mirror of
https://github.com/github/codeql.git
synced 2026-04-28 02:05:14 +02:00
move getACommonTld to the shared pack
This commit is contained in:
erik-krogh
@@ -999,11 +999,12 @@ predicate isInterpretedAsRegExp(DataFlow::Node source) {
|
||||
/**
|
||||
* Provides utility predicates related to regular expressions.
|
||||
*/
|
||||
module RegExpPatterns {
|
||||
deprecated module RegExpPatterns {
|
||||
/**
|
||||
* Gets a pattern that matches common top-level domain names in lower case.
|
||||
* DEPRECATED: use the similarly named predicate from `HostnameRegex` from the `regex` pack instead.
|
||||
*/
|
||||
string getACommonTld() {
|
||||
deprecated string getACommonTld() {
|
||||
// according to ranking by http://google.com/search?q=site:.<<TLD>>
|
||||
result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
|
||||
}
|
||||
|
||||
@@ -12,8 +12,6 @@ private module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
|
||||
class DataFlowNode = JS::DataFlow::Node;
|
||||
|
||||
class RegExpPatternSource = RegExp::RegExpPatternSource;
|
||||
|
||||
string getACommonTld() { result = RegExp::RegExpPatterns::getACommonTld() }
|
||||
}
|
||||
|
||||
import Shared::Make<TreeImpl, Impl>
|
||||
|
||||
@@ -31,7 +31,7 @@ query predicate problems(
|
||||
(
|
||||
// target contains a domain on a common TLD, and perhaps some other URL components
|
||||
target
|
||||
.regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + RegExpPatterns::getACommonTld() +
|
||||
.regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + HostnameRegexp::getACommonTld() +
|
||||
"(:[0-9]+)?/?")
|
||||
or
|
||||
// target is a HTTP URL to a domain on any TLD
|
||||
|
||||
@@ -3,3 +3,5 @@ import semmle.javascript.dataflow.InferredTypes
|
||||
|
||||
/** Holds if `node` may evaluate to `value` */
|
||||
predicate mayHaveStringValue(DataFlow::Node node, string value) { node.mayHaveStringValue(value) }
|
||||
|
||||
import semmle.javascript.security.regexp.HostnameRegexp as HostnameRegexp
|
||||
|
||||
Reference in New Issue
Block a user