Python: Add ReDoS as identical files from JS

The library specific file is `RegExpTreeView`.
The files are recorded as identical via the mapping
in `identical-files.json`.

Author: yoff

config/identical-files.json

@@ -448,5 +448,17 @@
   "SensitiveDataHeuristics Python/JS": [
     "javascript/ql/src/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
     "python/ql/src/semmle/python/security/internal/SensitiveDataHeuristics.qll"
+  ],
+  "ReDoS Util Python/JS": [
+    "javascript/ql/src/semmle/javascript/security/performance/ReDoSUtil.qll",
+    "python/ql/src/semmle/python/regex/ReDoSUtil.qll"
+  ],
+  "ReDoS Exponential Python/JS": [
+    "javascript/ql/src/semmle/javascript/security/performance/ExponentialBackTracking.qll",
+    "python/ql/src/semmle/python/regex/ExponentialBackTracking.qll"
+  ],
+  "ReDoS Polynomial Python/JS": [
+    "javascript/ql/src/semmle/javascript/security/performance/SuperlinearBackTracking.qll",
+    "python/ql/src/semmle/python/regex/SuperlinearBackTracking.qll"
   ]
 }

python/ql/src/Security/CWE-730/PolynomialBackTracking.ql

@@ -0,0 +1,6 @@
+import python
+import semmle.python.regex.SuperlinearBackTracking
+
+from PolynomialBackTrackingTerm t
+where t.getLocation().getFile().getBaseName() = "KnownCVEs.py"
+select t.getRegex(), t, t.getReason()

python/ql/src/Security/CWE-730/PolynomialReDoS.ql

@@ -0,0 +1,33 @@
+/**
+ * @name Polynomial regular expression used on uncontrolled data
+ * @description A regular expression that can require polynomial time
+ *              to match may be vulnerable to denial-of-service attacks.
+ * @kind path-problem
+ * @problem.severity warning
+ * @precision high
+ * @id py/polynomial-redos
+ * @tags security
+ *       external/cwe/cwe-730
+ *       external/cwe/cwe-400
+ */
+
+import python
+import semmle.python.regex.SuperlinearBackTracking
+import semmle.python.security.dataflow.PolynomialReDoS
+import DataFlow::PathGraph
+
+from
+  PolynomialReDoSConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink,
+  PolynomialReDoSSink sinkNode, PolynomialBackTrackingTerm regexp
+where
+  config.hasFlowPath(source, sink) and
+  sinkNode = sink.getNode() and
+  regexp.getRootTerm() = sinkNode.getRegExp()
+//   not (
+//     source.getNode().(Source).getKind() = "url" and
+//     regexp.isAtEndLine()
+//   )
+select sinkNode.getHighlight(), source, sink,
+  "This $@ that depends on $@ may run slow on strings " + regexp.getPrefixMessage() +
+    "with many repetitions of '" + regexp.getPumpString() + "'.", regexp, "regular expression",
+  source.getNode(), "a user-provided value"

python/ql/src/Security/CWE-730/ReDoS.ql

@@ -0,0 +1,25 @@
+/**
+ * @name Inefficient regular expression
+ * @description A regular expression that requires exponential time to match certain inputs
+ *              can be a performance bottleneck, and may be vulnerable to denial-of-service
+ *              attacks.
+ * @kind problem
+ * @problem.severity error
+ * @precision high
+ * @id py/redos
+ * @tags security
+ *       external/cwe/cwe-730
+ *       external/cwe/cwe-400
+ */
+
+import python
+import semmle.python.regex.ExponentialBackTracking
+
+from RegExpTerm t, string pump, State s, string prefixMsg
+where
+  hasReDoSResult(t, pump, s, prefixMsg) and
+  // exclude verbose mode regexes for now
+  not t.getRegex().getAMode() = "VERBOSE"
+select t,
+  "This part of the regular expression may cause exponential backtracking on strings " + prefixMsg +
+    "containing many repetitions of '" + pump + "'."