prune more regexps initially in the ReDoS query

2025-12-24 04:36:35 +01:00 · 2020-11-18 15:14:46 +01:00
parent c4153a617e
commit 58c31f0eca
1 changed files with 9 additions and 1 deletions
--- a/javascript/ql/src/Performance/ReDoS.ql
+++ b/javascript/ql/src/Performance/ReDoS.ql
@@ -103,7 +103,15 @@ class RegExpRoot extends RegExpTerm {
   */
  predicate isRelevant() {
    // there is at least one repetition
-    exists(RegExpRepetition rep | getRoot(rep) = this) and
+    exists(RegExpRepetition rep | getRoot(rep) = this |
+      // that could possibly match the same thing in multiple ways.
+      exists(RegExpTerm child |
+        child instanceof RegExpAlt or
+        child instanceof RegExpQuantifier
+      |
+        child.getParent+() = rep
+      )
+    ) and
    // there are no lookbehinds
    not exists(RegExpLookbehind lbh | getRoot(lbh) = this) and
    // is actually used as a RegExp