hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/java/ql/test/query-tests/security/CWE-020/SuspiciousRegexpRange.java
Erik Krogh Kristensen 9ecc3a2671 filter out potential misparses from java/suspicious-regexp-range
2022-06-29 13:16:40 +02:00

38 lines
1.4 KiB
Java
Raw Permalink Blame History

import java.util.regex.Pattern;
class SuspiciousRegexpRange {
void test() {
Pattern overlap1 = Pattern.compile("^[0-93-5]*$"); // NOT OK
Pattern overlap2 = Pattern.compile("[A-ZA-z]*"); // NOT OK
Pattern isEmpty = Pattern.compile("^[z-a]*$"); // NOT OK
Pattern isAscii = Pattern.compile("^[\\x00-\\x7F]*$"); // OK
Pattern printable = Pattern.compile("[!-~]*"); // OK - used to select most printable ASCII characters
Pattern codePoints = Pattern.compile("[^\\x21-\\x7E]|[[\\](){}<>/%]*"); // OK
Pattern NON_ALPHANUMERIC_REGEXP = Pattern.compile("([^\\#-~| |!])*"); // OK
Pattern smallOverlap = Pattern.compile("[0-9a-fA-f]*"); // NOT OK
Pattern weirdRange = Pattern.compile("[$-`]*"); // NOT OK
Pattern keywordOperator = Pattern.compile("[!\\~\\*\\/%+-<>\\^|=&]*"); // NOT OK
Pattern notYoutube = Pattern.compile("youtu.be/[a-z1-9.-_]+"); // NOT OK
Pattern numberToLetter = Pattern.compile("[7-F]*"); // NOT OK
Pattern overlapsWithClass1 = Pattern.compile("[0-9\\d]*"); // NOT OK
Pattern overlapsWithClass2 = Pattern.compile("[\\w,.-?:*+]*"); // NOT OK
Pattern nested = Pattern.compile("[[A-Za-z_][A-Za-z0-9._-]]*"); // OK, the dash it at the end
Pattern octal = Pattern.compile("[\000-\037\040-\045]*"); // OK
}
}
Reference in New Issue View Git Blame Copy Permalink