Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a1a31bf

Browse files
owen-mcowen-mc
committed
Make SuspiciousCharacterInRegexp use new API
1 parent 8f644af commit a1a31bf

1 file changed

Lines changed: 12 additions & 10 deletions

File tree

go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212
*/
1313

1414
import go
15-
import DataFlow::PathGraph
1615

1716
/**
1817
* Holds if `source` corresponds to a string literal that contains an escaped `character`.
@@ -28,11 +27,8 @@ predicate containsEscapedCharacter(DataFlow::Node source, string character) {
2827
)
2928
}
3029

31-
/** A dataflow configuration that traces strings containing suspicious escape sequences to a use as a regular expression. */
32-
class Config extends DataFlow::Configuration {
33-
Config() { this = "SuspiciousRegexpEscape" }
34-
35-
predicate isSourceString(DataFlow::Node source, string report) {
30+
module SuspiciousCharacterInRegexpConfig implements DataFlow::ConfigSig {
31+
additional predicate isSourceString(DataFlow::Node source, string report) {
3632
containsEscapedCharacter(source, "a") and
3733
report =
3834
"the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text?"
@@ -41,12 +37,18 @@ class Config extends DataFlow::Configuration {
4137
report = "a literal backspace \\b; did you mean \\\\b, a word boundary?"
4238
}
4339

44-
override predicate isSource(DataFlow::Node source) { this.isSourceString(source, _) }
40+
predicate isSource(DataFlow::Node source) { isSourceString(source, _) }
4541

46-
override predicate isSink(DataFlow::Node sink) { sink instanceof RegexpPattern }
42+
predicate isSink(DataFlow::Node sink) { sink instanceof RegexpPattern }
4743
}
4844

49-
from Config c, DataFlow::PathNode source, DataFlow::PathNode sink, string report
50-
where c.hasFlowPath(source, sink) and c.isSourceString(source.getNode(), report)
45+
module Flow = DataFlow::Global<SuspiciousCharacterInRegexpConfig>;
46+
47+
import Flow::PathGraph
48+
49+
from Flow::PathNode source, Flow::PathNode sink, string report
50+
where
51+
Flow::flowPath(source, sink) and
52+
SuspiciousCharacterInRegexpConfig::isSourceString(source.getNode(), report)
5153
select source, source, sink, "This string literal that is $@ contains " + report, sink,
5254
"used as a regular expression"

0 commit comments

Comments
 (0)