Python: Add tests for py/polynomial-redos

2026-05-02 20:25:13 +02:00 · 2021-07-15 14:15:44 +02:00
parent 1be0dc0876
commit 76caf43b54
3 changed files with 13 additions and 0 deletions
--- a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected
+++ b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected
@@ -0,0 +1,3 @@
+edges
+nodes
+#select
--- a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.qlref
+++ b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.qlref
@@ -0,0 +1 @@
+Security/CWE-730/PolynomialReDoS.ql
--- a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/test.py
+++ b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/test.py
@@ -0,0 +1,9 @@
+import re
+from flask import Flask, request
+app = Flask(__name__)
+
+@app.route("/poly-redos")
+def code_execution():
+    text = request.args.get("text")
+    re.sub(r"^\s+|\s+$", "", text) # NOT OK
+    re.match(r"^0\.\d+E?\d+$", text) # NOT OK