Skip to content

Commit 13482fc

Browse files
committed
rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp"
1 parent bbc8cb3 commit 13482fc

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

44 files changed

+78
-98
lines changed

config/identical-files.json

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -484,27 +484,27 @@
484484
"ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll"
485485
],
486486
"ReDoS Util Python/JS/Ruby/Java": [
487-
"javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll",
488-
"python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll",
489-
"ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll",
490-
"java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll"
487+
"javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll",
488+
"python/ql/lib/semmle/python/security/regexp/NfaUtils.qll",
489+
"ruby/ql/lib/codeql/ruby/security/regexp/NfaUtils.qll",
490+
"java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll"
491491
],
492492
"ReDoS Exponential Python/JS/Ruby/Java": [
493-
"javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll",
494-
"python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll",
495-
"ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll",
496-
"java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll"
493+
"javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll",
494+
"python/ql/lib/semmle/python/security/regexp/ExponentialBackTracking.qll",
495+
"ruby/ql/lib/codeql/ruby/security/regexp/ExponentialBackTracking.qll",
496+
"java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll"
497497
],
498498
"ReDoS Polynomial Python/JS/Ruby/Java": [
499-
"javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll",
500-
"python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll",
501-
"ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll",
502-
"java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll"
499+
"javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll",
500+
"python/ql/lib/semmle/python/security/regexp/SuperlinearBackTracking.qll",
501+
"ruby/ql/lib/codeql/ruby/security/regexp/SuperlinearBackTracking.qll",
502+
"java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll"
503503
],
504504
"RegexpMatching Python/JS/Ruby": [
505-
"javascript/ql/lib/semmle/javascript/security/performance/RegexpMatching.qll",
506-
"python/ql/lib/semmle/python/security/performance/RegexpMatching.qll",
507-
"ruby/ql/lib/codeql/ruby/security/performance/RegexpMatching.qll"
505+
"javascript/ql/lib/semmle/javascript/security/regexp/RegexpMatching.qll",
506+
"python/ql/lib/semmle/python/security/regexp/RegexpMatching.qll",
507+
"ruby/ql/lib/codeql/ruby/security/regexp/RegexpMatching.qll"
508508
],
509509
"BadTagFilterQuery Python/JS/Ruby": [
510510
"javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll",

java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll renamed to java/ql/lib/semmle/code/java/security/regexp/ExponentialBackTracking.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@
6262
* a suffix `x` (possible empty) that is most likely __not__ accepted.
6363
*/
6464

65-
import ReDoSUtil
65+
import NfaUtils
6666

6767
/**
6868
* Holds if state `s` might be inside a backtracking repetition.

javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll renamed to java/ql/lib/semmle/code/java/security/regexp/NfaUtils.qll

Lines changed: 6 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,13 @@
11
/**
2-
* Provides classes for working with regular expressions that can
3-
* perform backtracking in superlinear/exponential time.
2+
* Provides classes and predicates for constructing an NFA from
3+
* a regular expression, and various utilities for reasoning about
4+
* the resulting NFA.
45
*
5-
* This module contains a number of utility predicates for compiling a regular expression into a NFA and reasoning about this NFA.
6-
*
7-
* The `ReDoSConfiguration` contains a `isReDoSCandidate` predicate that is used to
8-
* to determine which states the prefix/suffix search should happen on.
9-
* There is only meant to exist one `ReDoSConfiguration` at a time.
10-
*
11-
* The predicate `hasReDoSResult` outputs a de-duplicated set of
12-
* states that will cause backtracking (a rejecting suffix exists).
6+
* These utilities are used both by the ReDoS queries and by
7+
* other queries that benefit from reasoning about NFAs.
138
*/
149

15-
import ReDoSUtilSpecific
10+
import NfaUtilsSpecific
1611

1712
/**
1813
* Gets the char after `c` (from a simplified ASCII table).

java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll renamed to java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/** Definitions and configurations for the Polynomial ReDoS query */
22

3-
import semmle.code.java.security.performance.SuperlinearBackTracking
3+
import semmle.code.java.security.regexp.SuperlinearBackTracking
44
import semmle.code.java.dataflow.DataFlow
55
import semmle.code.java.regex.RegexTreeView
66
import semmle.code.java.regex.RegexFlowConfigs

python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll renamed to java/ql/lib/semmle/code/java/security/regexp/SuperlinearBackTracking.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
* perform backtracking in superlinear time.
44
*/
55

6-
import ReDoSUtil
6+
import NfaUtils
77

88
/*
99
* This module implements the analysis described in the paper:

java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
*/
1414

1515
import java
16-
import semmle.code.java.security.performance.PolynomialReDoSQuery
16+
import semmle.code.java.security.regexp.PolynomialReDoSQuery
1717
import DataFlow::PathGraph
1818

1919
from DataFlow::PathNode source, DataFlow::PathNode sink, PolynomialBackTrackingTerm regexp

java/ql/src/Security/CWE/CWE-730/ReDoS.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
*/
1515

1616
import java
17-
import semmle.code.java.security.performance.ExponentialBackTracking
17+
import semmle.code.java.security.regexp.ExponentialBackTracking
1818

1919
from RegExpTerm t, string pump, State s, string prefixMsg
2020
where

java/ql/test/query-tests/security/CWE-730/PolynomialReDoS.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import java
22
import TestUtilities.InlineExpectationsTest
3-
import semmle.code.java.security.performance.PolynomialReDoSQuery
3+
import semmle.code.java.security.regexp.PolynomialReDoSQuery
44

55
class HasPolyRedos extends InlineExpectationsTest {
66
HasPolyRedos() { this = "HasPolyRedos" }

java/ql/test/query-tests/security/CWE-730/ReDoS.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import java
22
import TestUtilities.InlineExpectationsTest
3-
import semmle.code.java.security.performance.ExponentialBackTracking
3+
import semmle.code.java.security.regexp.ExponentialBackTracking
44
import semmle.code.java.regex.regex
55

66
class HasExpRedos extends InlineExpectationsTest {

0 commit comments

Comments
 (0)