Remove escaped "{" and "}" before counting placeholders

owen-mc · owen-mc · commit b20b7c757210 · 2024-12-05T10:43:13.000Z
diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll
@@ -56,7 +56,10 @@ private class SpringWebClientRestTemplateGetForObject extends RequestForgerySink
         i <=
           max(int occurrenceIndex, int occurrenceOffset |
             exists(
-              hsp.getStringValue().regexpFind("\\{[^}]*\\}", occurrenceIndex, occurrenceOffset)
+              hsp.getStringValue()
+                  .replaceAll("\\{", "  ")
+                  .replaceAll("\\}", "  ")
+                  .regexpFind("\\{[^}]*\\}", occurrenceIndex, occurrenceOffset)
             ) and
             occurrenceOffset < hsp.getOffset()
           |
@@ -78,6 +81,8 @@ private class SpringWebClientRestTemplateGetForObject extends RequestForgerySink
             mc.getArgument(0)
                 .(CompileTimeConstantExpr)
                 .getStringValue()
+                .replaceAll("\\{", "  ")
+                .replaceAll("\\}", "  ")
                 .regexpFind("\\{[^}]*\\}", occurrenceIndex, _)
           )
         |
