Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 11d878b

Browse files
erik-krogherik-krogh
committed
adjust comments to reflect the precission of the suffix search
1 parent b418cb5 commit 11d878b

1 file changed

Lines changed: 8 additions & 6 deletions

File tree

javascript/ql/src/Performance/ReDoS.ql

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ import semmle.javascript.security.performance.SuperlinearBackTracking
7676
* back to itself has been identified, we attempt to construct a concrete
7777
* string corresponding to it, which may fail.
7878
* * Lastly we ensure that any state reached by repeating `n` copies of `w` has
79-
* a suffix `x` (possible empty) that is __not__ accepted.
79+
* a suffix `x` (possible empty) that is most likely __not__ accepted.
8080
*/
8181

8282
/**
@@ -1009,24 +1009,26 @@ module SuffixConstruction {
10091009

10101010
/**
10111011
* Holds if all states reachable from `fork` by repeating `w`
1012-
* are rejectable by appending some suffix.
1012+
* are likely rejectable by appending some suffix.
10131013
*/
10141014
predicate reachesOnlyRejectableSuffixes(State fork, string w) {
10151015
isReDoSCandidate(fork, w) and
1016-
forex(State next | next = process(fork, w, w.length() - 1) | isDefinitelyRejectable(next))
1016+
forex(State next | next = process(fork, w, w.length() - 1) | isLikelyRejectable(next))
10171017
}
10181018

10191019
/**
1020-
* Holds if there definitely exists a path starting from `s` that leads to the regular expression being rejected.
1020+
* Holds if there likely exists a suffix starting from `s` that leads to the regular expression being rejected.
1021+
* This predicate might find impossible suffixes when searching for suffixes of length > 1, which can cause FPs.
10211022
*/
1022-
private predicate isDefinitelyRejectable(StateInPumpableRegexp s) {
1023+
private predicate isLikelyRejectable(StateInPumpableRegexp s) {
10231024
// exists a reject edge with some char.
10241025
hasRejectEdge(s, _)
10251026
or
10261027
// all edges (at least one) with some char leads to another state that is rejectable.
1028+
// the `next` states might not share a common suffix, which can cause FPs.
10271029
exists(string char | char = relevant() |
10281030
forex(State next | deltaClosed(s, getAnInputSymbolMatching(char), next) |
1029-
isDefinitelyRejectable(next)
1031+
isLikelyRejectable(next)
10301032
)
10311033
)
10321034
or

0 commit comments

Comments
 (0)