File tree Expand file tree Collapse file tree 4 files changed +27
-43
lines changed
javascript/ql/src/Performance
java/ql/src/Security/CWE/CWE-730
python/ql/src/Security/CWE-730
ruby/ql/src/queries/security/cwe-1333 Expand file tree Collapse file tree 4 files changed +27
-43
lines changed Original file line number Diff line number Diff line change 1515 </p >
1616
1717 <sample language =" java"
18- Pattern.compile("^\\s+|\\s+$").matcher(text).replaceAll("") // BAD
19- </sample >
18+ Pattern.compile("^\\s+|\\s+$").matcher(text).replaceAll("") // BAD</sample >
2019
2120 <p >
2221
7170 </p >
7271
7372 <sample language =" java"
74- "^0\\.\\d+E?\\d+$""
75- </sample >
73+ "^0\\.\\d+E?\\d+$"" </sample >
7674
7775 <p >
7876
113111 </p >
114112
115113 <sample language =" java"
116- Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str);
117- </sample >
114+ Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str); </sample >
118115
119116 <p >
120117 It's not immediately obvious how to rewrite this regular expression
124121 </p >
125122
126123 <sample language =" java"
127- if (str.length() > 1000) {
128- throw new IllegalArgumentException("Input too long");
129- }
124+ if (str.length() > 1000) {
125+ throw new IllegalArgumentException("Input too long");
126+ }
130127
131- Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str);
132- </sample >
128+ Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str); </sample >
133129 </example >
134130
135131 <include src =" ReDoSReferences.inc.qhelp"
Original file line number Diff line number Diff line change 1515 </p >
1616
1717 <sample language =" javascript"
18- text.replace(/^\s+|\s+$/g, ''); // BAD
19- </sample >
18+ text.replace(/^\s+|\s+$/g, ''); // BAD</sample >
2019
2120 <p >
2221
7170 </p >
7271
7372 <sample language =" javascript"
74- /^0\.\d+E?\d+$/.test(str) // BAD
75- </sample >
73+ /^0\.\d+E?\d+$/.test(str) // BAD</sample >
7674
7775 <p >
7876
113111 </p >
114112
115113 <sample language =" javascript"
116- /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str) // BAD
117- </sample >
114+ /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str) // BAD</sample >
118115
119116 <p >
120117 It's not immediately obvious how to rewrite this regular expression
124121 </p >
125122
126123 <sample language =" javascript"
127- if (str.length > 1000) {
128- throw new Error("Input too long");
129- }
130- /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str)
131- </sample >
124+ if (str.length > 1000) {
125+ throw new Error("Input too long");
126+ }
127+ /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str)</sample >
132128 </example >
133129
134130 <include src =" ReDoSReferences.inc.qhelp"
Original file line number Diff line number Diff line change 1515 </p >
1616
1717 <sample language =" python"
18- re.sub(r"^\s+|\s+$", "", text) # BAD
19- </sample >
18+ re.sub(r"^\s+|\s+$", "", text) # BAD</sample >
2019
2120 <p >
2221
7170 </p >
7271
7372 <sample language =" python"
74- ^0\.\d+E?\d+$ # BAD
75- </sample >
73+ ^0\.\d+E?\d+$ # BAD</sample >
7674
7775 <p >
7876
113111 </p >
114112
115113 <sample language =" python"
116- match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str)
117- </sample >
114+ match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str) </sample >
118115
119116 <p >
120117 It's not immediately obvious how to rewrite this regular expression
124121 </p >
125122
126123 <sample language =" python"
127- if len(str) > 1000:
128- raise ValueError("Input too long")
124+ if len(str) > 1000:
125+ raise ValueError("Input too long")
129126
130- match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str)
131- </sample >
127+ match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str) </sample >
132128 </example >
133129
134130 <include src =" ReDoSReferences.inc.qhelp"
Original file line number Diff line number Diff line change 1515 </p >
1616
1717 <sample language =" ruby"
18- text.gsub!(/^\s+|\s+$/, '') # BAD
19- </sample >
18+ text.gsub!(/^\s+|\s+$/, '') # BAD</sample >
2019
2120 <p >
2221
7473 </p >
7574
7675 <sample language =" ruby"
77- /^0\.\d+E?\d+$/ # BAD
78- </sample >
76+ /^0\.\d+E?\d+$/ # BAD</sample >
7977
8078 <p >
8179
118116 </p >
119117
120118 <sample language =" ruby"
121- is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str)
122- </sample >
119+ is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str)</sample >
123120
124121 <p >
125122 It's not immediately obvious how to rewrite this regular expression
129126 </p >
130127
131128 <sample language =" ruby"
132- if str.length > 1000
133- raise ArgumentError, "Input too long"
134- end
129+ if str.length > 1000
130+ raise ArgumentError, "Input too long"
131+ end
135132
136- is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str)
137- </sample >
133+ is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str)</sample >
138134 </example >
139135
140136 <include src =" ReDoSReferences.inc.qhelp"
You can’t perform that action at this time.
0 commit comments