Skip to content

Commit 1477974

Browse files
committed
the RegexExecution concept does not need to have getTerm()
1 parent 1a3c9c8 commit 1477974

File tree

3 files changed

+13
-18
lines changed

3 files changed

+13
-18
lines changed

ruby/ql/lib/codeql/ruby/Concepts.qll

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -91,9 +91,6 @@ class RegexExecution extends DataFlow::Node instanceof RegexExecution::Range {
9191
/** Gets a dataflow node for the string to be searched or matched against. */
9292
DataFlow::Node getString() { result = super.getString() }
9393

94-
/** Gets a parsed regular expression term that is executed at this node. */
95-
RE::RegExpTerm getTerm() { result = super.getTerm() }
96-
9794
/**
9895
* Gets the name of this regex execution, typically the name of an executing method.
9996
* This is used for nice alert messages and should include the module if possible.
@@ -116,9 +113,6 @@ module RegexExecution {
116113
/** Gets a dataflow node for the string to be searched or matched against. */
117114
abstract DataFlow::Node getString();
118115

119-
/** Gets the parsed regular expression term that is executed by this node. */
120-
abstract RE::RegExpTerm getTerm();
121-
122116
/**
123117
* Gets the name of this regex execution, typically the name of an executing method.
124118
* This is used for nice alert messages and should include the module if possible.

ruby/ql/lib/codeql/ruby/Regexp.qll

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -127,13 +127,6 @@ class StdLibRegExpInterpretation extends RegExpInterpretation::Range {
127127
}
128128
}
129129

130-
/**
131-
* Gets a node whose value may flow (inter-procedurally) to `re`, where it is interpreted
132-
* as a part of a regular expression.
133-
*/
134-
cached
135-
DataFlow::Node regExpSource(DataFlow::Node re) { result = RegExpTracking::regExpSource(re) }
136-
137130
/**
138131
* Holds if `exec` is a node where `regexp` is interpreted as a regular expression and
139132
* tested against the string value of `input`.
@@ -209,11 +202,19 @@ private class StdRegexpExecution extends RegexExecution::Range {
209202

210203
override DataFlow::Node getString() { result = input }
211204

212-
override RegExpTerm getTerm() { result = getTermForNode(regexp) }
213-
214205
override string getName() { result = name }
215206
}
216207

217-
private RegExpTerm getTermForNode(DataFlow::Node node) {
218-
exists(RegExpPatternSource source | source = regExpSource(node) | result = source.getRegExpTerm())
208+
/**
209+
* Gets a node whose value may flow (inter-procedurally) to `re`, where it is interpreted
210+
* as a part of a regular expression.
211+
*/
212+
cached
213+
DataFlow::Node regExpSource(DataFlow::Node re) { result = RegExpTracking::regExpSource(re) }
214+
215+
/** Gets a parsed regular expression term that is executed at `exec`. */
216+
RegExpTerm getTermForExecution(RegexExecution exec) {
217+
exists(RegExpPatternSource source | source = regExpSource(exec.getRegex()) |
218+
result = source.getRegExpTerm()
219+
)
219220
}

ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ module PolynomialReDoS {
6464
RegexExecution exec;
6565

6666
PolynomialBackTrackingTermMatch() {
67-
term.getRootTerm() = exec.getTerm() and
67+
term.getRootTerm() = RE::getTermForExecution(exec) and
6868
this = exec.getString()
6969
}
7070

0 commit comments

Comments
 (0)