Merge pull request #10586 from erik-krogh/pyRegFix

ReDoS: fix RegExpEscape::getValue having multiple results for some escapes
2026-04-28 10:15:14 +02:00 · 2022-09-27 14:41:18 +02:00
parent b9937269b9 7675571daa
commit 162edd6883
4 changed files with 13 additions and 4 deletions
--- a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
+++ b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
@@ -468,7 +468,9 @@ class RegExpEscape extends RegExpNormalChar {
   * TODO: Handle named escapes.
   */
  override string getValue() {
-    this.isIdentityEscape() and result = this.getUnescaped()
+    not this.isUnicode() and
+    this.isIdentityEscape() and
+    result = this.getUnescaped()
    or
    this.getUnescaped() = "n" and result = "\n"
    or