From a49999dd5d2ae745b2e07a2d65cf79016550a214 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= Date: Tue, 24 Jun 2025 16:39:52 +0200 Subject: [PATCH] PolynomialReDoS: disable diff-informed support This is because it was failing the diff-informed consistency check, and like other ReDoS queries (Python?) the query tries to be helpful by showing a substring of a regex, which has a `hasLocation(...)` (intensional) but no corresponding `getLocation()` (extensional). Until the location overrides get updated to support `hasLocation`-based locations, it's probably best to turn off diff-informed support. --- .../java/security/regexp/PolynomialReDoSQuery.qll | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll index 767ebc97437..ba65e13dd61 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll @@ -47,18 +47,6 @@ module PolynomialRedosConfig implements DataFlow::ConfigSig { node instanceof SimpleTypeSanitizer or node.asExpr().(MethodCall).getMethod() instanceof LengthRestrictedMethod } - - predicate observeDiffInformedIncrementalMode() { any() } - - Location getASelectedSinkLocation(DataFlow::Node sink) { - exists(SuperlinearBackTracking::PolynomialBackTrackingTerm regexp | - regexp.getRootTerm() = sink.(PolynomialRedosSink).getRegExp() - | - result = sink.getLocation() - or - result = regexp.getLocation() - ) - } } module PolynomialRedosFlow = TaintTracking::Global;