port the Java regex/redos queries to use the shared pack

2025-12-21 03:06:31 +01:00 · 2022-11-01 12:20:05 +01:00
parent d5b066636f
commit c029048306
12 changed files with 49 additions and 2376 deletions
--- a/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
+++ b/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
@@ -12,14 +12,15 @@
 *       external/cwe/cwe-020
 */

-import semmle.code.java.security.OverlyLargeRangeQuery
+private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.OverlyLargeRangeQuery::Make<TreeView>

-RegExpCharacterClass potentialMisparsedCharClass() {
+TreeView::RegExpCharacterClass potentialMisparsedCharClass() {
  // nested char classes are currently misparsed
-  result.getAChild().(RegExpNormalChar).getValue() = "["
+  result.getAChild().(TreeView::RegExpNormalChar).getValue() = "["
 }

-from RegExpCharacterRange range, string reason
+from TreeView::RegExpCharacterRange range, string reason
 where
  problem(range, reason) and
  not range.getParent() = potentialMisparsedCharClass()
--- a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
+++ b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
@@ -17,7 +17,9 @@ import java
 import semmle.code.java.security.regexp.PolynomialReDoSQuery
 import DataFlow::PathGraph

-from DataFlow::PathNode source, DataFlow::PathNode sink, PolynomialBackTrackingTerm regexp
+from
+  DataFlow::PathNode source, DataFlow::PathNode sink,
+  SuperlinearBackTracking::PolynomialBackTrackingTerm regexp
 where hasPolynomialReDoSResult(source, sink, regexp)
 select sink, source, sink,
  "This $@ that depends on a $@ may run slow on strings " + regexp.getPrefixMessage() +
--- a/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
+++ b/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
@@ -14,12 +14,12 @@
 *       external/cwe/cwe-400
 */

-import java
-import semmle.code.java.security.regexp.ExponentialBackTracking
+private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as ExponentialBackTracking

-from RegExpTerm t, string pump, State s, string prefixMsg
+from TreeView::RegExpTerm t, string pump, ExponentialBackTracking::State s, string prefixMsg
 where
-  hasReDoSResult(t, pump, s, prefixMsg) and
+  ExponentialBackTracking::hasReDoSResult(t, pump, s, prefixMsg) and
  // exclude verbose mode regexes for now
  not t.getRegex().getAMode() = "VERBOSE"
 select t,