Swift: Add support for isDigit and similar.

geoffw0 · geoffw0 · commit 39302c62bd3f · 2023-06-15T21:18:15.000+01:00
diff --git a/swift/ql/lib/codeql/swift/regex/RegexTreeView.qll b/swift/ql/lib/codeql/swift/regex/RegexTreeView.qll
@@ -1187,13 +1187,13 @@ private module Impl implements RegexTreeViewSig {
     or
     // TODO: expand to cover more properties
     exists(RegExpNamedCharacterProperty escape | term = escape |
-      escape.getName().toLowerCase() = "digit" and
+      escape.getName().toLowerCase() = ["digit", "isdigit"] and
       if escape.isInverted() then clazz = "D" else clazz = "d"
       or
-      escape.getName().toLowerCase() = "space" and
+      escape.getName().toLowerCase() = ["space", "isspace"] and
       if escape.isInverted() then clazz = "S" else clazz = "s"
       or
-      escape.getName().toLowerCase() = "word" and
+      escape.getName().toLowerCase() = ["word", "isword"] and
       if escape.isInverted() then clazz = "W" else clazz = "w"
     )
   }
diff --git a/swift/ql/test/library-tests/regex/redos_variants.swift b/swift/ql/test/library-tests/regex/redos_variants.swift
@@ -535,9 +535,9 @@ func myRegexpVariantsTests(myUrl: URL) throws {
     // GOOD
     _ = try Regex(#"X(\P{Digit}|7)+Y"#).firstMatch(in: tainted)
 
-    // BAD TODO: we should get this one
+    // BAD
     // attack string: "X" + "7" x lots
-    _ = try Regex(#"X(\p{IsDigit}|7)*Y"#).firstMatch(in: tainted) // $ MISSING: redos-vulnerable=
+    _ = try Regex(#"X(\p{IsDigit}|7)*Y"#).firstMatch(in: tainted) // $ redos-vulnerable=
 
     // GOOD
     _ = try Regex(#"X(\p{IsDigit}|b)+Y"#).firstMatch(in: tainted)
