hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

add comment about regexp detected by js/polynomial-redos

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-01-07 12:06:12 +01:00
parent 28cffa1e07
commit 7e21081b70
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Performance/ReDoS.ql
View File

@@ -195,7 +195,7 @@ predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
// (every epsilon-loop must contain such a state). // (every epsilon-loop must contain such a state).
// //
// We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself. // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
// This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime. // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
// The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`, // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`,
// and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently. // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
r1 = r2 and r1 = r2 and