Merge pull request #8489 from aibaars/regex-refactor

Ruby: refactor regex libraries
2026-04-29 10:45:15 +02:00 · 2022-03-28 12:17:00 +02:00
parent c98d024c0e accdd9499a
commit af1d949d06
16 changed files with 1316 additions and 879 deletions
--- a/ruby/ql/test/library-tests/regexp/parse.ql
+++ b/ruby/ql/test/library-tests/regexp/parse.ql
@@ -3,9 +3,9 @@
 */

 import codeql.Locations
-import codeql.ruby.security.performance.RegExpTreeView as RETV
+import codeql.ruby.Regexp as RE

-query predicate nodes(RETV::RegExpTerm n, string attr, string val) {
+query predicate nodes(RE::RegExpTerm n, string attr, string val) {
  attr = "semmle.label" and
  val = "[" + concat(n.getAPrimaryQlClass(), ", ") + "] " + n.toString()
  or
@@ -13,7 +13,7 @@ query predicate nodes(RETV::RegExpTerm n, string attr, string val) {
  val =
    any(int i |
      n =
-        rank[i](RETV::RegExpTerm t, string fp, int sl, int sc, int el, int ec |
+        rank[i](RE::RegExpTerm t, string fp, int sl, int sc, int el, int ec |
          t.hasLocationInfo(fp, sl, sc, el, ec)
        |
          t order by fp, sl, sc, el, ec, t.toString()
@@ -21,7 +21,7 @@ query predicate nodes(RETV::RegExpTerm n, string attr, string val) {
    ).toString()
 }

-query predicate edges(RETV::RegExpTerm pred, RETV::RegExpTerm succ, string attr, string val) {
+query predicate edges(RE::RegExpTerm pred, RE::RegExpTerm succ, string attr, string val) {
  attr in ["semmle.label", "semmle.order"] and
  val = any(int i | succ = pred.getChild(i)).toString()
 }
--- a/ruby/ql/test/library-tests/regexp/regexp.ql
+++ b/ruby/ql/test/library-tests/regexp/regexp.ql
@@ -1,4 +1,4 @@
-import codeql.ruby.security.performance.RegExpTreeView
+import codeql.ruby.Regexp

 query predicate groupName(RegExpGroup g, string name) { name = g.getName() }

--- a/ruby/ql/test/query-tests/security/cwe-1333-exponential-redos/ReDoS.expected
+++ b/ruby/ql/test/query-tests/security/cwe-1333-exponential-redos/ReDoS.expected
@@ -33,7 +33,9 @@
 | tst.rb:137:11:137:17 | (\\w\|G)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'G'. |
 | tst.rb:143:11:143:18 | (\\d\|\\w)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. |
 | tst.rb:146:11:146:17 | (\\d\|5)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '5'. |
-| tst.rb:155:11:155:20 | (\\f\|[\\f])* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'f'. |
+| tst.rb:149:11:149:20 | (\\s\|[\\f])* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\u000c'. |
+| tst.rb:152:11:152:24 | (\\s\|[\\v]\|\\\\v)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\u000b'. |
+| tst.rb:155:11:155:20 | (\\f\|[\\f])* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\u000c'. |
 | tst.rb:158:11:158:18 | (\\W\|\\D)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of ' '. |
 | tst.rb:161:11:161:18 | (\\S\|\\w)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. |
 | tst.rb:164:11:164:20 | (\\S\|[\\w])* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. |