mirror of
https://github.com/github/codeql.git
synced 2026-04-21 06:55:31 +02:00
Mention regex-use sink kind in QLDoc for regexSinkKindInfo
This commit is contained in:
@@ -13,9 +13,15 @@ private class ExploitableStringLiteral extends StringLiteral {
|
||||
|
||||
/**
|
||||
* Holds if `kind` is an external sink kind that is relevant for regex flow.
|
||||
* `full` is true if sinks with this kind match against the full string of its input.
|
||||
* `strArg` is the index of the argument to methods with this sink kind that contan the string to be matched against,
|
||||
* where -1 is the qualifier; or -2 if no such argument exists.
|
||||
* `full` is true if sinks with this kind match against the full string of its
|
||||
* input.
|
||||
* `strArg` is the index of the argument to methods with this sink kind that
|
||||
* contain the string to be matched against, where -1 is the qualifier; or -2
|
||||
* if no such argument exists.
|
||||
*
|
||||
* Note that `regex-use` is deliberately not a possible value for `kind` here,
|
||||
* as it is used for regular expression injection sinks that should not be used
|
||||
* as polynomial ReDoS sinks.
|
||||
*/
|
||||
private predicate regexSinkKindInfo(string kind, boolean full, int strArg) {
|
||||
sinkModel(_, _, _, _, _, _, _, kind, _, _) and
|
||||
|
||||
Reference in New Issue
Block a user