Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3ce0c2c

Browse files
joefarebrotherjoefarebrother
committed
Add more regex use functions in String
1 parent 5364001 commit 3ce0c2c

3 files changed

Lines changed: 5 additions & 1 deletion

File tree

java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ private class JdkRegexMatchMethodAccess extends RegexMatchMethodAccess {
8686
or
8787
package = "java.lang" and
8888
type = "String" and
89-
name = ["matches", "split"] and
89+
name = ["matches", "split", "replaceAll", "replaceFirst"] and
9090
regexArg = 0 and
9191
stringArg = -1
9292
or

java/ql/lib/semmle/code/java/regex/RegexFlowModels.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ private class RegexSinkCsv extends SinkModelCsv {
1414
"java.util;String;false;matches;(String);;Argument[0];regex-compile",
1515
"java.util;String;false;split;(String);;Argument[0];regex-compile",
1616
"java.util;String;false;split;(String,int);;Argument[0];regex-compile",
17+
"java.util;String;false;replaceAll;(String,String);;Argument[0];regex-compile",
18+
"java.util;String;false;replaceFirst;(String,String);;Argument[0];regex-compile",
1719
"com.google.common.base;Splitter;false;onPattern;(String);;Argument[0];regex-compile"
1820
]
1921
}

java/ql/test/query-tests/security/CWE-730/PolyRedosTest.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ void test(HttpServletRequest request) {
1212
tainted.matches(reg); // $ hasPolyRedos
1313
tainted.split(reg); // $ hasPolyRedos
1414
tainted.split(reg, 7); // $ hasPolyRedos
15+
tainted.replaceAll(reg, "a"); // $ hasPolyRedos
16+
tainted.replaceFirst(reg, "a"); // $ hasPolyRedos
1517
Pattern.matches(reg, tainted); // $ hasPolyRedos
1618
Pattern.compile(reg).matcher(tainted).matches(); // $ hasPolyRedos
1719
Pattern.compile(reg).split(tainted); // $ hasPolyRedos

0 commit comments

Comments
 (0)