Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

HS-SWIFT-24 Returning many false positive in v2.7.0-rc.2 #927

Closed
wiliansilvazup opened this issue Jan 17, 2022 · 0 comments · Fixed by #930
Closed

HS-SWIFT-24 Returning many false positive in v2.7.0-rc.2 #927

wiliansilvazup opened this issue Jan 17, 2022 · 0 comments · Fixed by #930
Labels
kind/bug Something isn't working

Comments

@wiliansilvazup
Copy link
Contributor

What happened:
In Horusec version v2.7.0-rc.2 the following vulnerabilities were found, then so I noticed that this HS-SWIFT-24 rule is reporting too many false positives.
Looking at the regex

(?i)((sqlite3_exec|executeChange|raw)\(.?((.*|\n)*)?)?(select|update|insert|delete)((.*|\n)*)?.*((["|']*)(\s?)(\+))

Maybe the correct format would be

(?i)((sqlite3_exec|executeChange|raw)\(.?((.*|\n)*)?)(select|update|insert|delete)((.*|\n)*)?.*((["|']*)(\s?)(\+))

How to reproduce it (as minimally and precisely as possible):
Run this codes

Environment:

  • Horusec version (use horusec version): v2.7.0-rc.2
  • Operating System: Linux
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

engine/swift:bugfix - improving HS-SWIFT-24 rule to avoid false positives ZupIT/horusec
1 participant
@wiliansilvazup