Skip to content

Commit b7e47e2

Browse files
d10cd10c
committed
Java: convert PolynomialReDoS and RegexInjection tests to .qlref
Leaves ReDoS.ql unmodified since it's not a dataflow query; just moves it to its own directory.
1 parent f5c7ef6 commit b7e47e2

18 files changed

+318
-157
lines changed

java/ql/test/query-tests/security/CWE-730/ExpRedosTest.java renamed to java/ql/test/query-tests/security/CWE-730/ExpRedos/ExpRedosTest.java

File renamed without changes.

java/ql/test/query-tests/security/CWE-730/ReDoS.expected renamed to java/ql/test/query-tests/security/CWE-730/ExpRedos/ReDoS.expected

File renamed without changes.

java/ql/test/query-tests/security/CWE-730/ReDoS.ql renamed to java/ql/test/query-tests/security/CWE-730/ExpRedos/ReDoS.ql

File renamed without changes.

java/ql/test/query-tests/security/CWE-730/ExpRedos/options

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/guava-30.0:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/apache-commons-lang3-3.7

java/ql/test/query-tests/security/CWE-730/PolyRedos/PolyRedosTest.java

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,84 @@
1+
import java.util.regex.Pattern;
2+
import java.util.function.Predicate;
3+
import javax.servlet.http.HttpServletRequest;
4+
import com.google.common.base.Splitter;
5+
6+
class PolyRedosTest {
7+
void test(HttpServletRequest request) {
8+
String tainted = request.getParameter("inp"); // $ Source
9+
String reg = "0\\.\\d+E?\\d+!";
10+
Predicate<String> dummyPred = (s -> s.length() % 7 == 0);
11+
12+
tainted.matches(reg); // $ Alert
13+
tainted.split(reg); // $ Alert
14+
tainted.split(reg, 7); // $ Alert
15+
tainted.replaceAll(reg, "a"); // $ Alert
16+
tainted.replaceFirst(reg, "a"); // $ Alert
17+
Pattern.matches(reg, tainted); // $ Alert
18+
Pattern.compile(reg).matcher(tainted).matches(); // $ Alert
19+
Pattern.compile(reg).split(tainted); // $ Alert
20+
Pattern.compile(reg, Pattern.DOTALL).split(tainted); // $ Alert
21+
Pattern.compile(reg).split(tainted, 7); // $ Alert
22+
Pattern.compile(reg).splitAsStream(tainted); // $ Alert
23+
Pattern.compile(reg).asPredicate().test(tainted); // $ Alert
24+
Pattern.compile(reg).asMatchPredicate().negate().and(dummyPred).or(dummyPred).test(tainted); // $ Alert
25+
Predicate.not(dummyPred.and(dummyPred.or(Pattern.compile(reg).asPredicate()))).test(tainted); // $ Alert
26+
27+
Splitter.on(Pattern.compile(reg)).split(tainted); // $ Alert
28+
Splitter.on(reg).split(tainted);
29+
Splitter.onPattern(reg).split(tainted); // $ Alert
30+
Splitter.onPattern(reg).splitToList(tainted); // $ Alert
31+
Splitter.onPattern(reg).limit(7).omitEmptyStrings().trimResults().split(tainted); // $ Alert
32+
Splitter.onPattern(reg).withKeyValueSeparator(" => ").split(tainted); // $ Alert
33+
Splitter.on(";").withKeyValueSeparator(reg).split(tainted);
34+
Splitter.on(";").withKeyValueSeparator(Splitter.onPattern(reg)).split(tainted); // $ Alert
35+
36+
}
37+
38+
void test2(HttpServletRequest request) {
39+
String tainted = request.getParameter("inp"); // $ Source
40+
41+
Pattern p1 = Pattern.compile(".*a");
42+
Pattern p2 = Pattern.compile(".*b");
43+
44+
p1.matcher(tainted).matches();
45+
p2.matcher(tainted).find(); // $ Alert
46+
}
47+
48+
void test3(HttpServletRequest request) {
49+
String tainted = request.getParameter("inp"); // $ Source
50+
51+
Pattern p1 = Pattern.compile("ab*b*");
52+
Pattern p2 = Pattern.compile("cd*d*");
53+
54+
p1.matcher(tainted).matches(); // $ Alert
55+
p2.matcher(tainted).find();
56+
}
57+
58+
void test4(HttpServletRequest request) {
59+
String tainted = request.getParameter("inp"); // $ Source
60+
61+
tainted.matches(".*a");
62+
tainted.replaceAll(".*b", "c"); // $ Alert
63+
}
64+
65+
static Pattern p3 = Pattern.compile(".*a");
66+
static Pattern p4 = Pattern.compile(".*b");
67+
68+
69+
void test5(HttpServletRequest request) {
70+
String tainted = request.getParameter("inp"); // $ Source
71+
72+
p3.asMatchPredicate().test(tainted);
73+
p4.asPredicate().test(tainted); // $ Alert
74+
}
75+
76+
void test6(HttpServletRequest request) {
77+
Pattern p = Pattern.compile("^a*a*$");
78+
79+
p.matcher(request.getParameter("inp")).matches(); // $ Alert
80+
p.matcher(request.getHeader("If-None-Match")).matches();
81+
p.matcher(request.getRequestURI()).matches();
82+
p.matcher(request.getCookies()[0].getName()).matches();
83+
}
84+
}

java/ql/test/query-tests/security/CWE-730/PolyRedos/PolynomialReDoS.expected

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
#select
2+
| PolyRedosTest.java:12:9:12:15 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:12:9:12:15 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
3+
| PolyRedosTest.java:13:9:13:15 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:13:9:13:15 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
4+
| PolyRedosTest.java:14:9:14:15 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:14:9:14:15 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
5+
| PolyRedosTest.java:15:9:15:15 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:15:9:15:15 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
6+
| PolyRedosTest.java:16:9:16:15 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:16:9:16:15 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
7+
| PolyRedosTest.java:17:30:17:36 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:17:30:17:36 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
8+
| PolyRedosTest.java:18:38:18:44 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:18:38:18:44 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
9+
| PolyRedosTest.java:19:36:19:42 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:19:36:19:42 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
10+
| PolyRedosTest.java:20:52:20:58 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:20:52:20:58 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
11+
| PolyRedosTest.java:21:36:21:42 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:21:36:21:42 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
12+
| PolyRedosTest.java:22:44:22:50 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:22:44:22:50 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
13+
| PolyRedosTest.java:23:49:23:55 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:23:49:23:55 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
14+
| PolyRedosTest.java:24:92:24:98 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:24:92:24:98 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
15+
| PolyRedosTest.java:25:93:25:99 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:25:93:25:99 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
16+
| PolyRedosTest.java:27:49:27:55 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:27:49:27:55 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
17+
| PolyRedosTest.java:29:39:29:45 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:29:39:29:45 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
18+
| PolyRedosTest.java:30:45:30:51 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:30:45:30:51 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
19+
| PolyRedosTest.java:31:81:31:87 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:31:81:31:87 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
20+
| PolyRedosTest.java:32:69:32:75 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:32:69:32:75 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
21+
| PolyRedosTest.java:34:79:34:85 | tainted | PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:34:79:34:85 | tainted | This $@ that depends on a $@ may run slow on strings starting with '0.9' and with many repetitions of '99'. | PolyRedosTest.java:9:33:9:36 | \\d+ | regular expression | PolyRedosTest.java:8:26:8:52 | getParameter(...) | user-provided value |
22+
| PolyRedosTest.java:45:20:45:26 | tainted | PolyRedosTest.java:39:26:39:52 | getParameter(...) : String | PolyRedosTest.java:45:20:45:26 | tainted | This $@ that depends on a $@ may run slow on strings with many repetitions of 'a'. | PolyRedosTest.java:42:39:42:40 | .* | regular expression | PolyRedosTest.java:39:26:39:52 | getParameter(...) | user-provided value |
23+
| PolyRedosTest.java:54:20:54:26 | tainted | PolyRedosTest.java:49:26:49:52 | getParameter(...) : String | PolyRedosTest.java:54:20:54:26 | tainted | This $@ that depends on a $@ may run slow on strings starting with 'a' and with many repetitions of 'b'. | PolyRedosTest.java:51:42:51:43 | b* | regular expression | PolyRedosTest.java:49:26:49:52 | getParameter(...) | user-provided value |
24+
| PolyRedosTest.java:62:9:62:15 | tainted | PolyRedosTest.java:59:26:59:52 | getParameter(...) : String | PolyRedosTest.java:62:9:62:15 | tainted | This $@ that depends on a $@ may run slow on strings with many repetitions of 'a'. | PolyRedosTest.java:62:29:62:30 | .* | regular expression | PolyRedosTest.java:59:26:59:52 | getParameter(...) | user-provided value |
25+
| PolyRedosTest.java:73:31:73:37 | tainted | PolyRedosTest.java:70:26:70:52 | getParameter(...) : String | PolyRedosTest.java:73:31:73:37 | tainted | This $@ that depends on a $@ may run slow on strings with many repetitions of 'a'. | PolyRedosTest.java:66:42:66:43 | .* | regular expression | PolyRedosTest.java:70:26:70:52 | getParameter(...) | user-provided value |
26+
| PolyRedosTest.java:79:19:79:45 | getParameter(...) | PolyRedosTest.java:79:19:79:45 | getParameter(...) | PolyRedosTest.java:79:19:79:45 | getParameter(...) | This $@ that depends on a $@ may run slow on strings with many repetitions of 'a'. | PolyRedosTest.java:77:41:77:42 | a* | regular expression | PolyRedosTest.java:79:19:79:45 | getParameter(...) | user-provided value |
27+
edges
28+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:12:9:12:15 | tainted | provenance | Src:MaD:1 |
29+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:13:9:13:15 | tainted | provenance | Src:MaD:1 |
30+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:14:9:14:15 | tainted | provenance | Src:MaD:1 |
31+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:15:9:15:15 | tainted | provenance | Src:MaD:1 |
32+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:16:9:16:15 | tainted | provenance | Src:MaD:1 |
33+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:17:30:17:36 | tainted | provenance | Src:MaD:1 |
34+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:18:38:18:44 | tainted | provenance | Src:MaD:1 |
35+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:19:36:19:42 | tainted | provenance | Src:MaD:1 |
36+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:20:52:20:58 | tainted | provenance | Src:MaD:1 |
37+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:21:36:21:42 | tainted | provenance | Src:MaD:1 |
38+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:22:44:22:50 | tainted | provenance | Src:MaD:1 |
39+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:23:49:23:55 | tainted | provenance | Src:MaD:1 |
40+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:24:92:24:98 | tainted | provenance | Src:MaD:1 |
41+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:25:93:25:99 | tainted | provenance | Src:MaD:1 |
42+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:27:49:27:55 | tainted | provenance | Src:MaD:1 |
43+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:29:39:29:45 | tainted | provenance | Src:MaD:1 |
44+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:30:45:30:51 | tainted | provenance | Src:MaD:1 |
45+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:31:81:31:87 | tainted | provenance | Src:MaD:1 |
46+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:32:69:32:75 | tainted | provenance | Src:MaD:1 |
47+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | PolyRedosTest.java:34:79:34:85 | tainted | provenance | Src:MaD:1 |
48+
| PolyRedosTest.java:39:26:39:52 | getParameter(...) : String | PolyRedosTest.java:45:20:45:26 | tainted | provenance | Src:MaD:1 |
49+
| PolyRedosTest.java:49:26:49:52 | getParameter(...) : String | PolyRedosTest.java:54:20:54:26 | tainted | provenance | Src:MaD:1 |
50+
| PolyRedosTest.java:59:26:59:52 | getParameter(...) : String | PolyRedosTest.java:62:9:62:15 | tainted | provenance | Src:MaD:1 |
51+
| PolyRedosTest.java:70:26:70:52 | getParameter(...) : String | PolyRedosTest.java:73:31:73:37 | tainted | provenance | Src:MaD:1 |
52+
models
53+
| 1 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
54+
nodes
55+
| PolyRedosTest.java:8:26:8:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
56+
| PolyRedosTest.java:12:9:12:15 | tainted | semmle.label | tainted |
57+
| PolyRedosTest.java:13:9:13:15 | tainted | semmle.label | tainted |
58+
| PolyRedosTest.java:14:9:14:15 | tainted | semmle.label | tainted |
59+
| PolyRedosTest.java:15:9:15:15 | tainted | semmle.label | tainted |
60+
| PolyRedosTest.java:16:9:16:15 | tainted | semmle.label | tainted |
61+
| PolyRedosTest.java:17:30:17:36 | tainted | semmle.label | tainted |
62+
| PolyRedosTest.java:18:38:18:44 | tainted | semmle.label | tainted |
63+
| PolyRedosTest.java:19:36:19:42 | tainted | semmle.label | tainted |
64+
| PolyRedosTest.java:20:52:20:58 | tainted | semmle.label | tainted |
65+
| PolyRedosTest.java:21:36:21:42 | tainted | semmle.label | tainted |
66+
| PolyRedosTest.java:22:44:22:50 | tainted | semmle.label | tainted |
67+
| PolyRedosTest.java:23:49:23:55 | tainted | semmle.label | tainted |
68+
| PolyRedosTest.java:24:92:24:98 | tainted | semmle.label | tainted |
69+
| PolyRedosTest.java:25:93:25:99 | tainted | semmle.label | tainted |
70+
| PolyRedosTest.java:27:49:27:55 | tainted | semmle.label | tainted |
71+
| PolyRedosTest.java:29:39:29:45 | tainted | semmle.label | tainted |
72+
| PolyRedosTest.java:30:45:30:51 | tainted | semmle.label | tainted |
73+
| PolyRedosTest.java:31:81:31:87 | tainted | semmle.label | tainted |
74+
| PolyRedosTest.java:32:69:32:75 | tainted | semmle.label | tainted |
75+
| PolyRedosTest.java:34:79:34:85 | tainted | semmle.label | tainted |
76+
| PolyRedosTest.java:39:26:39:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
77+
| PolyRedosTest.java:45:20:45:26 | tainted | semmle.label | tainted |
78+
| PolyRedosTest.java:49:26:49:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
79+
| PolyRedosTest.java:54:20:54:26 | tainted | semmle.label | tainted |
80+
| PolyRedosTest.java:59:26:59:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
81+
| PolyRedosTest.java:62:9:62:15 | tainted | semmle.label | tainted |
82+
| PolyRedosTest.java:70:26:70:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
83+
| PolyRedosTest.java:73:31:73:37 | tainted | semmle.label | tainted |
84+
| PolyRedosTest.java:79:19:79:45 | getParameter(...) | semmle.label | getParameter(...) |
85+
subpaths

java/ql/test/query-tests/security/CWE-730/PolyRedos/PolynomialReDoS.qlref

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
query: Security/CWE/CWE-730/PolynomialReDoS.ql
2+
postprocess:
3+
- utils/test/PrettyPrintModels.ql
4+
- utils/test/InlineExpectationsTestQuery.ql

java/ql/test/query-tests/security/CWE-730/PolyRedos/options

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/guava-30.0:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/apache-commons-lang3-3.7

0 commit comments

Comments
 (0)