Remove escaped "{" and "}" before counting placeholders

2026-04-27 09:45:15 +02:00 · 2024-12-05 10:43:13 +00:00
parent 2c061b0d56
commit b20b7c7572
1 changed files with 6 additions and 1 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll
@@ -56,7 +56,10 @@ private class SpringWebClientRestTemplateGetForObject extends RequestForgerySink
        i <=
          max(int occurrenceIndex, int occurrenceOffset |
            exists(
-              hsp.getStringValue().regexpFind("\\{[^}]*\\}", occurrenceIndex, occurrenceOffset)
+              hsp.getStringValue()
+                  .replaceAll("\\{", "  ")
+                  .replaceAll("\\}", "  ")
+                  .regexpFind("\\{[^}]*\\}", occurrenceIndex, occurrenceOffset)
            ) and
            occurrenceOffset < hsp.getOffset()
          |
@@ -78,6 +81,8 @@ private class SpringWebClientRestTemplateGetForObject extends RequestForgerySink
            mc.getArgument(0)
                .(CompileTimeConstantExpr)
                .getStringValue()
+                .replaceAll("\\{", "  ")
+                .replaceAll("\\}", "  ")
                .regexpFind("\\{[^}]*\\}", occurrenceIndex, _)
          )
        |