support inverted char class and dot

erik-krogh · erik-krogh · commit 804aaf36f071 · 2020-11-06T10:18:57.000+01:00
diff --git a/javascript/ql/src/Performance/ReDoS.ql b/javascript/ql/src/Performance/ReDoS.ql
@@ -454,12 +454,11 @@ string intersect(InputSymbol c, InputSymbol d) {
   )
   or
   exists(RegExpCharacterClass cc | c = InvertedCharClass(cc) and result = chooseFromInverted(cc) |
-    // TODO: Not done here - later commits will add more
-    //d = Dot() and
-    //not (result = "\n" or result = "\r")
-    //or
     d = InvertedCharClass(cc)
     or
+    d = Dot() and
+    not (result = "\n" or result = "\r")
+    or
     d = Any()
   )
   or
diff --git a/javascript/ql/test/query-tests/Performance/ReDoS/ReDoS.expected b/javascript/ql/test/query-tests/Performance/ReDoS/ReDoS.expected
@@ -55,3 +55,4 @@
 | tst.js:89:25:89:32 | (a\|aa?)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |
 | tst.js:95:15:95:25 | ([^]\|[^a])* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'b'. |
 | tst.js:98:15:98:20 | [^"']+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '('. |
+| tst.js:101:15:101:23 | (.\|[^a])* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'b'. |
diff --git a/javascript/ql/test/query-tests/Performance/ReDoS/tst.js b/javascript/ql/test/query-tests/Performance/ReDoS/tst.js
@@ -96,3 +96,6 @@ var bad18 = /(([^]|[^a])*)"/;
 
 // NOT GOOD
 var bad19 = /([^"']+)*/g;
+
+// NOT GOOD
+var bad20 = /((.|[^a])*)"/;
