From 64d680e2d31bd3f68295def677de62eb9158aa42 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Sat, 31 Oct 2020 12:58:19 +0100 Subject: [PATCH] support that an inverted char class can intersect with itself --- javascript/ql/src/Performance/ReDoS.ql | 4 ++-- .../ql/test/query-tests/Performance/ReDoS/ReDoS.expected | 2 ++ javascript/ql/test/query-tests/Performance/ReDoS/tst.js | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/javascript/ql/src/Performance/ReDoS.ql b/javascript/ql/src/Performance/ReDoS.ql index 22623558368..3cbcdc1a9af 100644 --- a/javascript/ql/src/Performance/ReDoS.ql +++ b/javascript/ql/src/Performance/ReDoS.ql @@ -455,11 +455,11 @@ string intersect(InputSymbol c, InputSymbol d) { or exists(RegExpCharacterClass cc | c = InvertedCharClass(cc) and result = chooseFromInverted(cc) | // TODO: Not done here - later commits will add more - //d = InvertedCharClass(cc) - //or //d = Dot() and //not (result = "\n" or result = "\r") //or + d = InvertedCharClass(cc) + or d = Any() ) or diff --git a/javascript/ql/test/query-tests/Performance/ReDoS/ReDoS.expected b/javascript/ql/test/query-tests/Performance/ReDoS/ReDoS.expected index a5ed2672f8a..a7f99cd04f1 100644 --- a/javascript/ql/test/query-tests/Performance/ReDoS/ReDoS.expected +++ b/javascript/ql/test/query-tests/Performance/ReDoS/ReDoS.expected @@ -23,6 +23,7 @@ | regexplib/email.js:25:251:25:262 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. | | regexplib/email.js:34:24:34:35 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. | | regexplib/email.js:34:63:34:74 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. | +| regexplib/markup.js:13:6:13:12 | [^"']+? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '('. | | regexplib/markup.js:13:14:13:16 | .+? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a"'. | | regexplib/markup.js:37:29:37:56 | [a-zA-Z0-9\|:\|\\/\|=\|-\|.\|\\?\|&]* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '='. | | regexplib/markup.js:53:29:53:56 | [a-zA-Z0-9\|:\|\\/\|=\|-\|.\|\\?\|&]* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '='. | @@ -53,3 +54,4 @@ | tst.js:83:14:83:20 | (.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. | | tst.js:89:25:89:32 | (a\|aa?)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. | | tst.js:95:15:95:25 | ([^]\|[^a])* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'b'. | +| tst.js:98:15:98:20 | [^"']+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '('. | diff --git a/javascript/ql/test/query-tests/Performance/ReDoS/tst.js b/javascript/ql/test/query-tests/Performance/ReDoS/tst.js index 434c739da4a..a5a80d76d8d 100644 --- a/javascript/ql/test/query-tests/Performance/ReDoS/tst.js +++ b/javascript/ql/test/query-tests/Performance/ReDoS/tst.js @@ -94,3 +94,5 @@ var good9 = '(a|aa?)*b'; // NOT GOOD var bad18 = /(([^]|[^a])*)"/; +// NOT GOOD +var bad19 = /([^"']+)*/g;