Python: Add test cases.

geoffw0 · geoffw0 · commit dbde99df91b7 · 2023-07-20T11:06:00.000+01:00
diff --git a/python/ql/test/query-tests/Security/CWE-116-BadTagFilter/tst.py b/python/ql/test/query-tests/Security/CWE-116-BadTagFilter/tst.py
@@ -7,8 +7,8 @@
     re.compile(r"""<!--.*-->""", re.IGNORECASE | re.DOTALL), # OK - we don't care regexps that only match comments
     re.compile(r"""<!--.*--!?>""", re.IGNORECASE | re.DOTALL), # OK
     re.compile(r"""<!--.*--!?>""", re.IGNORECASE), # NOT OK, does not match newlines
-
-
+    re.compile(r"""(?is)<!--.*--!?>"""), # OK
+    re.compile(r"""(?i)<!--.*--!?>"""), # NOT OK, does not match newlines [NOT DETECTED]
     re.compile(r"""<script.*?>(.|\s)*?<\/script[^>]*>""", re.IGNORECASE), # NOT OK - doesn't match inside the script tag
     re.compile(r"""<script[^>]*?>.*?<\/script[^>]*>""", re.IGNORECASE), # NOT OK - doesn't match newlines inside the content
     re.compile(r"""<script(\s|\w|=|")*?>.*?<\/script[^>]*>""", re.IGNORECASE | re.DOTALL), # NOT OK - does not match single quotes for attribute values
diff --git a/python/ql/test/query-tests/Security/CWE-730-ReDoS/ReDoS.expected b/python/ql/test/query-tests/Security/CWE-730-ReDoS/ReDoS.expected
@@ -105,3 +105,4 @@
 | redos.py:391:15:391:25 | (\\u0061\|a)* | This part of the regular expression may cause exponential backtracking on strings starting with 'X' and containing many repetitions of 'a'. |
 | unittests.py:5:17:5:23 | (\u00c6\|\\\u00c6)+ | This part of the regular expression may cause exponential backtracking on strings starting with 'X' and containing many repetitions of '\u00c6'. |
 | unittests.py:9:16:9:24 | (?:.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. |
+| unittests.py:11:20:11:28 | (?:.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. |
diff --git a/python/ql/test/query-tests/Security/CWE-730-ReDoS/unittests.py b/python/ql/test/query-tests/Security/CWE-730-ReDoS/unittests.py
@@ -7,3 +7,6 @@
 # Treatment of line breaks
 re.compile(r'(?:.|\n)*b') # No ReDoS.
 re.compile(r'(?:.|\n)*b', re.DOTALL) # Has ReDoS.
+re.compile(r'(?i)(?:.|\n)*b') # No ReDoS.
+re.compile(r'(?s)(?:.|\n)*b') # Has ReDoS.
+re.compile(r'(?is)(?:.|\n)*b') # Has ReDoS. [NOT DETECTED]
