the RegexExecution concept does not need to have getTerm()

erik-krogh · erik-krogh · commit 1477974bf17a · 2023-01-18T10:10:36.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll
@@ -91,9 +91,6 @@ class RegexExecution extends DataFlow::Node instanceof RegexExecution::Range {
   /** Gets a dataflow node for the string to be searched or matched against. */
   DataFlow::Node getString() { result = super.getString() }
 
-  /** Gets a parsed regular expression term that is executed at this node. */
-  RE::RegExpTerm getTerm() { result = super.getTerm() }
-
   /**
    * Gets the name of this regex execution, typically the name of an executing method.
    * This is used for nice alert messages and should include the module if possible.
@@ -116,9 +113,6 @@ module RegexExecution {
     /** Gets a dataflow node for the string to be searched or matched against. */
     abstract DataFlow::Node getString();
 
-    /** Gets the parsed regular expression term that is executed by this node. */
-    abstract RE::RegExpTerm getTerm();
-
     /**
      * Gets the name of this regex execution, typically the name of an executing method.
      * This is used for nice alert messages and should include the module if possible.
diff --git a/ruby/ql/lib/codeql/ruby/Regexp.qll b/ruby/ql/lib/codeql/ruby/Regexp.qll
@@ -127,13 +127,6 @@ class StdLibRegExpInterpretation extends RegExpInterpretation::Range {
   }
 }
 
-/**
- * Gets a node whose value may flow (inter-procedurally) to `re`, where it is interpreted
- * as a part of a regular expression.
- */
-cached
-DataFlow::Node regExpSource(DataFlow::Node re) { result = RegExpTracking::regExpSource(re) }
-
 /**
  * Holds if `exec` is a node where `regexp` is interpreted as a regular expression and
  * tested against the string value of `input`.
@@ -209,11 +202,19 @@ private class StdRegexpExecution extends RegexExecution::Range {
 
   override DataFlow::Node getString() { result = input }
 
-  override RegExpTerm getTerm() { result = getTermForNode(regexp) }
-
   override string getName() { result = name }
 }
 
-private RegExpTerm getTermForNode(DataFlow::Node node) {
-  exists(RegExpPatternSource source | source = regExpSource(node) | result = source.getRegExpTerm())
+/**
+ * Gets a node whose value may flow (inter-procedurally) to `re`, where it is interpreted
+ * as a part of a regular expression.
+ */
+cached
+DataFlow::Node regExpSource(DataFlow::Node re) { result = RegExpTracking::regExpSource(re) }
+
+/** Gets a parsed regular expression term that is executed at `exec`. */
+RegExpTerm getTermForExecution(RegexExecution exec) {
+  exists(RegExpPatternSource source | source = regExpSource(exec.getRegex()) |
+    result = source.getRegExpTerm()
+  )
 }
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll
@@ -64,7 +64,7 @@ module PolynomialReDoS {
     RegexExecution exec;
 
     PolynomialBackTrackingTermMatch() {
-      term.getRootTerm() = exec.getTerm() and
+      term.getRootTerm() = RE::getTermForExecution(exec) and
       this = exec.getString()
     }
 

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ module PolynomialReDoS {`
`64`	`64`	`RegexExecution exec;`
`65`	`65`
`66`	`66`	`PolynomialBackTrackingTermMatch() {`
`67`		`- term.getRootTerm() = exec.getTerm() and`
	`67`	`+ term.getRootTerm() = RE::getTermForExecution(exec) and`
`68`	`68`	`this = exec.getString()`
`69`	`69`	`}`
`70`	`70`