hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Address review comment

Browse Source 
Handle more regex cases that cover line breaks
This commit is contained in:
Tony Torralba
2022-10-07 10:13:39 +02:00
parent e167d3ce00
commit f5702f5c69
2 changed files with 64 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/lib/semmle/code/java/security/LogInjection.qll
View File

@@ -68,10 +68,10 @@ private predicate logInjectionSanitizer(MethodAccess ma) {
(
// Replace anything not in an allow list
target.getStringValue().matches("[^%]") and
not target.getStringValue().matches(["%\n%", "%\r%"])
not target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
or
// Replace line breaks
target.getStringValue() = ["\n", "\r"]
target.getStringValue() = ["\n", "\r", "\\n", "\\r", "\\R"]
)
)
}
@@ -103,17 +103,17 @@ private predicate logInjectionGuard(Guard g, Expr e, boolean branch) {
// Allow anything except line breaks
(
not target.getStringValue().matches("%[^%]%") and
not target.getStringValue().matches(["%\n%", "%\r%"])
not target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
or
target.getStringValue().matches(["%[^%\n%]%", "%[^%\r%]%"])
target.getStringValue().matches("%[^%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%]%")
) and
branch = true
or
// Disallow line breaks
(
not target.getStringValue().matches(["%[^%\n%]%", "%[^%\r%]%"]) and
not target.getStringValue().matches("%[^%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%]%") and
// Assuming a regex containing line breaks is correctly matching line breaks in a string
target.getStringValue().matches(["%\n%", "%\r%"])
target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
) and
branch = false
)