-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
Copy pathregex.ql
72 lines (67 loc) · 2.24 KB
/
regex.ql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import swift
import codeql.swift.regex.Regex
private import codeql.swift.regex.internal.ParseRegex
private import codeql.swift.regex.RegexTreeView::RegexTreeView as TreeView
import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView>
import utils.test.InlineExpectationsTest
bindingset[s]
string quote(string s) { if s.matches("% %") then result = "\"" + s + "\"" else result = s }
module RegexTest implements TestSig {
string getARelevantTag() {
result = ["regex", "unevaluated-regex", "input", "redos-vulnerable", "hasParseFailure", "modes"]
}
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(TreeView::RegExpTerm t |
hasReDoSResult(t, _, _, _) and
location = t.getLocation() and
element = t.toString() and
tag = "redos-vulnerable" and
value = ""
)
or
exists(RegexEval eval, RegExp regex |
eval.getARegex() = regex and
regex.failedToParse(_) and
location = eval.getLocation() and
element = eval.toString() and
tag = "hasParseFailure" and
value = ""
)
or
exists(RegexEval eval, RegExp regex |
eval.getARegex() = regex and
location = eval.getLocation() and
element = eval.toString() and
tag = "modes" and
value = quote(regex.getFlags()) and
value != ""
)
or
exists(RegexEval eval, RegExp regex |
eval.getARegex() = regex and
location = eval.getLocation() and
element = eval.toString() and
tag = "regex" and
value = quote(regex.toString().replaceAll("\n", "NEWLINE"))
)
or
exists(RegExp regex |
// unevaluated regex
not exists(RegexEval eval | eval.getARegex() = regex) and
location = regex.getLocation() and
element = regex.toString() and
tag = "unevaluated-regex" and
value = quote(regex.toString().replaceAll("\n", "NEWLINE"))
)
}
predicate hasOptionalResult(Location location, string element, string tag, string value) {
exists(RegexEval eval, Expr input |
eval.getStringInputNode().asExpr() = input and
location = input.getLocation() and
element = input.toString() and
tag = "input" and
value = quote(input.toString())
)
}
}
import MakeTest<RegexTest>