apply review comments

2026-05-01 11:45:14 +02:00 · 2022-11-08 09:34:46 -05:00
parent b99a1d2cd9
commit bada986433
2 changed files with 1 additions and 3 deletions
--- a/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
@@ -40,11 +40,10 @@ private class PatternQuoteCall extends RegexInjectionSanitizer {
 */
 private class PatternLiteralFlag extends RegexInjectionSanitizer {
  PatternLiteralFlag() {
-    exists(MethodAccess ma, Method m, Field field | m = ma.getMethod() |
+    exists(MethodAccess ma, Method m, PatternLiteralField field | m = ma.getMethod() |
      ma.getArgument(0) = this.asExpr() and
      m.getDeclaringType() instanceof TypeRegexPattern and
      m.hasName("compile") and
-      field instanceof PatternLiteralField and
      ma.getArgument(1) = field.getAnAccess()
    )
  }
--- a/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql
+++ b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.ql
@@ -2,7 +2,6 @@ import java
 import TestUtilities.InlineExpectationsTest
 import semmle.code.java.security.regexp.RegexInjectionQuery

-//import semmle.code.java.security.regexp.PolynomialReDoSQuery
 class RegexInjectionTest extends InlineExpectationsTest {
  RegexInjectionTest() { this = "RegexInjectionTest" }