split sanitizer into three

2026-05-04 13:15:21 +02:00 · 2022-11-01 11:02:36 -04:00
parent 91491d9a7b
commit 5b089bbb9c
3 changed files with 25 additions and 13 deletions
--- a/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.java
+++ b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.java
@@ -183,7 +183,7 @@ public class RegexInjectionTest extends HttpServlet {
    return RegExUtils.replacePattern(input, pattern, "").length() > 0;  // $ hasRegexInjection
  }

-  // test `Pattern.quote` as safe
+  // test `Pattern.quote` sanitizer
  public boolean quoteTest(javax.servlet.http.HttpServletRequest request) {
    String regex = request.getParameter("regex");
    String input = request.getParameter("input");
@@ -191,7 +191,7 @@ public class RegexInjectionTest extends HttpServlet {
    return input.matches(Pattern.quote(regex));  // Safe
  }

-  // test `Pattern.LITERAL` as safe
+  // test `Pattern.LITERAL` sanitizer
  public boolean literalTest(javax.servlet.http.HttpServletRequest request) {
    String pattern = request.getParameter("pattern");
    String input = request.getParameter("input");