hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13975 from yoff/python/parsemodechars-not-chars

Browse Source
This commit is contained in:
yoff
2023-08-29 14:05:57 +02:00
committed by GitHub
parent dd274422d1 68cd422788
commit ae4c76c788
9 changed files with 42 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll
View File

@@ -683,6 +683,15 @@ class RegExp extends Expr instanceof StrConst {
* Holds if a parse mode starts between `start` and `end`.
*/
private predicate flag_group_start(int start, int end) {
this.flag_group_start_no_modes(start, _) and
end = max(int i | this.mode_character(start, i) | i + 1)
}
/**
* Holds if the initial part of a parse mode, not containing any
* mode characters is between `start` and `end`.
*/
private predicate flag_group_start_no_modes(int start, int end) {
this.isGroupStart(start) and
this.getChar(start + 1) = "?" and
this.getChar(start + 2) in ["i", "L", "m", "s", "u", "x"] and
@@ -690,17 +699,27 @@ class RegExp extends Expr instanceof StrConst {
}
/**
* Holds if a parse mode group is between `start` and `end`, and includes the
* mode flag `c`. For example the following span, with mode flag `i`:
* Holds if `pos` contains a mo character from the
* flag group starting at `start`.
*/
private predicate mode_character(int start, int pos) {
this.flag_group_start_no_modes(start, pos)
or
this.mode_character(start, pos - 1) and
this.getChar(pos) in ["i", "L", "m", "s", "u", "x"]
}
/**
* Holds if a parse mode group includes the mode flag `c`.
* For example the following parse mode group, with mode flag `i`:
* ```
* (?i)
* ```
*/
private predicate flag_group(int start, int end, string c) {
exists(int inStart, int inEnd |
this.flag_group_start(start, inStart) and
this.groupContents(start, end, inStart, inEnd) and
this.getChar([inStart .. inEnd - 1]) = c
private predicate flag(string c) {
exists(int pos |
this.mode_character(_, pos) and
this.getChar(pos) = c
)
}
@@ -709,7 +728,7 @@ class RegExp extends Expr instanceof StrConst {
* it is defined by a prefix.
*/
string getModeFromPrefix() {
exists(string c | this.flag_group(_, _, c) |
exists(string c | this.flag(c) |
c = "i" and result = "IGNORECASE"
or
c = "L" and result = "LOCALE"

1
python/ql/test/library-tests/regex/Characters.expected
View File

@@ -36,7 +36,6 @@
| (?:[^%]\|^)?%\\((\\w*)\\)[a-z] | 22 | 23 |
| (?:[^%]\|^)?%\\((\\w*)\\)[a-z] | 24 | 25 |
| (?P<name>[\\w]+)\| | 10 | 12 |
| (?m)^(?!$) | 2 | 3 |
| (?m)^(?!$) | 4 | 5 |
| (?m)^(?!$) | 8 | 9 |
| (\\033\|~{) | 1 | 5 |

3
python/ql/test/library-tests/regex/FirstLast.expected
View File

@@ -22,7 +22,8 @@
| (?P<name>[\\w]+)\| | first | 9 | 14 |
| (?P<name>[\\w]+)\| | last | 9 | 13 |
| (?P<name>[\\w]+)\| | last | 9 | 14 |
| (?m)^(?!$) | first | 2 | 3 |
| (?m)^(?!$) | first | 4 | 5 |
| (?m)^(?!$) | first | 8 | 9 |
| (?m)^(?!$) | last | 4 | 5 |
| (?m)^(?!$) | last | 8 | 9 |
| (\\033\|~{) | first | 1 | 5 |

1
python/ql/test/library-tests/regex/GroupContents.expected
View File

@@ -8,7 +8,6 @@
| (?:[^%]\|^)?%\\((\\w*)\\)[a-z] | 0 | 10 | (?:[^%]\|^) | 3 | 9 | [^%]\|^ |
| (?:[^%]\|^)?%\\((\\w*)\\)[a-z] | 14 | 19 | (\\w*) | 15 | 18 | \\w* |
| (?P<name>[\\w]+)\| | 0 | 15 | (?P<name>[\\w]+) | 9 | 14 | [\\w]+ |
| (?m)^(?!$) | 0 | 4 | (?m) | 2 | 3 | m |
| (?m)^(?!$) | 5 | 10 | (?!$) | 8 | 9 | $ |
| (\\033\|~{) | 0 | 9 | (\\033\|~{) | 1 | 8 | \\033\|~{ |
| \\[(?P<txt>[^[]*)\\]\\((?P<uri>[^)]*) | 2 | 16 | (?P<txt>[^[]*) | 10 | 15 | [^[]* |

4
python/ql/test/library-tests/regex/Regex.expected
View File

@@ -77,11 +77,9 @@
| (?P<name>[\\w]+)\| | sequence | 0 | 15 |
| (?m)^(?!$) | $ | 8 | 9 |
| (?m)^(?!$) | ^ | 4 | 5 |
| (?m)^(?!$) | char | 2 | 3 |
| (?m)^(?!$) | empty group | 0 | 4 |
| (?m)^(?!$) | empty group | 5 | 10 |
| (?m)^(?!$) | non-empty group | 0 | 4 |
| (?m)^(?!$) | sequence | 0 | 10 |
| (?m)^(?!$) | sequence | 2 | 3 |
| (?m)^(?!$) | sequence | 8 | 9 |
| (\\033\|~{) | char | 1 | 5 |
| (\\033\|~{) | char | 6 | 7 |

1
python/ql/test/query-tests/Security/CWE-116-BadTagFilter/BadTagFilter.expected
View File

@@ -1,6 +1,7 @@
| tst.py:4:20:4:43 | <script.*?>.*?<\\/script> | This regular expression does not match script end tags like </script >. |
| tst.py:5:20:5:43 | <script.*?>.*?<\\/script> | This regular expression does not match script end tags like </script >. |
| tst.py:9:20:9:30 | <!--.*--!?> | This regular expression does not match comments containing newlines. |
| tst.py:11:20:11:34 | (?i)<!--.*--!?> | This regular expression does not match comments containing newlines. |
| tst.py:12:20:12:53 | <script.*?>(.\|\\s)*?<\\/script[^>]*> | This regular expression matches <script></script>, but not <script \\n></script> |
| tst.py:13:20:13:51 | <script[^>]*?>.*?<\\/script[^>]*> | This regular expression matches <script>...</script>, but not <script >...\\n</script> |
| tst.py:14:20:14:58 | <script(\\s\|\\w\|=\|")*?>.*?<\\/script[^>]*> | This regular expression does not match script tags where the attribute uses single-quotes. |

7
python/ql/test/query-tests/Security/CWE-730-ReDoS/ReDoS.expected
View File

@@ -7,7 +7,7 @@
| redos.py:21:57:21:76 | (?:[^'\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings starting with '\\t'' and containing many repetitions of '\\\\\\\\'. |
| redos.py:21:81:21:100 | (?:[^)\\\\]\|\\\\\\\\\|\\\\.)+ | This part of the regular expression may cause exponential backtracking on strings starting with '\\t(' and containing many repetitions of '\\\\\\\\'. |
| redos.py:33:64:33:65 | .* | This part of the regular expression may cause exponential backtracking on strings starting with '!\|\\n-\|\\n' and containing many repetitions of '\|\|\\n'. |
| redos.py:38:33:38:42 | (\\\\\\/\|.)*? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\\\/'. |
| redos.py:38:33:38:42 | (\\\\\\/\|.)*? | This part of the regular expression may cause exponential backtracking on strings starting with '/' and containing many repetitions of '\\\\/'. |
| redos.py:43:37:43:38 | .* | This part of the regular expression may cause exponential backtracking on strings starting with '#' and containing many repetitions of '#'. |
| redos.py:49:41:49:43 | .*? | This part of the regular expression may cause exponential backtracking on strings starting with '"' and containing many repetitions of '""'. |
| redos.py:49:47:49:49 | .*? | This part of the regular expression may cause exponential backtracking on strings starting with ''' and containing many repetitions of ''''. |
@@ -105,5 +105,6 @@
| redos.py:391:15:391:25 | (\\u0061\|a)* | This part of the regular expression may cause exponential backtracking on strings starting with 'X' and containing many repetitions of 'a'. |
| unittests.py:5:17:5:23 | (\u00c6\|\\\u00c6)+ | This part of the regular expression may cause exponential backtracking on strings starting with 'X' and containing many repetitions of '\\u00c6'. |
| unittests.py:9:16:9:24 | (?:.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. |
| unittests.py:11:20:11:28 | (?:.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings starting with 's' and containing many repetitions of '\\n'. |
| unittests.py:12:21:12:29 | (?:.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings starting with 'is' and containing many repetitions of '\\n'. |
| unittests.py:11:20:11:28 | (?:.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. |
| unittests.py:12:21:12:29 | (?:.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. |
| unittests.py:13:22:13:30 | (?:.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings starting with 'x' and containing many repetitions of '\\n'. |

1
python/ql/test/query-tests/Security/CWE-730-ReDoS/unittests.py
View File

@@ -10,3 +10,4 @@ re.compile(r'(?:.|\n)*b', re.DOTALL) # Has ReDoS.
re.compile(r'(?i)(?:.|\n)*b') # No ReDoS.
re.compile(r'(?s)(?:.|\n)*b') # Has ReDoS.
re.compile(r'(?is)(?:.|\n)*b') # Has ReDoS.
re.compile(r'(?is)X(?:.|\n)*Y') # Has ReDoS.