hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9422 from erik-krogh/refacReDoS

Browse Source 
Refactorizations of the ReDoS libraries
This commit is contained in:
Erik Krogh Kristensen
2022-08-16 09:32:08 +02:00
committed by GitHub
parent 79bae0caeb 3a4a3437b5
commit f106e064fa
112 changed files with 9752 additions and 9409 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/Performance/PolynomialReDoS.ql
View File

@@ -14,8 +14,8 @@
*/
import javascript
import semmle.javascript.security.performance.PolynomialReDoS::PolynomialReDoS
import semmle.javascript.security.performance.SuperlinearBackTracking
import semmle.javascript.security.regexp.PolynomialReDoSQuery
import semmle.javascript.security.regexp.SuperlinearBackTracking
import DataFlow::PathGraph
from

4
javascript/ql/src/Performance/ReDoS.ql
View File

@@ -15,8 +15,8 @@
*/
import javascript
import semmle.javascript.security.performance.ReDoSUtil
import semmle.javascript.security.performance.ExponentialBackTracking
import semmle.javascript.security.regexp.NfaUtils
import semmle.javascript.security.regexp.ExponentialBackTracking
from RegExpTerm t, string pump, State s, string prefixMsg
where hasReDoSResult(t, pump, s, prefixMsg)

6
javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
View File

@@ -57,7 +57,7 @@ DangerousPrefix getADangerousMatchedPrefix(EmptyReplaceRegExpTerm t) {
not exists(EmptyReplaceRegExpTerm pred | pred = t.getPredecessor+() and not pred.isNullable())
}
private import semmle.javascript.security.performance.ReDoSUtil as ReDoSUtil
private import semmle.javascript.security.regexp.NfaUtils as NfaUtils
/**
* Gets a char from a dangerous prefix that is matched by `t`.
@@ -69,8 +69,8 @@ DangerousPrefixSubstring getADangerousMatchedChar(EmptyReplaceRegExpTerm t) {
t.getAMatchedString() = result
or
// A substring matched by some character class. This is only used to match the "word" part of a HTML tag (e.g. "iframe" in "<iframe").
exists(ReDoSUtil::CharacterClass cc |
cc = ReDoSUtil::getCanonicalCharClass(t) and
exists(NfaUtils::CharacterClass cc |
cc = NfaUtils::getCanonicalCharClass(t) and
cc.matches(result) and
result.regexpMatch("\\w") and
// excluding character classes that match ">" (e.g. /<[^<]*>/), as these might consume nested HTML tags, and thus prevent the dangerous pattern this query is looking for.