hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Disregard capture groups in lookaround assertions

Browse Source
This commit is contained in:
Asger F
2019-11-08 10:02:20 +00:00
parent 2242df920f
commit a7a90b4b7e
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
View File

@@ -15,16 +15,19 @@ import semmle.javascript.CharacterEscapes
import HostnameRegexpShared
/**
* Holds if `term` occurs inside a quantifier or alternative, and thus
* can not be expected to correspond to a unique match.
* Holds if `term` occurs inside a quantifier or alternative (and thus
* can not be expected to correspond to a unique match), or as part of
* a lookaround assertion (which are rarely used for capture groups).
*/
predicate isInsideChoice(RegExpTerm term) {
predicate isInsideChoiceOrSubPattern(RegExpTerm term) {
exists(RegExpParent parent | parent = term.getParent() |
parent instanceof RegExpAlt
or
parent instanceof RegExpQuantifier
or
isInsideChoice(parent)
parent instanceof RegExpSubPattern
or
isInsideChoiceOrSubPattern(parent)
)
}
@@ -33,7 +36,7 @@ predicate isInsideChoice(RegExpTerm term) {
*/
predicate isLikelyCaptureGroup(RegExpGroup group) {
group.isCapture() and
not isInsideChoice(group)
not isInsideChoiceOrSubPattern(group)
}
/**