hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

update tests

Browse Source
This commit is contained in:
Jami Cogswell
2022-11-03 14:14:32 -04:00
parent 695d6f0e4e
commit 0e93e71127
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.java
View File

@@ -27,13 +27,20 @@ public class RegexInjectionTest extends HttpServlet {
String pattern = request.getParameter("pattern");
String input = request.getParameter("input");
return input.replaceFirst(pattern, "").length() > 0; // $ hasRegexInjection
return input.split(pattern, 0).length > 0; // $ hasRegexInjection
}
public boolean string4(javax.servlet.http.HttpServletRequest request) {
String pattern = request.getParameter("pattern");
String input = request.getParameter("input");
return input.replaceFirst(pattern, "").length() > 0; // $ hasRegexInjection
}
public boolean string5(javax.servlet.http.HttpServletRequest request) {
String pattern = request.getParameter("pattern");
String input = request.getParameter("input");
return input.replaceAll(pattern, "").length() > 0; // $ hasRegexInjection
}
@@ -58,13 +65,20 @@ public class RegexInjectionTest extends HttpServlet {
String pattern = request.getParameter("pattern");
String input = request.getParameter("input");
return Pattern.matches(pattern, input); // $ hasRegexInjection
return Pattern.compile(pattern, 0).matcher(input).matches(); // $ hasRegexInjection
}
public boolean pattern4(javax.servlet.http.HttpServletRequest request) {
String pattern = request.getParameter("pattern");
String input = request.getParameter("input");
return Pattern.matches(pattern, input); // $ hasRegexInjection
}
public boolean pattern5(javax.servlet.http.HttpServletRequest request) {
String pattern = request.getParameter("pattern");
String input = request.getParameter("input");
return input.matches("^" + foo(pattern) + "=.*$"); // $ hasRegexInjection
}

2
java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql
View File

@@ -1,6 +1,6 @@
import java
import TestUtilities.InlineExpectationsTest
import semmle.code.java.security.RegexInjectionQuery
import semmle.code.java.security.regexp.RegexInjectionQuery
//import semmle.code.java.security.regexp.PolynomialReDoSQuery
class RegexInjectionTest extends InlineExpectationsTest {