Python: Add tests for py/polynomial-redos

RasmusWL · RasmusWL · commit 76caf43b541e · 2021-07-15T14:15:44.000+02:00
diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected
@@ -0,0 +1,3 @@
+edges
+nodes
+#select
diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.qlref b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.qlref
@@ -0,0 +1 @@
+Security/CWE-730/PolynomialReDoS.ql
diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/test.py b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/test.py
@@ -0,0 +1,9 @@
+import re
+from flask import Flask, request
+app = Flask(__name__)
+
+@app.route("/poly-redos")
+def code_execution():
+    text = request.args.get("text")
+    re.sub(r"^\s+|\s+$", "", text) # NOT OK
+    re.match(r"^0\.\d+E?\d+$", text) # NOT OK
