Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 442f687

Browse files
owen-mcowen-mc
committed
Make IncompleteHostNameRegexp use new API
1 parent 0e1383d commit 442f687

1 file changed

Lines changed: 12 additions & 9 deletions

File tree

go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
*/
1414

1515
import go
16-
import DataFlow::PathGraph
1716

1817
/**
1918
* Holds if `pattern` is a regular expression pattern for URLs with a host matched by `hostPart`,
@@ -80,10 +79,8 @@ predicate regexpGuardsError(RegexpPattern regexp) {
8079
)
8180
}
8281

83-
class Config extends DataFlow::Configuration {
84-
Config() { this = "IncompleteHostNameRegexp::Config" }
85-
86-
predicate isSourceString(DataFlow::Node source, string hostPart) {
82+
module IncompleteHostNameRegexpConfig implements DataFlow::ConfigSig {
83+
additional predicate isSourceString(DataFlow::Node source, string hostPart) {
8784
exists(Expr e |
8885
e = source.asExpr() and
8986
isIncompleteHostNameRegexpPattern(e.getStringValue(), hostPart)
@@ -95,9 +92,9 @@ class Config extends DataFlow::Configuration {
9592
)
9693
}
9794

98-
override predicate isSource(DataFlow::Node source) { this.isSourceString(source, _) }
95+
predicate isSource(DataFlow::Node source) { isSourceString(source, _) }
9996

100-
override predicate isSink(DataFlow::Node sink) {
97+
predicate isSink(DataFlow::Node sink) {
10198
sink instanceof RegexpPattern and
10299
forall(Http::RequestHandler handler | regexpGuardsHandler(sink, handler) |
103100
not handler = getASafeHandler()
@@ -106,8 +103,14 @@ class Config extends DataFlow::Configuration {
106103
}
107104
}
108105

109-
from Config c, DataFlow::PathNode source, DataFlow::PathNode sink, string hostPart
110-
where c.hasFlowPath(source, sink) and c.isSourceString(source.getNode(), hostPart)
106+
module Flow = DataFlow::Global<IncompleteHostNameRegexpConfig>;
107+
108+
import Flow::PathGraph
109+
110+
from Flow::PathNode source, Flow::PathNode sink, string hostPart
111+
where
112+
Flow::flowPath(source, sink) and
113+
IncompleteHostNameRegexpConfig::isSourceString(source.getNode(), hostPart)
111114
select source, source, sink,
112115
"This regular expression has an unescaped dot before '" + hostPart + "', " +
113116
"so it might match more hosts than expected when $@.", sink, "the regular expression is used"

0 commit comments

Comments
 (0)