code> to the
       left of the <code>"|"</code> operator, or by two repetitions of the second
       alternative <code>"."</code> to the right. Thus, a string consisting of an
@@ -19,7 +19,7 @@
       the ambiguity between the two branches of the alternative inside the
       repetition:
     </p>
-    <sample language="ruby">
+    <sample language="swift">
 /^_(__|[^_])+_$/</sample>
   </example>
   <include src="ReDoSReferences.inc.qhelp"/>
diff --git a/swift/ql/src/queries/Security/CWE-1333/ReDoSIntroduction.inc.qhelp b/swift/ql/src/queries/Security/CWE-1333/ReDoSIntroduction.inc.qhelp
@@ -5,26 +5,20 @@
       Some regular expressions take a long time to match certain input strings
       to the point where the time it takes to match a string of length <i>n</i>
       is proportional to <i>n<sup>k</sup></i> or even <i>2<sup>n</sup></i>.
-      Such regular expressions can negatively affect performance, or even allow
+      Such regular expressions can negatively affect performance, and potentially allow
       a malicious user to perform a Denial of Service ("DoS") attack by crafting
       an expensive input string for the regular expression to match.
     </p>
     <p>
-      The regular expression engine used by the Ruby interpreter (MRI) uses
+      The regular expression engine used by Swift uses a
       backtracking non-deterministic finite automata to implement regular
       expression matching. While this approach is space-efficient and allows
       supporting advanced features like capture groups, it is not time-efficient
       in general. The worst-case time complexity of such an automaton can be
-      polynomial or even exponential, meaning that for strings of a certain
+      polynomial or exponential, meaning that for strings of a certain
       shape, increasing the input length by ten characters may make the
       automaton about 1000 times slower.
     </p>
-    <p>
-      Note that Ruby 3.2 and later have implemented a caching mechanism that
-      completely eliminates the worst-case time complexity for the regular
-      expressions flagged by this query. The regular expressions flagged by this
-      query are therefore only problematic for Ruby versions prior to 3.2.
-    </p>
     <p>
       Typically, a regular expression is affected by this problem if it contains
       a repetition of the form <code>r*</code> or <code>r+</code> where the
diff --git a/swift/ql/src/queries/Security/CWE-1333/ReDoSReferences.inc.qhelp b/swift/ql/src/queries/Security/CWE-1333/ReDoSReferences.inc.qhelp
@@ -7,7 +7,7 @@
     <li>Wikipedia: <a href="https://en.wikipedia.org/wiki/ReDoS">ReDoS</a>.</li>
     <li>Wikipedia: <a href="https://en.wikipedia.org/wiki/Time_complexity">Time complexity</a>.</li>
     <li>James Kirrage, Asiri Rathnayake, Hayo Thielecke:
-      <a href="http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf">Static Analysis for Regular Expression Denial-of-Service Attack</a>.
+      <a href="https://arxiv.org/abs/1301.0849">Static Analysis for Regular Expression Denial-of-Service Attack</a>.
     </li>
   </references>
 </qhelp>
