diff --git a/java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll b/java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll new file mode 100644 index 00000000000..eb52a4862f9 --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.code.java.security.regexp.ExponentialBackTracking` instead. */ + +deprecated import semmle.code.java.security.regexp.ExponentialBackTracking as Dep +import Dep diff --git a/java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll b/java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll new file mode 100644 index 00000000000..f88f7fdc5c4 --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.code.java.security.regexp.PolynomialReDoSQuery` instead. */ + +deprecated import semmle.code.java.security.regexp.PolynomialReDoSQuery as Dep +import Dep diff --git a/java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll b/java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll new file mode 100644 index 00000000000..32014393864 --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.code.java.security.regexp.NfaUtils` instead. */ + +deprecated import semmle.code.java.security.regexp.NfaUtils as Dep +import Dep diff --git a/java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll b/java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll new file mode 100644 index 00000000000..de0d6201623 --- /dev/null +++ b/java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.code.java.security.regexp.SuperlinearBackTracking` instead. */ + +deprecated import semmle.code.java.security.regexp.SuperlinearBackTracking as Dep +import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll b/javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll new file mode 100644 index 00000000000..8edb433b202 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.javascript.security.regexp.ExponentialBackTracking` instead. */ + +deprecated import semmle.javascript.security.regexp.ExponentialBackTracking as Dep +import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoS.qll b/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoS.qll new file mode 100644 index 00000000000..ccbd2602772 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoS.qll @@ -0,0 +1,7 @@ +/** DEPRECATED. Import `PolynomialReDoSQuery` instead. */ + +import javascript +private import semmle.javascript.security.regexp.PolynomialReDoSQuery as PolynomialReDoSQuery // ignore-query-import + +/** DEPRECATED. Import `PolynomialReDoSQuery` instead. */ +deprecated module PolynomialReDoS = PolynomialReDoSQuery; diff --git a/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll new file mode 100644 index 00000000000..96a6ef67188 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.javascript.security.regexp.PolynomialReDoSCustomizations` instead. */ + +deprecated import semmle.javascript.security.regexp.PolynomialReDoSCustomizations as Dep +import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll b/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll new file mode 100644 index 00000000000..42e6270bf18 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.javascript.security.regexp.NfaUtils` instead. */ + +deprecated import semmle.javascript.security.regexp.NfaUtils as Dep +import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll b/javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll new file mode 100644 index 00000000000..11bdab67bd5 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.javascript.security.regexp.SuperlinearBackTracking` instead. */ + +deprecated import semmle.javascript.security.regexp.SuperlinearBackTracking as Dep +import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoS.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoS.qll deleted file mode 100644 index 407f9162e5c..00000000000 --- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoS.qll +++ /dev/null @@ -1,42 +0,0 @@ -/** - * Provides a taint tracking configuration for reasoning about - * polynomial regular expression denial-of-service attacks. - * - * Note, for performance reasons: only import this file if - * `PolynomialReDoS::Configuration` is needed, otherwise - * `PolynomialReDoSCustomizations` should be imported instead. - */ - -import javascript - -module PolynomialReDoS { - import PolynomialReDoSCustomizations::PolynomialReDoS - - class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PolynomialReDoS" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - super.isSanitizerGuard(node) or - node instanceof LengthGuard - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { - super.hasFlowPath(source, sink) and - // require that there is a path without unmatched return steps - DataFlow::hasPathWithoutUnmatchedReturn(source, sink) - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - DataFlow::localFieldStep(pred, succ) - } - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll new file mode 100644 index 00000000000..f8675bde3f2 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll @@ -0,0 +1,40 @@ +/** + * Provides a taint tracking configuration for reasoning about + * polynomial regular expression denial-of-service attacks. + * + * Note, for performance reasons: only import this file if + * `PolynomialReDoS::Configuration` is needed, otherwise + * `PolynomialReDoSCustomizations` should be imported instead. + */ + +import javascript +import PolynomialReDoSCustomizations::PolynomialReDoS + +/** A taint-tracking configuration for reasoning about polynomial regular expression denial-of-service attacks. */ +class Configuration extends TaintTracking::Configuration { + Configuration() { this = "PolynomialReDoS" } + + override predicate isSource(DataFlow::Node source) { source instanceof Source } + + override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { + super.isSanitizerGuard(node) or + node instanceof LengthGuard + } + + override predicate isSanitizer(DataFlow::Node node) { + super.isSanitizer(node) or + node instanceof Sanitizer + } + + override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { + super.hasFlowPath(source, sink) and + // require that there is a path without unmatched return steps + DataFlow::hasPathWithoutUnmatchedReturn(source, sink) + } + + override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + DataFlow::localFieldStep(pred, succ) + } +} diff --git a/javascript/ql/src/Performance/PolynomialReDoS.ql b/javascript/ql/src/Performance/PolynomialReDoS.ql index 3cf0101858f..6b66f3812fe 100644 --- a/javascript/ql/src/Performance/PolynomialReDoS.ql +++ b/javascript/ql/src/Performance/PolynomialReDoS.ql @@ -14,7 +14,7 @@ */ import javascript -import semmle.javascript.security.regexp.PolynomialReDoS::PolynomialReDoS +import semmle.javascript.security.regexp.PolynomialReDoSQuery import semmle.javascript.security.regexp.SuperlinearBackTracking import DataFlow::PathGraph diff --git a/python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll b/python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll new file mode 100644 index 00000000000..8fdcea3a25f --- /dev/null +++ b/python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.python.security.regexp.ExponentialBackTracking` instead. */ + +deprecated import semmle.python.security.regexp.ExponentialBackTracking as Dep +import Dep diff --git a/python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll b/python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll new file mode 100644 index 00000000000..72d8d60a58e --- /dev/null +++ b/python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.python.security.regexp.NfaUtils` instead. */ + +deprecated import semmle.python.security.regexp.NfaUtils as Dep +import Dep diff --git a/python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll b/python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll new file mode 100644 index 00000000000..a07544ce6b4 --- /dev/null +++ b/python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `semmle.python.security.regexp.SuperlinearBackTracking` instead. */ + +deprecated import semmle.python.security.regexp.SuperlinearBackTracking as Dep +import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll b/ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll new file mode 100644 index 00000000000..72bf6a98492 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `codeql.ruby.security.regexp.ExponentialBackTracking` instead. */ + +deprecated import codeql.ruby.security.regexp.ExponentialBackTracking as Dep +import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSCustomizations.qll new file mode 100644 index 00000000000..cd1551d1d7c --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSCustomizations.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `codeql.ruby.security.regexp.PolynomialReDoSCustomizations` instead. */ + +deprecated import codeql.ruby.security.regexp.PolynomialReDoSCustomizations as Dep +import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSQuery.qll b/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSQuery.qll new file mode 100644 index 00000000000..2e20705fca7 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSQuery.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `codeql.ruby.security.regexp.PolynomialReDoSQuery` instead. */ + +deprecated import codeql.ruby.security.regexp.PolynomialReDoSQuery as Dep +import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll b/ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll new file mode 100644 index 00000000000..2f4c9ef2de1 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `codeql.ruby.security.regexp.NfaUtils` instead. */ + +deprecated import codeql.ruby.security.regexp.NfaUtils as Dep +import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll new file mode 100644 index 00000000000..5015bff744d --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `codeql.ruby.security.regexp.RegExpInjectionCustomizations` instead. */ + +deprecated import codeql.ruby.security.regexp.RegExpInjectionCustomizations as Dep +import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionQuery.qll b/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionQuery.qll new file mode 100644 index 00000000000..690337a8d34 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionQuery.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `codeql.ruby.security.regexp.RegExpInjectionQuery` instead. */ + +deprecated import codeql.ruby.security.regexp.RegExpInjectionQuery as Dep +import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll b/ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll new file mode 100644 index 00000000000..a9ff4c761f6 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll @@ -0,0 +1,4 @@ +/** DEPRECATED. Import `codeql.ruby.security.regexp.SuperlinearBackTracking` instead. */ + +deprecated import codeql.ruby.security.regexp.SuperlinearBackTracking as Dep +import Dep