hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

filter out potential misparses from java/suspicious-regexp-range

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-06-29 13:16:40 +02:00
parent 2e295e4a04
commit 9ecc3a2671
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/src/Security/CWE/CWE-020/SuspiciousRegexpRange.ql
View File

@@ -13,6 +13,13 @@
import semmle.code.java.security.SuspiciousRegexpRangeQuery
RegExpCharacterClass potentialMisparsedCharClass() {
// nested char classes are currently misparsed
result.getAChild().(RegExpNormalChar).getValue() = "["
}
from RegExpCharacterRange range, string reason
where problem(range, reason)
where
problem(range, reason) and
not range.getParent() = potentialMisparsedCharClass()
select range, "Suspicious character range that " + reason + "."