From 220197484489f80467cee4cfcb3e975ed018d0d2 Mon Sep 17 00:00:00 2001 From: Alex Eyers-Taylor Date: Thu, 21 Aug 2025 19:48:21 +0100 Subject: [PATCH] Jave: Use force local to make parsing local after global regex finding. --- .../semmle/code/java/regex/RegexFlowConfigs.qll | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll b/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll index 6a934bdd578..929fa2d6c91 100644 --- a/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll +++ b/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll @@ -163,6 +163,12 @@ private module RegexFlowConfig implements DataFlow::ConfigSig { private module RegexFlow = DataFlow::Global; +private predicate usedAsRegexImpl(StringLiteral regex, string mode, boolean match_full_string) { + RegexFlow::flow(DataFlow::exprNode(regex), _) and + mode = "None" and // TODO: proper mode detection + (if matchesFullString(regex) then match_full_string = true else match_full_string = false) +} + /** * Holds if `regex` is used as a regex, with the mode `mode` (if known). * If regex mode is not known, `mode` will be `"None"`. @@ -170,11 +176,9 @@ private module RegexFlow = DataFlow::Global; * As an optimisation, only regexes containing an infinite repitition quatifier (`+`, `*`, or `{x,}`) * and therefore may be relevant for ReDoS queries are considered. */ -predicate usedAsRegex(StringLiteral regex, string mode, boolean match_full_string) { - RegexFlow::flow(DataFlow::exprNode(regex), _) and - mode = "None" and // TODO: proper mode detection - (if matchesFullString(regex) then match_full_string = true else match_full_string = false) -} +overlay[local] +predicate usedAsRegex(StringLiteral regex, string mode, boolean match_full_string) = + forceLocal(usedAsRegexImpl/3)(regex, mode, match_full_string) /** * Holds if `regex` is used as a regular expression that is matched against a full string,