Skip to content

Commit 5d4c434

Browse files
erik-krogherik-krogh
committed
restrict char class matches to alpha-numeric chars
1 parent 59f0a41 commit 5d4c434

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,8 @@ DangerousPrefixSubstring getADangerousMatchedChar(EmptyReplaceRegExpTerm t) {
6767
or
6868
t.getAMatchedString() = result
6969
or
70-
ReDoSUtil::getCanonicalCharClass(t).(ReDoSUtil::CharacterClass).matches(result)
70+
ReDoSUtil::getCanonicalCharClass(t).(ReDoSUtil::CharacterClass).matches(result) and
71+
result.regexpMatch("\\w")
7172
or
7273
t instanceof RegExpDot and
7374
result.length() = 1

0 commit comments

Comments
 (0)