Skip to content

Commit dc06e9d

Browse files
erik-krogherik-krogh
committed
move predicates that depend on isReDoSCandidate into a ReDoSPruning module
1 parent 3248f7b commit dc06e9d

File tree

12 files changed

+1164
-1156
lines changed

12 files changed

+1164
-1156
lines changed

java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll

Lines changed: 289 additions & 287 deletions
Large diffs are not rendered by default.

java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -391,7 +391,7 @@ predicate isPumpable(State pivot, State succ, string pump) {
391391
*/
392392
predicate polynimalReDoS(RegExpTerm t, string pump, string prefixMsg, RegExpTerm prev) {
393393
exists(State s, State pivot |
394-
hasReDoSResult(t, pump, s, prefixMsg) and
394+
ReDoSPruning::hasReDoSResult(t, pump, s, prefixMsg) and
395395
isPumpable(pivot, s, _) and
396396
prev = pivot.getRepr()
397397
)

java/ql/test/query-tests/security/CWE-730/ReDoS.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ class HasExpRedos extends InlineExpectationsTest {
1111
override predicate hasActualResult(Location location, string element, string tag, string value) {
1212
tag = "hasExpRedos" and
1313
exists(RegExpTerm t, string pump, State s, string prefixMsg |
14-
hasReDoSResult(t, pump, s, prefixMsg) and
14+
ReDoSPruning::hasReDoSResult(t, pump, s, prefixMsg) and
1515
not t.getRegex().getAMode() = "VERBOSE" and
1616
value = "" and
1717
location = t.getLocation() and

0 commit comments

Comments
 (0)