Skip to content

Commit ff25451

Browse files
erik-krogherik-krogh
committed
rename query to overly-large-range, and rewrite the @description 
1 parent 9ecc3a2 commit ff25451

File tree

27 files changed

+57
-53
lines changed

27 files changed

+57
-53
lines changed

config/identical-files.json

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -506,11 +506,11 @@
506506
"python/ql/lib/semmle/python/security/BadTagFilterQuery.qll",
507507
"ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll"
508508
],
509-
"SuspiciousRegexRange Python/JS/Ruby/Java": [
510-
"javascript/ql/lib/semmle/javascript/security/SuspiciousRegexpRangeQuery.qll",
511-
"python/ql/lib/semmle/python/security/SuspiciousRegexpRangeQuery.qll",
512-
"ruby/ql/lib/codeql/ruby/security/SuspiciousRegexpRangeQuery.qll",
513-
"java/ql/lib/semmle/code/java/security/SuspiciousRegexpRangeQuery.qll"
509+
"OverlyLargeRange Python/JS/Ruby/Java": [
510+
"javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll",
511+
"python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll",
512+
"ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll",
513+
"java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll"
514514
],
515515
"CFG": [
516516
"csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll",

java/ql/lib/semmle/code/java/security/SuspiciousRegexpRangeQuery.qll renamed to java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll

File renamed without changes.

java/ql/src/Security/CWE/CWE-020/SuspiciousRegexpRange.qhelp renamed to java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.qhelp

File renamed without changes.

java/ql/src/Security/CWE/CWE-020/SuspiciousRegexpRange.ql renamed to java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,18 @@
11
/**
2-
* @name Suspicious regexp range
3-
* @description Some ranges in regular expression might match more than intended.
2+
* @name Overly large regular expression range
3+
* @description Overly permissive regular expression ranges may cause regular expressions to match more than anticipated.
4+
* This may allow an attacker to bypass a filter or sanitizer.
45
* @kind problem
56
* @problem.severity warning
67
* @security-severity 5.0
78
* @precision high
8-
* @id java/suspicious-regexp-range
9+
* @id java/overly-large-range
910
* @tags correctness
1011
* security
1112
* external/cwe/cwe-020
1213
*/
1314

14-
import semmle.code.java.security.SuspiciousRegexpRangeQuery
15+
import semmle.code.java.security.OverlyLargeRangeQuery
1516

1617
RegExpCharacterClass potentialMisparsedCharClass() {
1718
// nested char classes are currently misparsed

java/ql/test/query-tests/security/CWE-020/SuspiciousRegexpRange.expected renamed to java/ql/test/query-tests/security/CWE-020/OverlyLargeRangeQuery.expected

File renamed without changes.

java/ql/test/query-tests/security/CWE-020/OverlyLargeRangeQuery.qlref

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Security/CWE/CWE-020/OverlyLargeRange.ql

java/ql/test/query-tests/security/CWE-020/SuspiciousRegexpRange.qlref

Lines changed: 0 additions & 1 deletion
This file was deleted.

javascript/ql/lib/semmle/javascript/security/SuspiciousRegexpRangeQuery.qll renamed to javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll

File renamed without changes.

javascript/ql/src/Security/CWE-020/SuspiciousRegexpRange.qhelp renamed to javascript/ql/src/Security/CWE-020/OverlyLargeRange.qhelp

File renamed without changes.

javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
/**
2+
* @name Overly large regular expression range
3+
* @description Overly permissive regular expression ranges may cause regular expressions to match more than anticipated.
4+
* This may allow an attacker to bypass a filter or sanitizer.
5+
* @kind problem
6+
* @problem.severity warning
7+
* @security-severity 5.0
8+
* @precision high
9+
* @id js/overly-large-range
10+
* @tags correctness
11+
* security
12+
* external/cwe/cwe-020
13+
*/
14+
15+
import semmle.javascript.security.OverlyLargeRangeQuery
16+
17+
from RegExpCharacterRange range, string reason
18+
where problem(range, reason)
19+
select range, "Suspicious character range that " + reason + "."

0 commit comments

Comments
 (0)