hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Do not use full regex match for %T

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-03-20 14:56:44 +00:00
parent f944ff4d78
commit bc40a4289c
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
go/ql/lib/semmle/go/Concepts.qll
View File

@@ -367,8 +367,11 @@ class LoggerCall extends DataFlow::Node instanceof LoggerCall::Range {
DataFlow::Node getAValueFormattedMessageComponent() {
result = this.getAMessageComponent() and
not exists(string formatSpecifier |
formatSpecifier.regexpMatch("%[^%]*T") and
result = this.(StringOps::Formatting::StringFormatCall).getOperand(_, formatSpecifier)
result = this.(StringOps::Formatting::StringFormatCall).getOperand(_, formatSpecifier) and
// We already know that `formatSpecifier` starts with `%`, so we check
// that it ends with `T` to confirm that it is `%T` or possibly some
// variation on it.
formatSpecifier.matches("%T")
)
}
}