hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Add a test case for \Uhhhhhhhh character escapes.

Browse Source
This commit is contained in:
Geoffrey White
2023-06-15 20:51:21 +01:00
parent 9b9b4a1fd7
commit 05939bd90a
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
swift/ql/test/library-tests/regex/redos_variants.swift
View File

@@ -500,6 +500,13 @@ func myRegexpVariantsTests(myUrl: URL) throws {
// GOOD
_ = try Regex(#"X(\u0061|b)+Y"#).firstMatch(in: tainted)
// BAD
// attack string: "X" + "a" x lots
_ = try Regex(#"X(\U00000061|a)*Y"#).firstMatch(in: tainted) // $ MISSING: redos-vulnerable=
// GOOD
_ = try Regex(#"X(\U00000061|b)+Y"#).firstMatch(in: tainted)
// BAD TODO: we should get this one
// attack string: "X" + "a" x lots
_ = try Regex(#"X(\x61|a)*Y"#).firstMatch(in: tainted) // $ MISSING: redos-vulnerable=