Merge pull request #267 from github/erik-krogh/redosUnicode

use toUnicode in ReDoSUtil.qll
2026-04-25 16:55:19 +02:00 · 2021-08-26 11:08:31 +01:00
parent ffd80fcc88 ff27a0c894
commit 4ec30b2a4b
1 changed files with 1 additions and 6 deletions
--- a/ql/src/codeql_ruby/regexp/ReDoSUtil.qll
+++ b/ql/src/codeql_ruby/regexp/ReDoSUtil.qll
@@ -433,12 +433,7 @@ private module CharacterClasses {
    char = "0123456789".charAt(_)
    or
    clazz = "s" and
-    (
-      char = [" ", "\t", "\r", "\n"]
-      or
-      char = getARelevantChar() and
-      char.regexpMatch("\\u000b|\\u000c") // \v|\f (vertical tab | form feed)
-    )
+    char = [" ", "\t", "\r", "\n", 11.toUnicode(), 12.toUnicode()] // 11.toUnicode() = \v, 12.toUnicode() = \f'
    or
    clazz = "w" and
    char = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_".charAt(_)