Use new regex-related classes (no functional change)

2026-02-24 02:43:40 +01:00 · 2026-02-10 14:51:08 +00:00
parent 44eeee5757
commit fa3fba4a00
3 changed files with 13 additions and 80 deletions
--- a/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
@@ -31,11 +31,9 @@ private class ExternalRegexInjectionSanitizer extends RegexInjectionSanitizer {
 */
 private class PatternLiteralFlag extends RegexInjectionSanitizer {
  PatternLiteralFlag() {
-    exists(MethodCall ma, Method m, PatternLiteralField field | m = ma.getMethod() |
-      ma.getArgument(0) = this.asExpr() and
-      m.getDeclaringType() instanceof TypeRegexPattern and
-      m.hasName("compile") and
-      ma.getArgument(1) = field.getAnAccess()
+    exists(PatternCompileCall pcc, PatternLiteralField field |
+      pcc.getArgument(0) = this.asExpr() and
+      pcc.getArgument(1) = field.getAnAccess()
    )
  }
 }
--- a/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegexQuery.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegexQuery.qll
@@ -7,7 +7,7 @@ private import semmle.code.java.dataflow.FlowSources
 import experimental.semmle.code.java.security.SpringUrlRedirect
 import semmle.code.java.controlflow.Guards
 import semmle.code.java.security.UrlRedirect
-import Regex
+private import semmle.code.java.frameworks.Regex

 overlay[local?]
 private class ActivateModels extends ActiveExperimentalModels {
@@ -81,11 +81,11 @@ private class CompileRegexSink extends DataFlow::ExprNode {
      (
        ma.getArgument(0) = this.asExpr() and
        (
-          m instanceof StringMatchMethod // input.matches(regexPattern)
+          ma instanceof StringMatchesCall // input.matches(regexPattern)
          or
-          m instanceof PatternCompileMethod // p = Pattern.compile(regexPattern)
+          ma instanceof PatternCompileCall // p = Pattern.compile(regexPattern)
          or
-          m instanceof PatternMatchMethod // p = Pattern.matches(regexPattern, input)
+          ma instanceof PatternMatchesCall // p = Pattern.matches(regexPattern, input)
        )
      )
    )
@@ -107,7 +107,7 @@ private module PermissiveDotRegexConfig implements DataFlow::ConfigSig {
      ma.getMethod() instanceof PatternCompileMethod and
      ma.getArgument(1) = f.getAnAccess() and
      f.hasName("DOTALL") and
-      f.getDeclaringType() instanceof Pattern and
+      f.getDeclaringType() instanceof TypeRegexPattern and
      node.asExpr() = ma.getArgument(0)
    )
  }
@@ -147,11 +147,11 @@ module MatchRegexConfig implements DataFlow::ConfigSig {
    ) and
    exists(MethodCall ma | PermissiveDotRegexFlow::flowToExpr(ma.getArgument(0)) |
      // input.matches(regexPattern)
-      ma.getMethod() instanceof StringMatchMethod and
+      ma instanceof StringMatchesCall and
      ma.getQualifier() = sink.asExpr()
      or
      // p = Pattern.compile(regexPattern); p.matcher(input)
-      ma.getMethod() instanceof PatternCompileMethod and
+      ma instanceof PatternCompileCall and
      exists(MethodCall pma |
        pma.getMethod() instanceof PatternMatcherMethod and
        sink.asExpr() = pma.getArgument(0) and
@@ -159,7 +159,7 @@ module MatchRegexConfig implements DataFlow::ConfigSig {
      )
      or
      // p = Pattern.matches(regexPattern, input)
-      ma.getMethod() instanceof PatternMatchMethod and
+      ma instanceof PatternMatchesCall and
      sink.asExpr() = ma.getArgument(1)
    )
  }
@@ -176,28 +176,14 @@ abstract class MatchRegexSink extends DataFlow::ExprNode { }
 * A string being matched against a regular expression.
 */
 private class StringMatchRegexSink extends MatchRegexSink {
-  StringMatchRegexSink() {
-    exists(MethodCall ma, Method m | m = ma.getMethod() |
-      (
-        m instanceof StringMatchMethod and
-        ma.getQualifier() = this.asExpr()
-      )
-    )
-  }
+  StringMatchRegexSink() { any(StringMatchesCall mc).getQualifier() = this.asExpr() }
 }

 /**
 * A string being matched against a regular expression using a pattern.
 */
 private class PatternMatchRegexSink extends MatchRegexSink {
-  PatternMatchRegexSink() {
-    exists(MethodCall ma, Method m | m = ma.getMethod() |
-      (
-        m instanceof PatternMatchMethod and
-        ma.getArgument(1) = this.asExpr()
-      )
-    )
-  }
+  PatternMatchRegexSink() { any(PatternMatchesCall mc).getArgument(1) = this.asExpr() }
 }

 /**
--- a/java/ql/src/experimental/Security/CWE/CWE-625/Regex.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-625/Regex.qll
@@ -1,51 +0,0 @@
-/** Provides methods related to regular expression matching. */
-deprecated module;
-
-import java
-
-/**
- * The class `java.util.regex.Pattern`.
- */
-class Pattern extends RefType {
-  Pattern() { this.hasQualifiedName("java.util.regex", "Pattern") }
-}
-
-/**
- * The method `compile` of `java.util.regex.Pattern`.
- */
-class PatternCompileMethod extends Method {
-  PatternCompileMethod() {
-    this.getDeclaringType().getASupertype*() instanceof Pattern and
-    this.hasName("compile")
-  }
-}
-
-/**
- * The method `matches` of `java.util.regex.Pattern`.
- */
-class PatternMatchMethod extends Method {
-  PatternMatchMethod() {
-    this.getDeclaringType().getASupertype*() instanceof Pattern and
-    this.hasName("matches")
-  }
-}
-
-/**
- * The method `matcher` of `java.util.regex.Pattern`.
- */
-class PatternMatcherMethod extends Method {
-  PatternMatcherMethod() {
-    this.getDeclaringType().getASupertype*() instanceof Pattern and
-    this.hasName("matcher")
-  }
-}
-
-/**
- * The method `matches` of `java.lang.String`.
- */
-class StringMatchMethod extends Method {
-  StringMatchMethod() {
-    this.getDeclaringType().getASupertype*() instanceof TypeString and
-    this.hasName("matches")
-  }
-}