Skip to content

Commit fb11e4e

Browse files
authored
Merge pull request #15435 from erik-krogh/remove-at-to-z
remove an FP in overly-large-range for [@-Z]
2 parents 2333b8d + 396da11 commit fb11e4e

File tree

2 files changed

+6
-1
lines changed

2 files changed

+6
-1
lines changed

javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/tst.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,4 +29,6 @@ var overlapsWithClass2 = /[\w,.-?:*+]/; // NOT OK
2929
var tst2 = /^([-]|[-])+$/; // OK
3030
var tst3 = /[0-9-]/; // OK
3131

32-
var question = /[0-?]/; // OK. matches one of: 0123456789:;<=>?
32+
var question = /[0-?]/; // OK. matches one of: 0123456789:;<=>?
33+
34+
var atToZ = /[@-Z]/; // OK. matches one of: @ABCDEFGHIJKLMNOPQRSTUVWXYZ

shared/regex/codeql/regex/OverlyLargeRangeQuery.qll

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,9 @@ module Make<RegexTreeViewSig TreeImpl> {
132132
or
133133
// the range 0123456789:;<=>? is intentional
134134
result.isRange("0", "?")
135+
or
136+
// [@-Z] is intentional, it's the same as [A-Z@]
137+
result.isRange("@", "Z")
135138
}
136139

137140
/** Gets a char between (and including) `low` and `high`. */

0 commit comments

Comments
 (0)