mirror of
https://github.com/github/codeql.git
synced 2025-12-24 20:56:33 +01:00
27 lines
774 B
Plaintext
27 lines
774 B
Plaintext
/**
|
|
* @name Unbound back reference
|
|
* @description Regular expression escape sequences of the form '\n', where 'n' is a positive number
|
|
* greater than the number of capture groups in the regular expression, are not allowed
|
|
* by the ECMAScript standard.
|
|
* @kind problem
|
|
* @problem.severity warning
|
|
* @id js/regex/unbound-back-reference
|
|
* @tags reliability
|
|
* correctness
|
|
* regular-expressions
|
|
* @precision very-high
|
|
*/
|
|
|
|
import javascript
|
|
|
|
from RegExpBackRef rebr, string ref
|
|
where
|
|
rebr.isPartOfRegExpLiteral() and
|
|
not exists(rebr.getGroup()) and
|
|
(
|
|
ref = rebr.getNumber().toString()
|
|
or
|
|
ref = "named '" + rebr.getName() + "'"
|
|
)
|
|
select rebr, "There is no capture group " + ref + " in this regular expression."
|