Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bd3d2ec

Browse files
jorgectfjorgectf
committed
Update to match consistent naming across languages
1 parent 7adc3c2 commit bd3d2ec

4 files changed

Lines changed: 21 additions & 13 deletions

File tree

python/ql/src/Security/CWE-400/RegexDoS.qhelp renamed to python/ql/src/Security/CWE-730/RegexDoS.qhelp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,10 @@
2222
CWE-
2323
<a href="http://cwe.mitre.org/data/definitions/400">400</a>
2424
</li>
25+
<li>
26+
CWE-
27+
<a href="http://cwe.mitre.org/data/definitions/730">730</a>
28+
</li>
2529
</references>
2630

2731
</qhelp>

python/ql/src/Security/CWE-400/RegexDoS.ql renamed to python/ql/src/Security/CWE-730/RegexDoS.ql

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,25 @@
11
/**
2-
* @name Python Regex DoS
3-
* @description Python Regular Expression Denial of Service
2+
* @name Regular expression injection
3+
* @description User input should not be used in regular expressions without first being escaped,
4+
* otherwise a malicious user may be able to inject an expression that could require
5+
* exponential time on certain inputs.
46
* @kind path-problem
57
* @problem.severity error
6-
* @id python/regex-dos
7-
* @tags experimental
8-
* security
8+
* @id python/regex-injection
9+
* @tags security
10+
* external/cwe/cwe-730
911
* external/cwe/cwe-400
1012
*/
1113

14+
// determine precision above
1215
import python
1316
import semmle.python.dataflow.new.RemoteFlowSources
1417
import semmle.python.dataflow.new.DataFlow
1518
import semmle.python.dataflow.new.TaintTracking
1619
import semmle.python.dataflow.new.internal.TaintTrackingPublic
1720
import DataFlow::PathGraph
1821

22+
// Should this be moved to a different structure? (For other queries to be able to use it)
1923
class ReMethods extends string {
2024
ReMethods() {
2125
this = "match" or
@@ -49,8 +53,8 @@ class CompiledRegex extends DataFlow::Node {
4953
}
5054
}
5155

52-
class RegexDoSSink extends DataFlow::Node {
53-
RegexDoSSink() { this instanceof DirectRegex or this instanceof CompiledRegex }
56+
class RegexInjectionSink extends DataFlow::Node {
57+
RegexInjectionSink() { this instanceof DirectRegex or this instanceof CompiledRegex }
5458
}
5559

5660
class EscapeSanitizer extends DataFlow::Node {
@@ -66,17 +70,17 @@ class EscapeSanitizer extends DataFlow::Node {
6670
}
6771
}
6872

69-
class RegexDoSFlowConfig extends TaintTracking::Configuration {
70-
RegexDoSFlowConfig() { this = "RegexDoSFlowConfig" }
73+
class RegexInjectionFlowConfig extends TaintTracking::Configuration {
74+
RegexInjectionFlowConfig() { this = "RegexInjectionFlowConfig" }
7175

7276
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
7377

74-
override predicate isSink(DataFlow::Node sink) { sink instanceof RegexDoSSink }
78+
override predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink }
7579

7680
override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof EscapeSanitizer }
7781
}
7882

79-
from RegexDoSFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
83+
from RegexInjectionFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
8084
where config.hasFlowPath(source, sink)
81-
select sink.getNode(), source, sink, "$@ regex operation includes $@.", sink.getNode(), "This",
82-
source.getNode(), "a user-provided value"
85+
select sink.getNode(), source, sink, "$@ regular expression is constructed from a $@.",
86+
sink.getNode(), "This", source.getNode(), "user-provided value"

python/ql/src/Security/CWE-400/tests/re_bad.py renamed to python/ql/src/Security/CWE-730/tests/re_bad.py

File renamed without changes.

python/ql/src/Security/CWE-400/tests/re_good.py renamed to python/ql/src/Security/CWE-730/tests/re_good.py

File renamed without changes.

0 commit comments

Comments
 (0)