hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

rename query to overly-large-range, and rewrite the @description

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-07-12 15:06:23 +02:00
parent 9ecc3a2671
commit ff25451699
27 changed files with 57 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
java/ql/src/Security/CWE/CWE-020/SuspiciousRegexpRange.qhelp → java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.qhelp
View File

9
java/ql/src/Security/CWE/CWE-020/SuspiciousRegexpRange.ql → java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
View File

@@ -1,17 +1,18 @@
/**
* @name Suspicious regexp range
* @description Some ranges in regular expression might match more than intended.
* @name Overly large regular expression range
* @description Overly permissive regular expression ranges may cause regular expressions to match more than anticipated.
* This may allow an attacker to bypass a filter or sanitizer.
* @kind problem
* @problem.severity warning
* @security-severity 5.0
* @precision high
* @id java/suspicious-regexp-range
* @id java/overly-large-range
* @tags correctness
* security
* external/cwe/cwe-020
*/
import semmle.code.java.security.SuspiciousRegexpRangeQuery
import semmle.code.java.security.OverlyLargeRangeQuery
RegExpCharacterClass potentialMisparsedCharClass() {
// nested char classes are currently misparsed