add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS

2026-04-30 11:15:13 +02:00 · 2023-01-25 10:14:07 +01:00
parent 358ae7529b
commit 54b0350cac
1 changed files with 6 additions and 0 deletions
--- a/ruby/ql/src/queries/security/cwe-1333/ReDoSIntroduction.inc.qhelp
+++ b/ruby/ql/src/queries/security/cwe-1333/ReDoSIntroduction.inc.qhelp
@@ -19,6 +19,12 @@
      shape, increasing the input length by ten characters may make the
      automaton about 1000 times slower.
    </p>
+    <p>
+      Note that Ruby 3.2 and later have implemented a caching mechanism that
+      completely eliminates the worst-case time complexity for the regular
+      expressions flagged by this query. The regular expressions flagged by this
+      query are therefore only problematic for Ruby versions prior to 3.2.
+    </p>
    <p>
      Typically, a regular expression is affected by this problem if it contains
      a repetition of the form <code>r*</code> or <code>r+</code> where the