Fix UnicodeDoS vulnerability in CWE-770

2026-04-26 01:05:15 +02:00 · 2024-03-12 20:21:38 +00:00
parent 31dc542111
commit 085d803b14
1 changed files with 10 additions and 0 deletions
--- a/python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql
+++ b/python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql
@@ -60,6 +60,16 @@ predicate underAValue(DataFlow::GuardNode g, ControlFlowNode node, boolean branc
        (op_gt = any(GtE gte) or op_gt = any(Gt gt)) and
        branch = true and
        cn.operands(_, op_gt, n.asCfgNode())
+        or
+        // not arg <= LIMIT OR not arg < LIMIT
+        (op_lt = any(LtE lte) or op_lt = any(Lt lt)) and
+        branch = false and
+        cn.operands(n.asCfgNode(), op_lt, _)
+        or
+        // not LIMIT >= arg OR not LIMIT > arg
+        (op_gt = any(GtE gte) or op_gt = any(Gt gt)) and
+        branch = false and
+        cn.operands(_, op_gt, n.asCfgNode())
      )
    |
      lenCall = API::builtin("len").getACall() and