Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 64d680e

Browse files
erik-krogherik-krogh
committed
support that an inverted char class can intersect with itself
1 parent 321cf09 commit 64d680e

3 files changed

Lines changed: 6 additions & 2 deletions

File tree

javascript/ql/src/Performance/ReDoS.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -455,11 +455,11 @@ string intersect(InputSymbol c, InputSymbol d) {
455455
or
456456
exists(RegExpCharacterClass cc | c = InvertedCharClass(cc) and result = chooseFromInverted(cc) |
457457
// TODO: Not done here - later commits will add more
458-
//d = InvertedCharClass(cc)
459-
//or
460458
//d = Dot() and
461459
//not (result = "\n" or result = "\r")
462460
//or
461+
d = InvertedCharClass(cc)
462+
or
463463
d = Any()
464464
)
465465
or

javascript/ql/test/query-tests/Performance/ReDoS/ReDoS.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
| regexplib/email.js:25:251:25:262 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. |
2424
| regexplib/email.js:34:24:34:35 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. |
2525
| regexplib/email.js:34:63:34:74 | [a-zA-Z0-9]+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '0'. |
26+
| regexplib/markup.js:13:6:13:12 | [^"']+? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '('. |
2627
| regexplib/markup.js:13:14:13:16 | .+? | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a"'. |
2728
| regexplib/markup.js:37:29:37:56 | [a-zA-Z0-9\|:\|\\/\|=\|-\|.\|\\?\|&]* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '='. |
2829
| regexplib/markup.js:53:29:53:56 | [a-zA-Z0-9\|:\|\\/\|=\|-\|.\|\\?\|&]* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '='. |
@@ -53,3 +54,4 @@
5354
| tst.js:83:14:83:20 | (.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. |
5455
| tst.js:89:25:89:32 | (a\|aa?)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
5556
| tst.js:95:15:95:25 | ([^]\|[^a])* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'b'. |
57+
| tst.js:98:15:98:20 | [^"']+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '('. |

javascript/ql/test/query-tests/Performance/ReDoS/tst.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,3 +94,5 @@ var good9 = '(a|aa?)*b';
9494
// NOT GOOD
9595
var bad18 = /(([^]|[^a])*)"/;
9696

97+
// NOT GOOD
98+
var bad19 = /([^"']+)*/g;

0 commit comments

Comments
 (0)