From 69edfe08dfd0b613ed237dedd979ff39f8407da8 Mon Sep 17 00:00:00 2001
From: Max Schaefer <max@semmle.com>
Date: Thu, 6 Feb 2020 12:28:49 +0000
Subject: [PATCH] Make regular expression for format strings more precise.

---
 ql/src/semmle/go/StringOps.qll | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ql/src/semmle/go/StringOps.qll b/ql/src/semmle/go/StringOps.qll
index ec5ebdb218c..1064e41fc31 100644
--- a/ql/src/semmle/go/StringOps.qll
+++ b/ql/src/semmle/go/StringOps.qll
@@ -214,13 +214,17 @@ module StringOps {
      * width and precision specifiers, but not including `*` specifiers or explicit argument
      * indices.
      */
+    pragma[noinline]
     private string getFormatComponentRegex() {
-      exists(string literal, string opt_flag, string opt_width, string operator, string verb |
+      exists(string literal, string opt_flag, string width, string prec, string opt_width_and_prec, string operator, string verb |
         literal = "([^%]|%%)+" and
         opt_flag = "[-+ #0]?" and
-        opt_width = "((\\d*|\\*)(\\.(\\d*|\\*))?)?" and
+        width = "\\d+|\\*" and
+        prec = "\\.(\\d+|\\*)" and
+        // either a width followed by an optional prec, or just a prec, or nothing
+        opt_width_and_prec = "((" + width + ")(" + prec + ")?|(" + prec + "))?" and
         operator = "[bcdeEfFgGoOpqstTxXUv]" and
-        verb = "(%" + opt_flag + opt_width + operator + ")"
+        verb = "(%" + opt_flag + opt_width_and_prec + operator + ")"
       |
         result = "(" + literal + "|" + verb + ")"
       )