Remove unnecessary boundary anchors

Alvaro Muñoz · Alvaro Muñoz · commit d9e589c6e7d9 · 2024-03-15T13:58:46.000+01:00
diff --git a/ql/lib/codeql/actions/Ast.qll b/ql/lib/codeql/actions/Ast.qll
@@ -12,7 +12,11 @@ module Utils {
 
   bindingset[regex]
   string wrapRegexp(string regex) {
-    result = ["\\b" + regex + "\\b", "fromJSON\\(" + regex + "\\)", "toJSON\\(" + regex + "\\)"]
+    result =
+      [
+        "\\b" + regex + "\\b", "fromJSON\\(\\s*" + regex + "\\s*\\)",
+        "toJSON\\(\\s*" + regex + "\\s*\\)"
+      ]
   }
 }
 
diff --git a/ql/lib/codeql/actions/dataflow/FlowSources.qll b/ql/lib/codeql/actions/dataflow/FlowSources.qll
@@ -25,9 +25,7 @@ abstract class RemoteFlowSource extends SourceNode {
 
 bindingset[context]
 private predicate isExternalUserControlledIssue(string context) {
-  exists(string reg |
-    reg = ["\\bgithub\\.event\\.issue\\.title\\b", "\\bgithub\\.event\\.issue\\.body\\b"]
-  |
+  exists(string reg | reg = ["github\\.event\\.issue\\.title", "github\\.event\\.issue\\.body"] |
     Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
   )
 }
@@ -37,12 +35,12 @@ private predicate isExternalUserControlledPullRequest(string context) {
   exists(string reg |
     reg =
       [
-        "\\bgithub\\.event\\.pull_request\\.title\\b", "\\bgithub\\.event\\.pull_request\\.body\\b",
-        "\\bgithub\\.event\\.pull_request\\.head\\.label\\b",
-        "\\bgithub\\.event\\.pull_request\\.head\\.repo\\.default_branch\\b",
-        "\\bgithub\\.event\\.pull_request\\.head\\.repo\\.description\\b",
-        "\\bgithub\\.event\\.pull_request\\.head\\.repo\\.homepage\\b",
-        "\\bgithub\\.event\\.pull_request\\.head\\.ref\\b", "\\bgithub\\.head_ref\\b"
+        "github\\.event\\.pull_request\\.title", "github\\.event\\.pull_request\\.body",
+        "github\\.event\\.pull_request\\.head\\.label",
+        "github\\.event\\.pull_request\\.head\\.repo\\.default_branch",
+        "github\\.event\\.pull_request\\.head\\.repo\\.description",
+        "github\\.event\\.pull_request\\.head\\.repo\\.homepage",
+        "github\\.event\\.pull_request\\.head\\.ref", "github\\.head_ref"
       ]
   |
     Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
@@ -51,23 +49,21 @@ private predicate isExternalUserControlledPullRequest(string context) {
 
 bindingset[context]
 private predicate isExternalUserControlledReview(string context) {
-  Utils::normalizeExpr(context)
-      .regexpMatch(Utils::wrapRegexp("\\bgithub\\.event\\.review\\.body\\b"))
+  Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp("github\\.event\\.review\\.body"))
 }
 
 bindingset[context]
 private predicate isExternalUserControlledComment(string context) {
-  Utils::normalizeExpr(context)
-      .regexpMatch(Utils::wrapRegexp("\\bgithub\\.event\\.comment\\.body\\b"))
+  Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp("github\\.event\\.comment\\.body"))
 }
 
 bindingset[context]
 private predicate isExternalUserControlledGollum(string context) {
   exists(string reg |
     reg =
       [
-        "\\bgithub\\.event\\.pages\\[[0-9]+\\]\\.page_name\\b",
-        "\\bgithub\\.event\\.pages\\[[0-9]+\\]\\.title\\b"
+        "github\\.event\\.pages\\[[0-9]+\\]\\.page_name",
+        "github\\.event\\.pages\\[[0-9]+\\]\\.title"
       ]
   |
     Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
@@ -79,16 +75,15 @@ private predicate isExternalUserControlledCommit(string context) {
   exists(string reg |
     reg =
       [
-        "\\bgithub\\.event\\.commits\\[[0-9]+\\]\\.message\\b",
-        "\\bgithub\\.event\\.head_commit\\.message\\b",
-        "\\bgithub\\.event\\.head_commit\\.author\\.email\\b",
-        "\\bgithub\\.event\\.head_commit\\.author\\.name\\b",
-        "\\bgithub\\.event\\.head_commit\\.committer\\.email\\b",
-        "\\bgithub\\.event\\.head_commit\\.committer\\.name\\b",
-        "\\bgithub\\.event\\.commits\\[[0-9]+\\]\\.author\\.email\\b",
-        "\\bgithub\\.event\\.commits\\[[0-9]+\\]\\.author\\.name\\b",
-        "\\bgithub\\.event\\.commits\\[[0-9]+\\]\\.committer\\.email\\b",
-        "\\bgithub\\.event\\.commits\\[[0-9]+\\]\\.committer\\.name\\b",
+        "github\\.event\\.commits\\[[0-9]+\\]\\.message", "github\\.event\\.head_commit\\.message",
+        "github\\.event\\.head_commit\\.author\\.email",
+        "github\\.event\\.head_commit\\.author\\.name",
+        "github\\.event\\.head_commit\\.committer\\.email",
+        "github\\.event\\.head_commit\\.committer\\.name",
+        "github\\.event\\.commits\\[[0-9]+\\]\\.author\\.email",
+        "github\\.event\\.commits\\[[0-9]+\\]\\.author\\.name",
+        "github\\.event\\.commits\\[[0-9]+\\]\\.committer\\.email",
+        "github\\.event\\.commits\\[[0-9]+\\]\\.committer\\.name",
       ]
   |
     Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
@@ -98,7 +93,7 @@ private predicate isExternalUserControlledCommit(string context) {
 bindingset[context]
 private predicate isExternalUserControlledDiscussion(string context) {
   exists(string reg |
-    reg = ["\\bgithub\\.event\\.discussion\\.title\\b", "\\bgithub\\.event\\.discussion\\.body\\b"]
+    reg = ["github\\.event\\.discussion\\.title", "github\\.event\\.discussion\\.body"]
   |
     Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
   )
@@ -109,15 +104,14 @@ private predicate isExternalUserControlledWorkflowRun(string context) {
   exists(string reg |
     reg =
       [
-        "\\bgithub\\.event\\.workflow\\.path\\b",
-        "\\bgithub\\.event\\.workflow_run\\.head_branch\\b",
-        "\\bgithub\\.event\\.workflow_run\\.display_title\\b",
-        "\\bgithub\\.event\\.workflow_run\\.head_repository\\.description\\b",
-        "\\bgithub\\.event\\.workflow_run\\.head_commit\\.message\\b",
-        "\\bgithub\\.event\\.workflow_run\\.head_commit\\.author\\.email\\b",
-        "\\bgithub\\.event\\.workflow_run\\.head_commit\\.author\\.name\\b",
-        "\\bgithub\\.event\\.workflow_run\\.head_commit\\.committer\\.email\\b",
-        "\\bgithub\\.event\\.workflow_run\\.head_commit\\.committer\\.name\\b",
+        "github\\.event\\.workflow\\.path", "github\\.event\\.workflow_run\\.head_branch",
+        "github\\.event\\.workflow_run\\.display_title",
+        "github\\.event\\.workflow_run\\.head_repository\\.description",
+        "github\\.event\\.workflow_run\\.head_commit\\.message",
+        "github\\.event\\.workflow_run\\.head_commit\\.author\\.email",
+        "github\\.event\\.workflow_run\\.head_commit\\.author\\.name",
+        "github\\.event\\.workflow_run\\.head_commit\\.committer\\.email",
+        "github\\.event\\.workflow_run\\.head_commit\\.committer\\.name",
       ]
   |
     Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,11 @@ module Utils {`
`12`	`12`
`13`	`13`	`bindingset[regex]`
`14`	`14`	`string wrapRegexp(string regex) {`
`15`		`- result = ["\\b" + regex + "\\b", "fromJSON\\(" + regex + "\\)", "toJSON\\(" + regex + "\\)"]`
	`15`	`+ result =`
	`16`	`+ [`
	`17`	`+ "\\b" + regex + "\\b", "fromJSON\\(\\s" + regex + "\\s\\)",`
	`18`	`+ "toJSON\\(\\s" + regex + "\\s\\)"`
	`19`	`+ ]`
`16`	`20`	`}`
`17`	`21`	`}`
`18`	`22`