hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-29 08:37:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Extend RegexMatch framework to allow for MatcherMatchesCall edge case

Browse Source
This commit is contained in:
Owen Mansel-Chan
2026-02-15 14:37:16 +00:00
parent 8f8f4c2d52
commit d6b71a346e
3 changed files with 22 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
java/ql/lib/semmle/code/java/frameworks/Regex.qll
View File

@@ -118,5 +118,18 @@ class MatcherMatchesCall extends MethodCall, RegexMatch::Range {
override Expr getString() { result = this.getPatternMatcherCall().getArgument(0) }
override Expr getAdditionalSanitizedExpr() {
// Special case for MatcherMatchesCall. Consider the following code:
//
// Matcher matcher = Pattern.compile(regexp).matcher(taintedInput);
// if (matcher.matches()) {
// sink(matcher.group(1));
// }
//
// Even though the string is `taintedInput`, we also want to sanitize
// `matcher` as it can be used to get substrings of `taintedInput`.
result = this.getQualifier()
}
override string getName() { result = "Matcher.matches" }
}