engine/swift:bugfix - improving HS-SWIFT-24 rule to avoid false posit…

…ives (#930) Signed-off-by: Nathan Martins <[email protected]>
ZupIT · Jan 20, 2022 · 73511f0 · 73511f0
1 parent 0a2ecee
commit 73511f0
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 1 deletion.
diff --git a/internal/services/engines/swift/rules.go b/internal/services/engines/swift/rules.go
@@ -467,7 +467,7 @@ func NewSQLInjection() text.TextRule {
 		},
 		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
-			regexp.MustCompile(`(?i)((sqlite3_exec|executeChange|raw)\(.?((.*|\n)*)?)?(select|update|insert|delete)((.*|\n)*)?.*((["|']*)(\s?)(\+))`),
+			regexp.MustCompile(`(?i)((sqlite3_exec|executeChange|raw)\(.?((.*|\n)*)?)(select|update|insert|delete)((.*|\n)*)?.*((["|']*)(\s?)(\+))`),
 		},
 	}
 }
diff --git a/internal/services/engines/swift/rules_test.go b/internal/services/engines/swift/rules_test.go
@@ -69,6 +69,11 @@ func TestRulesSafeCode(t *testing.T) {
 			Rule: NewSQLInjection(),
 			Src:  SampleSafeHSSWIFT24,
 		},
+		{
+			Name: "HS-SWIFT-24",
+			Rule: NewSQLInjection(),
+			Src:  Sample2SafeHSSWIFT24,
+		},
 	}
 	testutil.TestSafeCode(t, testcases)
 }
diff --git a/internal/services/engines/swift/samples_test.go b/internal/services/engines/swift/samples_test.go
@@ -60,5 +60,86 @@ if let err = SD.executeChange("SELECT * FROM User where user=?", withArgs: [name
 } else {
     //no error, the row was inserted successfully
 }
+`
+
+	Sample2SafeHSSWIFT24 = `
+public extension Expression {
+    func observe(
+        view: UIView,
+        controller: BeagleControllerProtocol?,
+        updateFunction: @escaping (T?) -> Void
+    ) {
+        switch self {
+        case let .expression(expression):
+            controller?.addBinding(expression: expression, in: view, update: updateFunction)
+        case let .value(value):
+            updateFunction(value)
+        }
+    }
+
+    func evaluate(with view: UIView?, implicitContext: Context? = nil) -> T? {
+        switch self {
+        case let .expression(expression):
+            if let implicitContext = implicitContext {
+                let auxView = UIView()
+                auxView.parentContext = view
+                auxView.setContext(implicitContext)
+                return evaluate(with: auxView)
+            }
+            
+            return view?.evaluateExpression(expression).transform()
+        case let .value(value):
+            return value
+        }
+    }
+}
+
+// MARK: - RepresentableByParsableString
+extension ContextExpression: RepresentableByParsableString {
+    public static var parser = singleOrMultipleExpression
+
+    public var rawValue: String {
+        switch self {
+        case .multiple(let multiple):
+            return multiple.rawValue
+        case .single(let single):
+            return single.rawValue
+        }
+    }
+}
+
+extension SingleExpression: RepresentableByParsableString {
+    public static let parser = singleExpression
+    
+    public var rawValue: String {
+        var result = "@{"
+        switch self {
+        case let .value(value):
+            result += value.rawValue
+        case let .operation(operation):
+            result += operation.rawValue
+        }
+        
+        result += "}"
+        return result
+    }
+}
+
+extension MultipleExpression: RepresentableByParsableString {
+    public static let parser = multipleExpression
+
+    public var rawValue: String {
+        var result = ""
+        for node in nodes {
+            switch node {
+            case let .string(string):
+                result += string
+            case let .expression(expression):
+                result += expression.rawValue
+            }
+        }
+        return result
+    }
+}
 `
 )