hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add more regex use functions in String

Browse Source
This commit is contained in:
Joe Farebrother
2022-03-03 11:51:14 +00:00
parent 5364001aa2
commit 3ce0c2c23b
3 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll
View File

@@ -86,7 +86,7 @@ private class JdkRegexMatchMethodAccess extends RegexMatchMethodAccess {
or
package = "java.lang" and
type = "String" and
name = ["matches", "split"] and
name = ["matches", "split", "replaceAll", "replaceFirst"] and
regexArg = 0 and
stringArg = -1
or

2
java/ql/lib/semmle/code/java/regex/RegexFlowModels.qll
View File

@@ -14,6 +14,8 @@ private class RegexSinkCsv extends SinkModelCsv {
"java.util;String;false;matches;(String);;Argument[0];regex-compile",
"java.util;String;false;split;(String);;Argument[0];regex-compile",
"java.util;String;false;split;(String,int);;Argument[0];regex-compile",
"java.util;String;false;replaceAll;(String,String);;Argument[0];regex-compile",
"java.util;String;false;replaceFirst;(String,String);;Argument[0];regex-compile",
"com.google.common.base;Splitter;false;onPattern;(String);;Argument[0];regex-compile"
]
}

2
java/ql/test/query-tests/security/CWE-730/PolyRedosTest.java
View File

@@ -12,6 +12,8 @@ class PolyRedosTest {
tainted.matches(reg); // $ hasPolyRedos
tainted.split(reg); // $ hasPolyRedos
tainted.split(reg, 7); // $ hasPolyRedos
tainted.replaceAll(reg, "a"); // $ hasPolyRedos
tainted.replaceFirst(reg, "a"); // $ hasPolyRedos
Pattern.matches(reg, tainted); // $ hasPolyRedos
Pattern.compile(reg).matcher(tainted).matches(); // $ hasPolyRedos
Pattern.compile(reg).split(tainted); // $ hasPolyRedos