add failing test

2026-04-30 11:15:13 +02:00 · 2023-01-12 20:58:06 +01:00
parent 1a64393c4c
commit 6e33dd5df6
1 changed files with 16 additions and 0 deletions
--- a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.rb
+++ b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.rb
@@ -49,4 +49,20 @@ class FooController < ActionController::Base
      puts "foo"
    end
  end
+
+  def some_other_request_handle
+    name = params[:name] # source
+
+    indirect_use_of_reg /^\s+|\s+$/, name
+
+    as_string_indirect '^\s+|\s+$', name
+  end
+
+  def indirect_use_of_reg (reg, input)
+    input.gsub reg, '' # NOT GOOD
+  end
+
+  def as_string_indirect (reg_as_string, input)
+    input.match? reg_as_string, '' # NOT GOOD
+  end
 end