New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Swift: New query: Incomplete regular expression for hostnames #14034
base: main
Are you sure you want to change the base?
Conversation
|
QHelp previews: swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelpIncomplete regular expression for hostnamesSanitizing untrusted URLs is an important technique for preventing attacks such as request forgeries and malicious redirections. Often, this is done by checking that the host of a URL is in a set of allowed hosts. If a regular expression implements such a check, it is easy to accidentally make the check too permissive by not escaping the RecommendationEscape all meta-characters appropriately when constructing regular expressions for security checks, and pay special attention to the ExampleThe following example code checks that a URL redirection will reach the The check is however easy to bypass because the unescaped Address this vulnerability by escaping References
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've only reviewed the QL code so far.
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
|
DCA LGTM. It shows a slight (~3%) overall analysis slowdown, which may be wobble or the real effect of adding a new query. I will check the most slowed down project ( |
|
I'll review this on behalf of Docs! |
Adds a new Swift query "Incomplete regular expression for hostnames". This is a port of
js/incomplete-hostname-regexp; Ruby, Go and Python have similar queries as well.shared/regex/codeql/regex/HostnameRegexpfor the query, with a thin layer inswift/ql/lib/codeql/swift/security/regex/HostnameRegex.qllconnecting that to the Swift libraries.swift/ql/lib/codeql/swift/regex/Regex.qll.ParsedStringRegexis changed to extend a new classRegexPatternSourceand ultimatelyDataFlow::Noderather thanExpr, as that is the configuration of classes the shared library expects to find.Before merging: