File tree Expand file tree Collapse file tree 2 files changed +17
-3
lines changed
src/queries/security/cwe-020
test/query-tests/security/cwe-020/SuspiciousRegexpRange Expand file tree Collapse file tree 2 files changed +17
-3
lines changed Original file line number Diff line number Diff line change 1313
1414import codeql.ruby.security.SuspiciousRegexpRangeQuery
1515
16+ RegExpCharacterClass potentialMisparsedCharClass ( ) {
17+ // some escapes, e.g. [\000-\037] are currently misparsed.
18+ result .getAChild ( ) .( RegExpNormalChar ) .getValue ( ) = "\\"
19+ or
20+ // nested char classes are currently misparsed
21+ result .getAChild ( ) .( RegExpNormalChar ) .getValue ( ) = "["
22+ }
23+
1624from RegExpCharacterRange range , string reason
17- where problem ( range , reason )
25+ where
26+ problem ( range , reason ) and
27+ not range .getParent ( ) = potentialMisparsedCharClass ( )
1828select range , "Suspicious character range that " + reason + "."
Original file line number Diff line number Diff line change 88
99printable = /[!-~]/ # OK - used to select most printable ASCII characters
1010
11- codePoints = /[^\x21 -\x7E ]|[[\] (){}<>/ %] /g # OK
11+ codePoints = /[^\x21 -\x7E ]|[\ [\] (){}<>\ / # OK
1212
13- NON_ALPHANUMERIC_REGEXP = /([^\# -~| |!])/g # OK
13+ NON_ALPHANUMERIC_REGEXP = /([^\# -~| |!])/ # OK
1414
1515smallOverlap = /[0-9a-fA-f]/ # NOT OK
1616
2525overlapsWithClass1 = /[0-9\d ]/ # NOT OK
2626
2727overlapsWithClass2 = /[\w ,.-?:*+]/ # NOT OK
28+
29+ escapes = /[\000 -\037 \047 \134 \177 -\377 ]/n # OK - they are escapes
30+
31+ nested = /[a-z&&[^a-c]]/ # OK
You can’t perform that action at this time.
0 commit comments