hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: sharpen js/incomplete-url-regexp by not matching .* or .+

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2018-12-06 21:51:31 +01:00
parent c65c7e700e
commit d4e4bc6a0b
3 changed files with 6 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/src/Security/CWE-020/IncompleteUrlRegExp.ql
View File

@@ -43,11 +43,9 @@ bindingset[pattern]
predicate isIncompleteHostNameRegExpPattern(string pattern, string hostPart) {
hostPart = pattern.regexpCapture(
"(?i).*" +
// Either:
// - an unescaped and repeated `.`, followed by anything
// - a unescaped single `.`
"(?:(?<!\\\\)[.][+*].*?|(?<!\\\\)[.])" +
// a sequence of subdomains, perhaps with some regex characters mixed in, followed by a known TLD
// an unescaped single `.`
"(?<!\\\\)[.]" +
// immediately followed by a sequence of subdomains, perhaps with some regex characters mixed in, followed by a known TLD
"([():|?a-z0-9-]+(\\\\)?[.](com|org|edu|gov|uk|net))" +
".*", 1)
}