sync changes to other languages

2025-12-24 04:36:35 +01:00 · 2022-08-12 20:28:12 +02:00
parent 97681ea219
commit b9e96fb078
10 changed files with 45 additions and 87 deletions
--- a/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll
@@ -1027,7 +1027,7 @@ module ReDoSPruning<isCandidateSig/2 isCandidate> {
    predicate reachesOnlyRejectableSuffixes(State fork, string w) {
      isReDoSCandidate(fork, w) and
      forex(State next | next = process(fork, w, w.length() - 1) | isLikelyRejectable(next)) and
-      not epsilonSucc*(getProcessPrevious(fork, _, w)) = AcceptAnySuffix(_) // we stop `process(..)` early if we can, check here if it happened.
+      not getProcessPrevious(fork, _, w) = acceptsAnySuffix() // we stop `process(..)` early if we can, check here if it happened.
    }

    /**
@@ -1284,7 +1284,7 @@ module Concretizer<CharTree Impl> {
  private predicate isRelevant(Node n) {
    isARelevantEnd(n)
    or
-    exists(Node prev | isRelevant(prev) | n = getPrev(prev))
+    exists(Node succ | isRelevant(succ) | n = getPrev(succ))
  }

  /** Holds if `n` is a root with no predecessors. */
@@ -1299,19 +1299,15 @@ module Concretizer<CharTree Impl> {
  }

  /** Gets an ancestor of `end`, where `end` is a node that should have a result in `concretize`. */
-  private Node getANodeInLongChain(Node end) {
-    isARelevantEnd(end) and result = end
-    or
-    exists(Node prev | prev = getANodeInLongChain(end) | result = getPrev(prev))
-  }
+  private Node getAnAncestor(Node end) { isARelevantEnd(end) and result = getPrev*(end) }

  /** Gets the `i`th character on the path from the root to `n`. */
  pragma[noinline]
  private string getPrefixChar(Node n, int i) {
-    exists(Node prev |
-      result = getChar(prev) and
-      prev = getANodeInLongChain(n) and
-      i = nodeDepth(prev)
+    exists(Node ancestor |
+      result = getChar(ancestor) and
+      ancestor = getAnAncestor(n) and
+      i = nodeDepth(ancestor)
    )
  }

--- a/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll
@@ -351,7 +351,7 @@ predicate isReDoSCandidate(State state, string pump) { isPumpable(_, state, pump
 /**
 * Holds if repetitions of `pump` at `t` will cause polynomial backtracking.
 */
-predicate polynimalReDoS(RegExpTerm t, string pump, string prefixMsg, RegExpTerm prev) {
+predicate polynomialReDoS(RegExpTerm t, string pump, string prefixMsg, RegExpTerm prev) {
  exists(State s, State pivot |
    ReDoSPruning<isReDoSCandidate/2>::hasReDoSResult(t, pump, s, prefixMsg) and
    isPumpable(pivot, s, _) and
@@ -363,7 +363,7 @@ predicate polynimalReDoS(RegExpTerm t, string pump, string prefixMsg, RegExpTerm
 * Gets a message for why `term` can cause polynomial backtracking.
 */
 string getReasonString(RegExpTerm term, string pump, string prefixMsg, RegExpTerm prev) {
-  polynimalReDoS(term, pump, prefixMsg, prev) and
+  polynomialReDoS(term, pump, prefixMsg, prev) and
  result =
    "Strings " + prefixMsg + "with many repetitions of '" + pump +
      "' can start matching anywhere after the start of the preceeding " + prev