port the JS regex/redos queries to use the shared pack

2026-04-30 11:15:13 +02:00 · 2022-11-01 10:24:53 +01:00
parent 031a910989
commit e18ceba49e
15 changed files with 41 additions and 2661 deletions
--- a/javascript/ql/src/Performance/PolynomialReDoS.ql
+++ b/javascript/ql/src/Performance/PolynomialReDoS.ql
@@ -15,7 +15,6 @@

 import javascript
 import semmle.javascript.security.regexp.PolynomialReDoSQuery
-import semmle.javascript.security.regexp.SuperlinearBackTracking
 import DataFlow::PathGraph

 from
--- a/javascript/ql/src/Performance/ReDoS.ql
+++ b/javascript/ql/src/Performance/ReDoS.ql
@@ -15,8 +15,8 @@
 */

 import javascript
-import semmle.javascript.security.regexp.NfaUtils
-import semmle.javascript.security.regexp.ExponentialBackTracking
+private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView>

 from RegExpTerm t, string pump, State s, string prefixMsg
 where hasReDoSResult(t, pump, s, prefixMsg)
--- a/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
+++ b/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
@@ -12,8 +12,9 @@
 *       external/cwe/cwe-020
 */

-import semmle.javascript.security.OverlyLargeRangeQuery
+private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.OverlyLargeRangeQuery::Make<TreeView>

-from RegExpCharacterRange range, string reason
+from TreeView::RegExpCharacterRange range, string reason
 where problem(range, reason)
 select range, "Suspicious character range that " + reason + "."
--- a/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
+++ b/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
@@ -16,7 +16,8 @@
 *       external/cwe/cwe-186
 */

-import semmle.javascript.security.BadTagFilterQuery
+private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.BadTagFilterQuery::Make<TreeView>

 from HtmlMatchingRegExp regexp, string msg
 where msg = min(string m | isBadRegexpFilter(regexp, m) | m order by m.length(), m) // there might be multiple, we arbitrarily pick the shortest one
--- a/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
+++ b/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
@@ -20,7 +20,8 @@ string toOtherCase(string s) {
  if s.regexpMatch(".*[a-z].*") then result = s.toUpperCase() else result = s.toLowerCase()
 }

-import semmle.javascript.security.regexp.NfaUtils as NfaUtils
+private import semmle.javascript.security.regexp.RegexTreeView::RegexTreeView as TreeView
+import codeql.regex.nfa.NfaUtils::Make<TreeView> as NfaUtils

 /** Holds if `s` is a relevant regexp term were we want to compute a string that matches the term (for `getCaseSensitiveBypassExample`). */
 predicate isCand(NfaUtils::State s) {
@@ -92,7 +93,7 @@ string getAnEndpointExample(Routing::RouteSetup endpoint) {
  )
 }

-import semmle.javascript.security.regexp.RegexpMatching as RegexpMatching
+import codeql.regex.nfa.RegexpMatching::Make<TreeView> as RegexpMatching

 NfaUtils::RegExpRoot getARoot(DataFlow::RegExpCreationNode creator) {
  result.getRootTerm() = creator.getRoot()