hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Fix ReDoS query.

Browse Source
This commit is contained in:
calum
2018-11-21 11:15:55 +00:00
parent cf4b04a3ee
commit 8c753d7e94
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
csharp/ql/src/Security Features/CWE-730/ReDoS.ql
View File

@@ -16,8 +16,14 @@ import semmle.code.csharp.frameworks.system.text.RegularExpressions
import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
where c.hasFlowPath(source, sink)
where
c.hasFlowPath(source, sink) and
// No global timeout set
and not exists(RegexGlobalTimeout r)
select sink.getNode().(Sink), source, sink,
not exists(RegexGlobalTimeout r) and
(
sink.getNode() instanceof Sink
or
sink.getNode() instanceof ExponentialRegexSink
)
select sink.getNode(), source, sink,
"$@ flows to regular expression operation with dangerous regex.", source.getNode(), "User-provided value"