swift:chore - Improvements Tests of all Swift Rules

Add improvements for swift rules with scenarios vulnerables and safe codes in yours tests.
Follow the issue #630 for more details.
Notes:
> Why before swift tool using horusec-engine found 16 vulnerabilities and now found only 1?
* Abouts rule HS-SWIFT-14, Before in examples folder this rule is found 11 times
and now is showed only 3 times, because I changed to only get the specific code
`loadHTMLString` avoiding repetition of vulnerabilities.
* About rule HS-SWIFT-20, Before in examples folder this rule is found 5 times
and now is showed only 1 time, because I changed to only get the specific code
`UIWebView\(\)` other thing before it was just UIWebView and
it can generate a lot of false positives and now it does not.

Signed-off-by: wilian <wilian.silva@zup.com.br>

e2e/analysis/test_case.go

@@ -77,10 +77,10 @@ func NewTestCase() []*TestCase {
 					fmt.Sprintf(messages.MsgPrintFinishAnalysisWithStatus, analysis.Success),
 					messages.MsgDebugVulnHashToFix,
 					messages.MsgWarnAnalysisFoundVulns[16:],
-					"In this analysis, a total of 69 possible vulnerabilities were found and we classified them into:",
+					"In this analysis, a total of 57 possible vulnerabilities were found and we classified them into:",
 					"Total of Vulnerability CRITICAL is: 18",
 					"Total of Vulnerability HIGH is: 24",
-					"Total of Vulnerability MEDIUM is: 24",
+					"Total of Vulnerability MEDIUM is: 12",
 					"Total of Vulnerability LOW is: 3",
 					fmt.Sprintf("{HORUSEC_CLI} Running %s - %s", tools.HorusecEngine, languages.CSharp),
 					fmt.Sprintf("{HORUSEC_CLI} Running %s - %s", tools.HorusecEngine, languages.Dart),

internal/services/engines/swift/rules.go

@@ -48,14 +48,13 @@ func NewCoreDataDatabase() *text.Rule {
 		Metadata: engine.Metadata{
 			ID:          "HS-SWIFT-2",
 			Name:        "CoreData Database",
-			Description: "App uses CoreData Database. Sensitive Information should be encrypted.",
+			Description: "App uses CoreData Database. Sensitive Information should be encrypted. For more information checkout the CWE-311 (https://cwe.mitre.org/data/definitions/311.html) advisory.",
 			Severity:    severities.Medium.ToString(),
 			Confidence:  confidence.Low.ToString(),
 		},
-		Type: text.AndMatch,
+		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
-			regexp.MustCompile(`NSManagedObjectContext`),
-			regexp.MustCompile(`\.save\(\)`),
+			regexp.MustCompile(`(?i)(NSManagedObjectContext)(([^C]|C[^r]|Cr[^y]|Cry[^p]|Cryp[^t])*)(\.save\(\))`),
 		},
 	}
 }
@@ -64,15 +63,14 @@ func NewDTLS12NotUsed() *text.Rule {
 	return &text.Rule{
 		Metadata: engine.Metadata{
 			ID:          "HS-SWIFT-3",
-			Name:        "DTLS 1.2 not used",
-			Description: "DTLS 1.2 should be used. Detected old version - DTLS 1.0.",
+			Name:        "DTLS 1.0 or 1.1 not used",
+			Description: "DTLS 1.2 should be used. Detected old version - DTLS 1.0. For more information checkout the CWE-295 (https://cwe.mitre.org/data/definitions/295.html) advisory.",
 			Severity:    severities.Medium.ToString(),
 			Confidence:  confidence.Low.ToString(),
 		},
-		Type: text.AndMatch,
+		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
-			regexp.MustCompile(`\.TLSMinimumSupportedProtocolVersion`),
-			regexp.MustCompile(`tls_protocol_version_t\.DTLSv10`),
+			regexp.MustCompile(`tls_protocol_version_t\.DTLSv[0-1][0-1]`),
 		},
 	}
 }
@@ -81,15 +79,14 @@ func NewTLS13NotUsed() *text.Rule {
 	return &text.Rule{
 		Metadata: engine.Metadata{
 			ID:          "HS-SWIFT-4",
-			Name:        "TLS 1.3 not used",
-			Description: "Older versions of SSL/TLS protocol like \"SSLv3\" have been proven to be insecure. This rule raises an issue when an SSL/TLS context is created with an insecure protocol version (ie: a protocol different from \"TLSv1.2\", \"TLSv1.3\", \"DTLSv1.2\" or \"DTLSv1.3\"). For more information checkout the CWE-326 (https://cwe.mitre.org/data/definitions/326.html) and CWE-327 (https://cwe.mitre.org/data/definitions/327.html) advisory.",
+			Name:        "TLS 1.0 or TLS 1.1 not be used",
+			Description: "TLS 1.2 should be used. Older versions of SSL/TLS protocol like \"SSLv3\" have been proven to be insecure. This rule raises an issue when an SSL/TLS context is created with an insecure protocol version (ie: a protocol different from \"TLSv1.2\", \"TLSv1.3\", \"DTLSv1.2\" or \"DTLSv1.3\"). For more information checkout the CWE-326 (https://cwe.mitre.org/data/definitions/326.html) and CWE-327 (https://cwe.mitre.org/data/definitions/327.html) advisory.",
 			Severity:    severities.Medium.ToString(),
 			Confidence:  confidence.Low.ToString(),
 		},
-		Type: text.AndMatch,
+		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
-			regexp.MustCompile(`\.TLSMinimumSupportedProtocolVersion`),
-			regexp.MustCompile(`tls_protocol_version_t\.TLSv12`),
+			regexp.MustCompile(`tls_protocol_version_t\.TLSv(0|1[0-1])`),
 		},
 	}
 }
@@ -99,7 +96,7 @@ func NewReverseEngineering() *text.Rule {
 		Metadata: engine.Metadata{
 			ID:          "HS-SWIFT-5",
 			Name:        "Reverse engineering",
-			Description: "This App may have Reverse engineering detection capabilities.",
+			Description: "This App may have Reverse engineering detection capabilities. For more information checkout the OWASP-M9 (https://owasp.org/www-project-mobile-top-10/2016-risks/m9-reverse-engineering) advisory.",
 			Severity:    severities.Medium.ToString(),
 			Confidence:  confidence.Low.ToString(),
 		},
@@ -108,7 +105,6 @@ func NewReverseEngineering() *text.Rule {
 			regexp.MustCompile(`"FridaGadget"`),
 			regexp.MustCompile(`"cynject"`),
 			regexp.MustCompile(`"libcycript"`),
-			regexp.MustCompile(`"/usr/sbin/frida-server"`),
 		},
 	}
 }
@@ -190,7 +186,7 @@ func NewMD6Collision() *text.Rule {
 			Severity:    severities.Medium.ToString(),
 			Confidence:  confidence.Low.ToString(),
 		},
-		Type: text.OrMatch,
+		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
 			regexp.MustCompile(`(?i)MD6\(`),
 			regexp.MustCompile(`CC_MD6\(`),
@@ -207,7 +203,7 @@ func NewMD5Collision() *text.Rule {
 			Severity:    severities.Medium.ToString(),
 			Confidence:  confidence.Low.ToString(),
 		},
-		Type: text.OrMatch,
+		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
 			regexp.MustCompile(`(?i)MD5\(`),
 			regexp.MustCompile(`CC_MD5\(`),
@@ -224,8 +220,9 @@ func NewSha1Collision() *text.Rule {
 			Severity:    severities.Medium.ToString(),
 			Confidence:  confidence.Low.ToString(),
 		},
-		Type: text.OrMatch,
+		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
+			regexp.MustCompile(`(?i)\.SHA1\.hash`),
 			regexp.MustCompile(`(?i)SHA1\(`),
 			regexp.MustCompile(`CC_SHA1\(`),
 		},
@@ -241,7 +238,7 @@ func NewJailbreakDetect() *text.Rule {
 			Severity:    severities.Medium.ToString(),
 			Confidence:  confidence.Low.ToString(),
 		},
-		Type: text.OrMatch,
+		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
 			regexp.MustCompile(`/Applications/Cydia\.app`),
 			regexp.MustCompile(`/Library/MobileSubstrate/MobileSubstrate\.dylib`),
@@ -303,10 +300,9 @@ func NewLoadHTMLString() *text.Rule {
 			Severity:    severities.Medium.ToString(),
 			Confidence:  confidence.Low.ToString(),
 		},
-		Type: text.OrMatch,
+		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
-			regexp.MustCompile(`loadHTMLString`),
-			regexp.MustCompile(`webView`),
+			regexp.MustCompile(`loadHTMLString\(((.*["|']\+.*\+["|'])|([^"]\w*,?))`),
 		},
 	}
 }
@@ -320,7 +316,7 @@ func NewWeakDesCryptoCipher() *text.Rule {
 			Severity:    severities.Medium.ToString(),
 			Confidence:  confidence.Low.ToString(),
 		},
-		Type: text.OrMatch,
+		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
 			regexp.MustCompile(`Cryptor\((.*algorithm: \.des)`),
 			regexp.MustCompile(`\.CryptAlgorithm((\s+=)|=)+((\s)|)+\"3des"`),
@@ -403,7 +399,7 @@ func NewWebViewSafari() *text.Rule {
 		},
 		Type: text.Regular,
 		Expressions: []*regexp.Regexp{
-			regexp.MustCompile(`UIWebView|SFSafariViewController`),
+			regexp.MustCompile(`UIWebView\(\)|SFSafariViewController`),
 		},
 	}
 }