support nested stars in js/ReDoS

2025-12-23 04:06:37 +01:00 · 2020-12-04 20:58:09 +01:00
parent 77967c3e63
commit 3d98732136
3 changed files with 32 additions and 6 deletions
--- a/javascript/ql/src/Performance/ReDoS.ql
+++ b/javascript/ql/src/Performance/ReDoS.ql
@@ -172,6 +172,21 @@ predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
    r1 != r2
    or
    r1 = r2 and q1 != q2
+    or
+    r1 = r2 and	
+    q1 = q2 and	
+    epsilonSucc+(q) = q and	
+    exists(RegExpTerm term | term = q.getRepr() | term instanceof InfiniteRepetitionQuantifier) and	
+    (	
+      // One of the mid states is an infinite quantifier itself	
+      exists(State mid, RegExpTerm term |	
+        mid = epsilonSucc+(q) and	
+        term = mid.getRepr() and	
+        term instanceof InfiniteRepetitionQuantifier	and
+        q = epsilonSucc+(mid) and	
+        not mid = q
+      )	
+    )
  ) and
  stateInsideBacktracking(r1) and
  stateInsideBacktracking(r2)