hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Don't treat re.escape(...) as a regex

Browse Source 
Fixes https://github.com/github/codeql/issues/3712
This commit is contained in:
Rasmus Wriedt Larsen
2020-06-15 11:54:14 +02:00
parent 7601bd497e
commit c0043eb9db
5 changed files with 2 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
python/ql/test/library-tests/regex/Characters.expected
View File

@@ -118,47 +118,6 @@
| ax{,3} | 3 | 4 |
| ax{,3} | 4 | 5 |
| ax{,3} | 5 | 6 |
| https://www.humblebundle.com/home/library | 0 | 1 |
| https://www.humblebundle.com/home/library | 1 | 2 |
| https://www.humblebundle.com/home/library | 2 | 3 |
| https://www.humblebundle.com/home/library | 3 | 4 |
| https://www.humblebundle.com/home/library | 4 | 5 |
| https://www.humblebundle.com/home/library | 5 | 6 |
| https://www.humblebundle.com/home/library | 6 | 7 |
| https://www.humblebundle.com/home/library | 7 | 8 |
| https://www.humblebundle.com/home/library | 8 | 9 |
| https://www.humblebundle.com/home/library | 9 | 10 |
| https://www.humblebundle.com/home/library | 10 | 11 |
| https://www.humblebundle.com/home/library | 11 | 12 |
| https://www.humblebundle.com/home/library | 12 | 13 |
| https://www.humblebundle.com/home/library | 13 | 14 |
| https://www.humblebundle.com/home/library | 14 | 15 |
| https://www.humblebundle.com/home/library | 15 | 16 |
| https://www.humblebundle.com/home/library | 16 | 17 |
| https://www.humblebundle.com/home/library | 17 | 18 |
| https://www.humblebundle.com/home/library | 18 | 19 |
| https://www.humblebundle.com/home/library | 19 | 20 |
| https://www.humblebundle.com/home/library | 20 | 21 |
| https://www.humblebundle.com/home/library | 21 | 22 |
| https://www.humblebundle.com/home/library | 22 | 23 |
| https://www.humblebundle.com/home/library | 23 | 24 |
| https://www.humblebundle.com/home/library | 24 | 25 |
| https://www.humblebundle.com/home/library | 25 | 26 |
| https://www.humblebundle.com/home/library | 26 | 27 |
| https://www.humblebundle.com/home/library | 27 | 28 |
| https://www.humblebundle.com/home/library | 28 | 29 |
| https://www.humblebundle.com/home/library | 29 | 30 |
| https://www.humblebundle.com/home/library | 30 | 31 |
| https://www.humblebundle.com/home/library | 31 | 32 |
| https://www.humblebundle.com/home/library | 32 | 33 |
| https://www.humblebundle.com/home/library | 33 | 34 |
| https://www.humblebundle.com/home/library | 34 | 35 |
| https://www.humblebundle.com/home/library | 35 | 36 |
| https://www.humblebundle.com/home/library | 36 | 37 |
| https://www.humblebundle.com/home/library | 37 | 38 |
| https://www.humblebundle.com/home/library | 38 | 39 |
| https://www.humblebundle.com/home/library | 39 | 40 |
| https://www.humblebundle.com/home/library | 40 | 41 |
| x\| | 0 | 1 |
| x\|(?<!\\w)l | 0 | 1 |
| x\|(?<!\\w)l | 6 | 8 |

2
python/ql/test/library-tests/regex/FirstLast.expected
View File

@@ -90,8 +90,6 @@
| ax{,3} | last | 1 | 2 |
| ax{,3} | last | 1 | 6 |
| ax{,3} | last | 5 | 6 |
| https://www.humblebundle.com/home/library | first | 0 | 1 |
| https://www.humblebundle.com/home/library | last | 40 | 41 |
| x\| | first | 0 | 1 |
| x\| | last | 0 | 1 |
| x\|(?<!\\w)l | first | 0 | 1 |

42
python/ql/test/library-tests/regex/Regex.expected
View File

@@ -218,48 +218,6 @@
| ax{,3} | char | 5 | 6 |
| ax{,3} | qualified | 1 | 6 |
| ax{,3} | sequence | 0 | 6 |
| https://www.humblebundle.com/home/library | . | 11 | 12 |
| https://www.humblebundle.com/home/library | . | 24 | 25 |
| https://www.humblebundle.com/home/library | char | 0 | 1 |
| https://www.humblebundle.com/home/library | char | 1 | 2 |
| https://www.humblebundle.com/home/library | char | 2 | 3 |
| https://www.humblebundle.com/home/library | char | 3 | 4 |
| https://www.humblebundle.com/home/library | char | 4 | 5 |
| https://www.humblebundle.com/home/library | char | 5 | 6 |
| https://www.humblebundle.com/home/library | char | 6 | 7 |
| https://www.humblebundle.com/home/library | char | 7 | 8 |
| https://www.humblebundle.com/home/library | char | 8 | 9 |
| https://www.humblebundle.com/home/library | char | 9 | 10 |
| https://www.humblebundle.com/home/library | char | 10 | 11 |
| https://www.humblebundle.com/home/library | char | 12 | 13 |
| https://www.humblebundle.com/home/library | char | 13 | 14 |
| https://www.humblebundle.com/home/library | char | 14 | 15 |
| https://www.humblebundle.com/home/library | char | 15 | 16 |
| https://www.humblebundle.com/home/library | char | 16 | 17 |
| https://www.humblebundle.com/home/library | char | 17 | 18 |
| https://www.humblebundle.com/home/library | char | 18 | 19 |
| https://www.humblebundle.com/home/library | char | 19 | 20 |
| https://www.humblebundle.com/home/library | char | 20 | 21 |
| https://www.humblebundle.com/home/library | char | 21 | 22 |
| https://www.humblebundle.com/home/library | char | 22 | 23 |
| https://www.humblebundle.com/home/library | char | 23 | 24 |
| https://www.humblebundle.com/home/library | char | 25 | 26 |
| https://www.humblebundle.com/home/library | char | 26 | 27 |
| https://www.humblebundle.com/home/library | char | 27 | 28 |
| https://www.humblebundle.com/home/library | char | 28 | 29 |
| https://www.humblebundle.com/home/library | char | 29 | 30 |
| https://www.humblebundle.com/home/library | char | 30 | 31 |
| https://www.humblebundle.com/home/library | char | 31 | 32 |
| https://www.humblebundle.com/home/library | char | 32 | 33 |
| https://www.humblebundle.com/home/library | char | 33 | 34 |
| https://www.humblebundle.com/home/library | char | 34 | 35 |
| https://www.humblebundle.com/home/library | char | 35 | 36 |
| https://www.humblebundle.com/home/library | char | 36 | 37 |
| https://www.humblebundle.com/home/library | char | 37 | 38 |
| https://www.humblebundle.com/home/library | char | 38 | 39 |
| https://www.humblebundle.com/home/library | char | 39 | 40 |
| https://www.humblebundle.com/home/library | char | 40 | 41 |
| https://www.humblebundle.com/home/library | sequence | 0 | 41 |
| x\| | char | 0 | 1 |
| x\| | choice | 0 | 2 |
| x\| | sequence | 0 | 1 |

1
python/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegExp.expected
View File

@@ -1,2 +1 @@
| hosttest.py:6:27:6:51 | Str | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
| hosttest.py:23:21:23:63 | Str | This regular expression has an unescaped '.' before 'humblebundle.com', so it might match more hosts than expected. |