Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8c753d7

Browse files
calumgrantcalumgrant
committed
C#: Fix ReDoS query.
1 parent cf4b04a commit 8c753d7

1 file changed

Lines changed: 9 additions & 3 deletions

File tree

  • csharp/ql/src/Security Features/CWE-730

csharp/ql/src/Security Features/CWE-730/ReDoS.ql

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,14 @@ import semmle.code.csharp.frameworks.system.text.RegularExpressions
1616
import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
1717

1818
from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
19-
where c.hasFlowPath(source, sink)
19+
where
20+
c.hasFlowPath(source, sink) and
2021
// No global timeout set
21-
and not exists(RegexGlobalTimeout r)
22-
select sink.getNode().(Sink), source, sink,
22+
not exists(RegexGlobalTimeout r) and
23+
(
24+
sink.getNode() instanceof Sink
25+
or
26+
sink.getNode() instanceof ExponentialRegexSink
27+
)
28+
select sink.getNode(), source, sink,
2329
"$@ flows to regular expression operation with dangerous regex.", source.getNode(), "User-provided value"

0 commit comments

Comments
 (0)