Swift: Tweak qhelp and example.

geoffw0 · geoffw0 · commit 6f3dba5f98a0 · 2023-07-04T13:21:51.000+01:00
diff --git a/swift/ql/src/queries/Security/CWE-730/RegexInjection.qhelp b/swift/ql/src/queries/Security/CWE-730/RegexInjection.qhelp
@@ -6,10 +6,10 @@
 <overview>
 <p>
 Constructing a regular expression with unsanitized user input is dangerous,
-since a malicious user may be able to modify the meaning of the expression. In
-particular, such a user may be able to provide a regular expression fragment
-that takes exponential time in the worst case, and use that to perform a Denial
-of Service attack.
+since a malicious user may be able to modify the meaning of the expression. They
+may be able to cause unexpected program behaviour, or perform a Denial of Service
+attack. For example they may provide a regular expression fragment that takes
+exponential time to evaluate in the worst case.
 </p>
 </overview>
 
diff --git a/swift/ql/src/queries/Security/CWE-730/RegexInjectionGood.swift b/swift/ql/src/queries/Security/CWE-730/RegexInjectionGood.swift
@@ -4,7 +4,7 @@ func processRemoteInput(remoteInput: String) {
   # GOOD: Regular expression is not derived from user input
   let regex1 = try Regex(myRegex)
 
-  # GOOD: Sanitized user input is used to construct a regular expression
+  # GOOD: User input is sanitized before being used to construct a regular expression
   let escapedInput = NSRegularExpression.escapedPattern(for: remoteInput)
   let regexStr = "abc|\(escapedInput)"
   let regex2 = try NSRegularExpression(pattern: regexStr)
