hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refine polynomial redos sources to exclude length limited methods

Browse Source
This commit is contained in:
Joe Farebrother
2022-03-16 15:59:41 +00:00
parent 04edc10f1e
commit 1605d36ddf
4 changed files with 38 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
View File

@@ -12,11 +12,11 @@
*/
import java
import semmle.code.java.security.performance.PolynomialReDosQuery
import semmle.code.java.security.performance.PolynomialReDoSQuery
import DataFlow::PathGraph
from DataFlow::PathNode source, DataFlow::PathNode sink, PolynomialBackTrackingTerm regexp
where hasPolynomialReDosResult(source, sink, regexp)
where hasPolynomialReDoSResult(source, sink, regexp)
select sink, source, sink,
"This $@ that depends on $@ may run slow on strings " + regexp.getPrefixMessage() +
"with many repetitions of '" + regexp.getPumpString() + "'.", regexp, "regular expression",