hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Re-factor ExponentialRegexDataFlow to use the new API.

Browse Source
This commit is contained in:
Michael Nebel
2023-04-14 12:14:57 +02:00
parent 8d5ca53126
commit ee7d15ac5d
1 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
View File

@@ -78,10 +78,12 @@ predicate isExponentialRegex(StringLiteral s) {
}
/**
* DEPRECATED: Use `ExponentialRegexDataflow` instead.
*
* A data flow configuration for tracking exponential worst case time regular expression string
* literals to the pattern argument of a regex.
*/
class ExponentialRegexDataflow extends DataFlow2::Configuration {
deprecated class ExponentialRegexDataflow extends DataFlow2::Configuration {
ExponentialRegexDataflow() { this = "ExponentialRegex" }
override predicate isSource(DataFlow::Node s) { isExponentialRegex(s.asExpr()) }
@@ -89,15 +91,27 @@ class ExponentialRegexDataflow extends DataFlow2::Configuration {
override predicate isSink(DataFlow::Node s) { s.asExpr() = any(RegexOperation c).getPattern() }
}
/**
* A data flow configuration for tracking exponential worst case time regular expression string
* literals to the pattern argument of a regex.
*/
private module ExponentialRegexDataFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node s) { isExponentialRegex(s.asExpr()) }
predicate isSink(DataFlow::Node s) { s.asExpr() = any(RegexOperation c).getPattern() }
}
module ExponentialRegexDataFlow = DataFlow::Global<ExponentialRegexDataFlowConfig>;
/**
* An expression passed as the `input` to a call to a `Regex` method, where the regex appears to
* have exponential behavior.
*/
class ExponentialRegexSink extends DataFlow::ExprNode, Sink {
ExponentialRegexSink() {
exists(ExponentialRegexDataflow regexDataflow, RegexOperation regexOperation |
exists(RegexOperation regexOperation |
// Exponential regex flows to the pattern argument
regexDataflow.hasFlow(_, DataFlow::exprNode(regexOperation.getPattern()))
ExponentialRegexDataFlow::flow(_, DataFlow::exprNode(regexOperation.getPattern()))
|
// This is used as an input for this pattern
this.getExpr() = regexOperation.getInput() and