hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

restrict computation of ConcatenationRoot::getConstantStringParts to results that are less than 1 million chars long

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-11-23 10:29:47 +01:00
parent 7d38b2dd17
commit 234730419b
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/src/semmle/javascript/StringOps.qll
View File

@@ -574,7 +574,7 @@ module StringOps {
not exists(getStringValue()) and
result =
strictconcat(StringLiteralLike leaf |
leaf = getALeaf().asExpr()
leaf = this.(SmallConcatenationRoot).getALeaf().asExpr()
|
leaf.getStringValue()
order by
@@ -583,6 +583,17 @@ module StringOps {
}
}
/**
* A concatenation root where the combined length of the constant parts
* is less than 1 million chars.
*/
private class SmallConcatenationRoot extends ConcatenationRoot {
SmallConcatenationRoot() {
sum(StringLiteralLike leaf | leaf = getALeaf().asExpr() | leaf.getStringValue().length()) <
1000 * 1000
}
}
/** A string literal or template literal without any substitutions. */
private class StringLiteralLike extends Expr {
StringLiteralLike() {