Actions: Avoid blowup in quotation parser

asgerf · asgerf · commit 1904b026b2bf · 2025-02-05T13:35:52.000+01:00
The parser has an inherent N^2 blowup and will need a rewrite eventually. For now I'm just trying to make it not blow up as often.
diff --git a/actions/ql/lib/codeql/actions/Bash.qll b/actions/ql/lib/codeql/actions/Bash.qll
@@ -81,7 +81,9 @@ class BashShellScript extends ShellScript {
           "qstr:" + k + ":" + i + ":" + j + ":" + quotedStr.length() + ":" +
             quotedStr.regexpReplaceAll("[^a-zA-Z0-9]", "")
       )
-    )
+    ) and
+    // Only do this for strings that might otherwise disrupt subsequent parsing
+    quotedStr.regexpMatch("[\"'].*[$\n\r'\"" + Bash::separator() + "].*[\"']")
   }
 
   private predicate rankedQuotedStringReplacements(int i, string old, string new) {

Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,9 @@ class BashShellScript extends ShellScript {`
`81`	`81`	`"qstr:" + k + ":" + i + ":" + j + ":" + quotedStr.length() + ":" +`
`82`	`82`	`quotedStr.regexpReplaceAll("[^a-zA-Z0-9]", "")`
`83`	`83`	`)`
`84`		`- )`
	`84`	`+ ) and`
	`85`	`+ // Only do this for strings that might otherwise disrupt subsequent parsing`
	`86`	`+ quotedStr.regexpMatch("[\"'].[$\n\r'\"" + Bash::separator() + "].[\"']")`
`85`	`87`	`}`
`86`	`88`
`87`	`89`	`private predicate rankedQuotedStringReplacements(int i, string old, string new) {`