Merge pull request #13914 from erik-krogh/escape-unicode

ReDoS: escape unicode chars in the output for the ReDoS queries
2026-04-30 19:26:02 +02:00 · 2023-08-15 11:21:21 +02:00
parent fec9626fe7 fe542565c3
commit 6a3b9e10eb
8 changed files with 135 additions and 34 deletions
--- a/shared/util/codeql/util/Numbers.qll
+++ b/shared/util/codeql/util/Numbers.qll
@@ -50,7 +50,7 @@ int parseHexInt(string hex) {
      sum(int index, string c |
        c = stripped.charAt(index)
      |
-        sixteenToThe(stripped.length() - 1 - index) * toHex(c)
+        sixteenToThe(stripped.length() - 1 - index) * charToHex(c)
      )
  )
 }
@@ -83,7 +83,7 @@ int parseOctalInt(string octal) {
 }

 /** Gets the integer value of the `hex` char. */
-private int toHex(string hex) {
+private int charToHex(string hex) {
  hex = [0 .. 9].toString() and
  result = hex.toInt()
  or
@@ -100,6 +100,32 @@ private int toHex(string hex) {
  result = 15 and hex = ["f", "F"]
 }

+/**
+ * Gets a 4-digit hex representation of `i`.
+ */
+bindingset[i]
+string to4digitHex(int i) {
+  i >= 0 and
+  i <= 65535 and
+  exists(string hex | hex = toHex(i) |
+    result = concat(int zeroes | zeroes = [1 .. 4 - hex.length()] | "0") + hex
+  )
+}
+
+/**
+ * Gets a hex representation of `i`.
+ */
+bindingset[i]
+string toHex(int i) {
+  result =
+    // make the number with lots of preceding zeroes, then remove all preceding zeroes in a post-processing step
+    concat(int shift |
+      shift in [28, 24, 20, 16, 12, 8, 4, 0]
+    |
+      "0123456789abcdef".charAt(i.bitShiftRight(shift).bitAnd(15)) order by shift desc
+    ).regexpReplaceAll("^0*", "")
+}
+
 /**
 * Gets the value of 16 to the power of `n`. Holds only for `n` in the range
 * 0..7 (inclusive).