hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix py/polynomial-redos

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-07-15 14:16:07 +02:00
parent 76caf43b54
commit a5834c4d78
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll
View File

@@ -56,7 +56,7 @@ module PolynomialReDoS {
/**
* A regex execution, considered as a flow sink.
*/
class RegexExecutionAsSink extends DataFlow::Node {
class RegexExecutionAsSink extends Sink {
RegExpTerm t;
RegexExecutionAsSink() {
@@ -68,7 +68,7 @@ module PolynomialReDoS {
}
/** Gets the regex that is being executed by this node. */
RegExpTerm getRegExp() { result = t }
override RegExpTerm getRegExp() { result = t }
}
/**

9
python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected
View File

@@ -1,3 +1,12 @@
edges
| test.py:7:12:7:18 | ControlFlowNode for request | test.py:7:12:7:23 | ControlFlowNode for Attribute |
| test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:8:30:8:33 | ControlFlowNode for text |
| test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:9:32:9:35 | ControlFlowNode for text |
nodes
| test.py:7:12:7:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
| test.py:7:12:7:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
| test.py:8:30:8:33 | ControlFlowNode for text | semmle.label | ControlFlowNode for text |
| test.py:9:32:9:35 | ControlFlowNode for text | semmle.label | ControlFlowNode for text |
#select
| test.py:8:30:8:33 | ControlFlowNode for text | test.py:7:12:7:18 | ControlFlowNode for request | test.py:8:30:8:33 | ControlFlowNode for text | This $@ that depends on $@ may run slow on strings with many repetitions of ' '. | test.py:8:21:8:23 | \\s+ | regular expression | test.py:7:12:7:18 | ControlFlowNode for request | a user-provided value |
| test.py:9:32:9:35 | ControlFlowNode for text | test.py:7:12:7:18 | ControlFlowNode for request | test.py:9:32:9:35 | ControlFlowNode for text | This $@ that depends on $@ may run slow on strings with many repetitions of '99'. | test.py:9:27:9:29 | \\d+ | regular expression | test.py:7:12:7:18 | ControlFlowNode for request | a user-provided value |