hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: use approximate related sink locations in polynomial redos

Browse Source
This commit is contained in:
Asger F
2025-07-01 16:17:24 +02:00
parent a46b5f9529
commit 82d190f4bf
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll
View File

@@ -47,6 +47,24 @@ module PolynomialRedosConfig implements DataFlow::ConfigSig {
node instanceof SimpleTypeSanitizer or
node.asExpr().(MethodCall).getMethod() instanceof LengthRestrictedMethod
}
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(SuperlinearBackTracking::PolynomialBackTrackingTerm regexp |
regexp.getRootTerm() = sink.(PolynomialRedosSink).getRegExp()
|
result = sink.getLocation()
)
}
Location getASelectedSinkLocationApprox(DataFlow::Node sink) {
exists(SuperlinearBackTracking::PolynomialBackTrackingTerm regexp |
regexp.getRootTerm() = sink.(PolynomialRedosSink).getRegExp()
|
result = regexp.getLocation()
)
}
}
module PolynomialRedosFlow = TaintTracking::Global<PolynomialRedosConfig>;