change string match to regex match

retanoj · retanoj · commit b0c86d8e51fa · 2022-12-06T21:50:09.000+08:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll
@@ -154,7 +154,7 @@ predicate isMybatisXmlOrAnnotationSqlInjection(
         or
         unsafeExpression.matches("${arg" + i + "%}")
         or
-        unsafeExpression.matches("${" + ma.getMethod().getParameter(i).getName() + "}")
+        unsafeExpression.regexpMatch("\\$\\{\\s*" + ma.getMethod().getParameter(i).getName() + "\\s*(,.*?)?\\s*\\}")
       ) and
       ma.getArgument(i) = node.asExpr()
     )

Original file line number	Diff line number	Diff line change
`@@ -154,7 +154,7 @@ predicate isMybatisXmlOrAnnotationSqlInjection(`
`154`	`154`	`or`
`155`	`155`	`unsafeExpression.matches("${arg" + i + "%}")`
`156`	`156`	`or`
`157`		`- unsafeExpression.matches("${" + ma.getMethod().getParameter(i).getName() + "}")`
	`157`	`+ unsafeExpression.regexpMatch("\\$\\{\\s" + ma.getMethod().getParameter(i).getName() + "\\s(,.?)?\\s\\}")`
`158`	`158`	`) and`
`159`	`159`	`ma.getArgument(i) = node.asExpr()`
`160`	`160`	`)`