Python: Fix py/polynomial-redos

RasmusWL · RasmusWL · commit a5834c4d780f · 2021-07-15T14:16:19.000+02:00
diff --git a/python/ql/src/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll b/python/ql/src/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll
@@ -56,7 +56,7 @@ module PolynomialReDoS {
   /**
    * A regex execution, considered as a flow sink.
    */
-  class RegexExecutionAsSink extends DataFlow::Node {
+  class RegexExecutionAsSink extends Sink {
     RegExpTerm t;
 
     RegexExecutionAsSink() {
@@ -68,7 +68,7 @@ module PolynomialReDoS {
     }
 
     /** Gets the regex that is being executed by this node. */
-    RegExpTerm getRegExp() { result = t }
+    override RegExpTerm getRegExp() { result = t }
   }
 
   /**
diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected
@@ -1,3 +1,12 @@
 edges
+| test.py:7:12:7:18 | ControlFlowNode for request | test.py:7:12:7:23 | ControlFlowNode for Attribute |
+| test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:8:30:8:33 | ControlFlowNode for text |
+| test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:9:32:9:35 | ControlFlowNode for text |
 nodes
+| test.py:7:12:7:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| test.py:7:12:7:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| test.py:8:30:8:33 | ControlFlowNode for text | semmle.label | ControlFlowNode for text |
+| test.py:9:32:9:35 | ControlFlowNode for text | semmle.label | ControlFlowNode for text |
 #select
+| test.py:8:30:8:33 | ControlFlowNode for text | test.py:7:12:7:18 | ControlFlowNode for request | test.py:8:30:8:33 | ControlFlowNode for text | This $@ that depends on $@ may run slow on strings with many repetitions of ' '. | test.py:8:21:8:23 | \\s+ | regular expression | test.py:7:12:7:18 | ControlFlowNode for request | a user-provided value |
+| test.py:9:32:9:35 | ControlFlowNode for text | test.py:7:12:7:18 | ControlFlowNode for request | test.py:9:32:9:35 | ControlFlowNode for text | This $@ that depends on $@ may run slow on strings with many repetitions of '99'. | test.py:9:27:9:29 | \\d+ | regular expression | test.py:7:12:7:18 | ControlFlowNode for request | a user-provided value |

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ module PolynomialReDoS {`
`56`	`56`	`/**`
`57`	`57`	`* A regex execution, considered as a flow sink.`
`58`	`58`	`*/`
`59`		`- class RegexExecutionAsSink extends DataFlow::Node {`
	`59`	`+ class RegexExecutionAsSink extends Sink {`
`60`	`60`	`RegExpTerm t;`
`61`	`61`
`62`	`62`	`RegexExecutionAsSink() {`
`@@ -68,7 +68,7 @@ module PolynomialReDoS {`
`68`	`68`	`}`
`69`	`69`
`70`	`70`	`/** Gets the regex that is being executed by this node. */`
`71`		`- RegExpTerm getRegExp() { result = t }`
	`71`	`+ override RegExpTerm getRegExp() { result = t }`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`/**`