Merge pull request github#6300 from RasmusWL/redos-tests

Python: Fix `py/polynomial-redos`

Author: tausbn

python/ql/src/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll

@@ -56,7 +56,7 @@ module PolynomialReDoS {
   /**
    * A regex execution, considered as a flow sink.
    */
-  class RegexExecutionAsSink extends DataFlow::Node {
+  class RegexExecutionAsSink extends Sink {
     RegExpTerm t;
 
     RegexExecutionAsSink() {
@@ -68,7 +68,7 @@ module PolynomialReDoS {
     }
 
     /** Gets the regex that is being executed by this node. */
-    RegExpTerm getRegExp() { result = t }
+    override RegExpTerm getRegExp() { result = t }
   }
 
   /**

python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.expected

@@ -0,0 +1,12 @@
+edges
+| test.py:7:12:7:18 | ControlFlowNode for request | test.py:7:12:7:23 | ControlFlowNode for Attribute |
+| test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:8:30:8:33 | ControlFlowNode for text |
+| test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:9:32:9:35 | ControlFlowNode for text |
+nodes
+| test.py:7:12:7:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
+| test.py:7:12:7:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| test.py:8:30:8:33 | ControlFlowNode for text | semmle.label | ControlFlowNode for text |
+| test.py:9:32:9:35 | ControlFlowNode for text | semmle.label | ControlFlowNode for text |
+#select
+| test.py:8:30:8:33 | ControlFlowNode for text | test.py:7:12:7:18 | ControlFlowNode for request | test.py:8:30:8:33 | ControlFlowNode for text | This $@ that depends on $@ may run slow on strings with many repetitions of ' '. | test.py:8:21:8:23 | \\s+ | regular expression | test.py:7:12:7:18 | ControlFlowNode for request | a user-provided value |
+| test.py:9:32:9:35 | ControlFlowNode for text | test.py:7:12:7:18 | ControlFlowNode for request | test.py:9:32:9:35 | ControlFlowNode for text | This $@ that depends on $@ may run slow on strings with many repetitions of '99'. | test.py:9:27:9:29 | \\d+ | regular expression | test.py:7:12:7:18 | ControlFlowNode for request | a user-provided value |

python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialReDoS.qlref

@@ -0,0 +1 @@
+Security/CWE-730/PolynomialReDoS.ql

python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/test.py

@@ -0,0 +1,9 @@
+import re
+from flask import Flask, request
+app = Flask(__name__)
+
+@app.route("/poly-redos")
+def code_execution():
+    text = request.args.get("text")
+    re.sub(r"^\s+|\s+$", "", text) # NOT OK
+    re.match(r"^0\.\d+E?\d+$", text) # NOT OK