use RegExpTreeView insteaed of RegexTreeView in JS

2025-12-20 10:46:30 +01:00 · 2022-11-22 12:47:21 +01:00
parent f9b775e4b8
commit 6b5cd9abc3
14 changed files with 14 additions and 14 deletions
--- a/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll
@@ -2,7 +2,7 @@
 * Provides predicates for reasoning about bad tag filter vulnerabilities.
 */

-private import regexp.RegexTreeView::RegexTreeView as TreeView
+private import regexp.RegExpTreeView::RegExpTreeView as TreeView
 // BadTagFilterQuery should be used directly from the shared pack, and not from this file.
 deprecated private import codeql.regex.nfa.BadTagFilterQuery::Make<TreeView> as Dep
 import Dep
--- a/javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationSpecific.qll
+++ b/javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationSpecific.qll
@@ -3,7 +3,7 @@
 */

 import javascript
-private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
 import codeql.regex.nfa.NfaUtils::Make<TreeView> as NfaUtils

 class StringSubstitutionCall = StringReplaceCall;
--- a/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll
@@ -2,7 +2,7 @@
 * Classes and predicates for working with suspicious character ranges.
 */

-private import regexp.RegexTreeView::RegexTreeView as TreeView
+private import regexp.RegExpTreeView::RegExpTreeView as TreeView
 // OverlyLargeRangeQuery should be used directly from the shared pack, and not from this file.
 deprecated private import codeql.regex.OverlyLargeRangeQuery::Make<TreeView> as Dep
 import Dep
--- a/javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll
@@ -62,7 +62,7 @@
 *     a suffix `x` (possible empty) that is most likely __not__ accepted.
 */

-private import RegexTreeView::RegexTreeView as TreeView
+private import RegExpTreeView::RegExpTreeView as TreeView
 // ExponentialBackTracking should be used directly from the shared pack, and not from this file.
 deprecated private import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as Dep
 import Dep
--- a/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll
@@ -7,7 +7,7 @@
 * other queries that benefit from reasoning about NFAs.
 */

-private import RegexTreeView::RegexTreeView as TreeView
+private import RegExpTreeView::RegExpTreeView as TreeView
 // NfaUtils should be used directly from the shared pack, and not from this file.
 deprecated private import codeql.regex.nfa.NfaUtils::Make<TreeView> as Dep
 import Dep
--- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll
@@ -5,7 +5,7 @@
 */

 import javascript
-private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView

 /** Module containing sources, sinks, and sanitizers for polynomial regular expression denial-of-service attacks. */
 module PolynomialReDoS {
--- a/javascript/ql/lib/semmle/javascript/security/regexp/RegExpTreeView.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/RegExpTreeView.qll
@@ -6,7 +6,7 @@ private import codeql.regex.nfa.NfaUtils as NfaUtils
 private import codeql.regex.RegexTreeView

 /** An implementation that parses a regular expression into a tree of `RegExpTerm`s. */
-module RegexTreeView implements RegexTreeViewSig {
+module RegExpTreeView implements RegexTreeViewSig {
  import javascript

  class Top = Locatable;
--- a/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll
@@ -3,7 +3,7 @@
 * and for testing which capture groups are filled when a particular regexp matches a string.
 */

-private import RegexTreeView::RegexTreeView as TreeView
+private import RegExpTreeView::RegExpTreeView as TreeView
 // RegexpMatching should be used directly from the shared pack, and not from this file.
 deprecated private import codeql.regex.nfa.RegexpMatching::Make<TreeView> as Dep
 import Dep
--- a/javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll
@@ -35,7 +35,7 @@
 * It also doesn't find all transitions in the product automaton, which can cause false negatives.
 */

-private import RegexTreeView::RegexTreeView as TreeView
+private import RegExpTreeView::RegExpTreeView as TreeView
 // SuperlinearBackTracking should be used directly from the shared pack, and not from this file.
 deprecated private import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView> as Dep
 import Dep
--- a/javascript/ql/src/Performance/ReDoS.ql
+++ b/javascript/ql/src/Performance/ReDoS.ql
@@ -15,7 +15,7 @@
 */

 import javascript
-private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
 import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView>

 from RegExpTerm t, string pump, State s, string prefixMsg
--- a/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
+++ b/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
@@ -12,7 +12,7 @@
 *       external/cwe/cwe-020
 */

-private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
 import codeql.regex.OverlyLargeRangeQuery::Make<TreeView>

 from TreeView::RegExpCharacterRange range, string reason
--- a/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
+++ b/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
@@ -16,7 +16,7 @@
 *       external/cwe/cwe-186
 */

-private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
 import codeql.regex.nfa.BadTagFilterQuery::Make<TreeView>

 from HtmlMatchingRegExp regexp, string msg
--- a/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
+++ b/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
@@ -20,7 +20,7 @@ string toOtherCase(string s) {
  if s.regexpMatch(".*[a-z].*") then result = s.toUpperCase() else result = s.toLowerCase()
 }

-private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
 import codeql.regex.nfa.NfaUtils::Make<TreeView> as NfaUtils

 /** Holds if `s` is a relevant regexp term were we want to compute a string that matches the term (for `getCaseSensitiveBypassExample`). */
--- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.ql
+++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.ql
@@ -1,4 +1,4 @@
-private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeView
 import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView>

 from PolynomialBackTrackingTerm t