File tree Expand file tree Collapse file tree 3 files changed +13
-18
lines changed Expand file tree Collapse file tree 3 files changed +13
-18
lines changed Original file line number Diff line number Diff line change @@ -91,9 +91,6 @@ class RegexExecution extends DataFlow::Node instanceof RegexExecution::Range {
91
91
/** Gets a dataflow node for the string to be searched or matched against. */
92
92
DataFlow:: Node getString ( ) { result = super .getString ( ) }
93
93
94
- /** Gets a parsed regular expression term that is executed at this node. */
95
- RE:: RegExpTerm getTerm ( ) { result = super .getTerm ( ) }
96
-
97
94
/**
98
95
* Gets the name of this regex execution, typically the name of an executing method.
99
96
* This is used for nice alert messages and should include the module if possible.
@@ -116,9 +113,6 @@ module RegexExecution {
116
113
/** Gets a dataflow node for the string to be searched or matched against. */
117
114
abstract DataFlow:: Node getString ( ) ;
118
115
119
- /** Gets the parsed regular expression term that is executed by this node. */
120
- abstract RE:: RegExpTerm getTerm ( ) ;
121
-
122
116
/**
123
117
* Gets the name of this regex execution, typically the name of an executing method.
124
118
* This is used for nice alert messages and should include the module if possible.
Original file line number Diff line number Diff line change @@ -127,13 +127,6 @@ class StdLibRegExpInterpretation extends RegExpInterpretation::Range {
127
127
}
128
128
}
129
129
130
- /**
131
- * Gets a node whose value may flow (inter-procedurally) to `re`, where it is interpreted
132
- * as a part of a regular expression.
133
- */
134
- cached
135
- DataFlow:: Node regExpSource ( DataFlow:: Node re ) { result = RegExpTracking:: regExpSource ( re ) }
136
-
137
130
/**
138
131
* Holds if `exec` is a node where `regexp` is interpreted as a regular expression and
139
132
* tested against the string value of `input`.
@@ -209,11 +202,19 @@ private class StdRegexpExecution extends RegexExecution::Range {
209
202
210
203
override DataFlow:: Node getString ( ) { result = input }
211
204
212
- override RegExpTerm getTerm ( ) { result = getTermForNode ( regexp ) }
213
-
214
205
override string getName ( ) { result = name }
215
206
}
216
207
217
- private RegExpTerm getTermForNode ( DataFlow:: Node node ) {
218
- exists ( RegExpPatternSource source | source = regExpSource ( node ) | result = source .getRegExpTerm ( ) )
208
+ /**
209
+ * Gets a node whose value may flow (inter-procedurally) to `re`, where it is interpreted
210
+ * as a part of a regular expression.
211
+ */
212
+ cached
213
+ DataFlow:: Node regExpSource ( DataFlow:: Node re ) { result = RegExpTracking:: regExpSource ( re ) }
214
+
215
+ /** Gets a parsed regular expression term that is executed at `exec`. */
216
+ RegExpTerm getTermForExecution ( RegexExecution exec ) {
217
+ exists ( RegExpPatternSource source | source = regExpSource ( exec .getRegex ( ) ) |
218
+ result = source .getRegExpTerm ( )
219
+ )
219
220
}
Original file line number Diff line number Diff line change @@ -64,7 +64,7 @@ module PolynomialReDoS {
64
64
RegexExecution exec ;
65
65
66
66
PolynomialBackTrackingTermMatch ( ) {
67
- term .getRootTerm ( ) = exec . getTerm ( ) and
67
+ term .getRootTerm ( ) = RE :: getTermForExecution ( exec ) and
68
68
this = exec .getString ( )
69
69
}
70
70
You can’t perform that action at this time.
0 commit comments