remove original sanitizer

Jami Cogswell · Jami Cogswell · commit 54020013626c · 2022-11-08T15:29:33.000-05:00
diff --git a/java/ql/lib/semmle/code/java/security/RegexInjection.qll b/java/ql/lib/semmle/code/java/security/RegexInjection.qll
@@ -3,7 +3,6 @@
 import java
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.frameworks.Regex
-//private import semmle.code.java.frameworks.apache.Lang
 private import semmle.code.java.regex.RegexFlowModels
 
 /** A data flow sink for untrusted user input used to construct regular expressions. */
@@ -24,30 +23,6 @@ private class DefaultRegexInjectionSink extends RegexInjectionSink {
   }
 }
 
-/** A call to a function whose name suggests that it escapes regular expression meta-characters. */
-private class RegexSanitizationCall extends RegexInjectionSanitizer {
-  RegexSanitizationCall() {
-    // original
-    // exists(string calleeName, string sanitize, string regexp |
-    //   calleeName = this.asExpr().(Call).getCallee().getName() and
-    //   sanitize = "(?:escape|saniti[sz]e)" and
-    //   regexp = "regexp?"
-    // |
-    //   calleeName
-    //       .regexpMatch("(?i)(" + sanitize + ".*" + regexp + ".*)" + "|(" + regexp + ".*" + sanitize +
-    //           ".*)")
-    // )
-    // without regexp
-    exists(string calleeName, string sanitize |
-      calleeName = this.asExpr().(Call).getCallee().getName() and
-      sanitize = "(?:escape|saniti[sz]e)"
-    |
-      calleeName.regexpMatch("(?i)(.*" + sanitize + ".*)")
-      //calleeName.matches("handleEscapes")
-    )
-  }
-}
-
 /**
  * A call to the `Pattern.quote` method, which gives metacharacters or escape sequences
  * no special meaning.
diff --git a/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.java b/java/ql/test/query-tests/security/CWE-730/RegexInjectionTest.java
@@ -72,67 +72,6 @@ String foo(String str) {
     return str;
   }
 
-  public boolean pattern5(javax.servlet.http.HttpServletRequest request) {
-    String pattern = request.getParameter("pattern");
-    String input = request.getParameter("input");
-
-    // Safe: User input is sanitized before constructing the regex
-    return input.matches("^" + escapeSpecialRegexChars(pattern) + "=.*$");
-  }
-
-  public boolean pattern6(javax.servlet.http.HttpServletRequest request) {
-    String pattern = request.getParameter("pattern");
-    String input = request.getParameter("input");
-
-    escapeSpecialRegexChars(pattern);
-
-    // BAD: the pattern is not really sanitized
-    return input.matches("^" + pattern + "=.*$"); // $ hasRegexInjection
-  }
-
-  public boolean pattern7(javax.servlet.http.HttpServletRequest request) {
-    String pattern = request.getParameter("pattern");
-    String input = request.getParameter("input");
-
-    String escapedPattern = escapeSpecialRegexChars(pattern);
-
-    // Safe: User input is sanitized before constructing the regex
-    return input.matches("^" + escapedPattern + "=.*$");
-  }
-
-  public boolean pattern8(javax.servlet.http.HttpServletRequest request) {
-    String pattern = request.getParameter("pattern");
-    String input = request.getParameter("input");
-
-    // Safe: User input is sanitized before constructing the regex
-    return input.matches("^" + sanitizeSpecialRegexChars(pattern) + "=.*$");
-  }
-
-  public boolean pattern9(javax.servlet.http.HttpServletRequest request) {
-    String pattern = request.getParameter("pattern");
-    String input = request.getParameter("input");
-
-    // Safe: User input is sanitized before constructing the regex
-    return input.matches("^" + sanitiseSpecialRegexChars(pattern) + "=.*$");
-  }
-
-  Pattern SPECIAL_REGEX_CHARS = Pattern.compile("[{}()\\[\\]><-=!.+*?^$\\\\|]");
-
-  // test `escape...regex`
-  String escapeSpecialRegexChars(String str) {
-    return SPECIAL_REGEX_CHARS.matcher(str).replaceAll("\\\\$0");
-  }
-
-  // test `sanitize...regex`
-  String sanitizeSpecialRegexChars(String str) {
-    return SPECIAL_REGEX_CHARS.matcher(str).replaceAll("\\\\$0");
-  }
-
-  // test `sanitise...regex`
-  String sanitiseSpecialRegexChars(String str) {
-    return SPECIAL_REGEX_CHARS.matcher(str).replaceAll("\\\\$0");
-  }
-
   public boolean apache1(javax.servlet.http.HttpServletRequest request) {
     String pattern = request.getParameter("pattern");
     String input = request.getParameter("input");
