hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

skip analyzing regular expressions in minified files for ReDoS

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-01-21 22:31:42 +01:00
parent d0b70d15f0
commit 62746bbbac
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/semmle/javascript/security/performance/ReDoSUtil.qll
View File

@@ -112,7 +112,9 @@ class RegExpRoot extends RegExpTerm {
// there are no lookbehinds
not exists(RegExpLookbehind lbh | getRoot(lbh) = this) and
// is actually used as a RegExp
isUsedAsRegExp()
isUsedAsRegExp() and
// is not inside a minified file.
not getRootTerm().getParent().(Expr).getTopLevel().isMinified()
}
}