hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Split PolynomialRedos definition into a library to avoid duplication in the tests

Browse Source
This commit is contained in:
Joe Farebrother
2022-03-16 13:30:06 +00:00
parent c1290d9e2b
commit 6794268a3c
3 changed files with 43 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql
View File

@@ -1,26 +1,6 @@
import java
import TestUtilities.InlineExpectationsTest
import semmle.code.java.security.performance.SuperlinearBackTracking
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.regex.RegexTreeView
import semmle.code.java.regex.RegexFlowConfigs
import semmle.code.java.dataflow.FlowSources
class PolynomialRedosSink extends DataFlow::Node {
RegExpLiteral reg;
PolynomialRedosSink() { regexMatchedAgainst(reg.getRegex(), this.asExpr()) }
RegExpTerm getRegExp() { result.getParent() = reg }
}
class PolynomialRedosConfig extends TaintTracking::Configuration {
PolynomialRedosConfig() { this = "PolynomialRedosConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof PolynomialRedosSink }
}
import semmle.code.java.security.performance.PolynomialReDosQuery
class HasPolyRedos extends InlineExpectationsTest {
HasPolyRedos() { this = "HasPolyRedos" }
@@ -29,15 +9,10 @@ class HasPolyRedos extends InlineExpectationsTest {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasPolyRedos" and
exists(
PolynomialRedosConfig config, DataFlow::PathNode source, DataFlow::PathNode sink,
PolynomialRedosSink sinkNode, PolynomialBackTrackingTerm regexp
|
config.hasFlowPath(source, sink) and
sinkNode = sink.getNode() and
regexp.getRootTerm() = sinkNode.getRegExp() and
location = sinkNode.getLocation() and
element = sinkNode.toString() and
exists(DataFlow::PathNode source, DataFlow::PathNode sink, PolynomialBackTrackingTerm regexp |
hasPolynomialReDosResult(source, sink, regexp) and
location = sink.getNode().getLocation() and
element = sink.getNode().toString() and
value = ""
)
}