Skip to content
This repository has been archived by the owner on May 14, 2020. It is now read-only.

Extend sql having in rule 942230 #1674

Closed
wants to merge 1 commit into from
Closed

Extend sql having in rule 942230 #1674

wants to merge 1 commit into from

Conversation

franbuehler
Copy link
Contributor

This PR solves issues #1607 and #1598 and adds new regression tests.

A "having" SQL statement only makes sense in combination with a SELECT statement somewhere.

The whole new regex is:
(?i:[\s()]case\s*?\(|\)\s*?like\s*?\(|select.*?having\s*?[^\s]+\s*?[^\w\s]|if\s?\([\d\w]\s*?[=<>~])

The important part is select.*?having\s*?[^\s]+\s*?[^\w\s] (original part was |having\s*?[^\s]+\s*?[^\w\s] only)

I'm not quite sure about my .*? maybe there would be a better option. But we definitely solve the reported false positives. A word boundary with \b would not be sufficient.

For info:
We cover the having clause in 5 other rules too:

util/regexp-assemble/regexp-942190.data:[\"'`];?\s*?having\b\s*?[^\s]
util/regexp-assemble/regexp-942210.data:\/\w+;?\s+having\W
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?and\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?nand\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?or\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?xor\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?xxor\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?div\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?like\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?between\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?not\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?\|\|\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942260.data:[\"'`]\s*?\&\&\s+[\s\w]+=\s*?\w+\s*?having\s+
util/regexp-assemble/regexp-942380.data:\b(?i:having)\b\s+\d{1,10}\s*?[=<>]
util/regexp-assemble/regexp-942380.data:\b(?i:having)\b\s+'[^=]{1,10}'\s*?[=<>]
util/regexp-assemble/regexp-942380.data:\bhaving\b ?\d{1,10} ?[=<>]+
util/regexp-assemble/regexp-942380.data:\bhaving\b ?[\'\"][^=]{1,10}[\'\" ?[=<>]+
util/regexp-assemble/regexp-942380.data:exists\s\b(?i:having)\b\s+\d{1,10}
util/regexp-assemble/regexp-942480.data:\bgroup\b.*?\bby\b.{1,100}?\bhaving\b

@dune73 dune73 mentioned this pull request Feb 2, 2020
Closed
@dune73 dune73 self-requested a review February 10, 2020 20:06
@dune73 dune73 self-assigned this Feb 10, 2020
@dune73
Copy link
Contributor

dune73 commented Feb 11, 2020

Meeting decision: I will review this.

#1671 (comment)

@dune73
Copy link
Contributor

dune73 commented Mar 2, 2020

I'm trying to get Verizon to test this rule on the CDN as a test case of a collaboration on testing rules. Sorry this takes time.

@dune73 dune73 mentioned this pull request Mar 2, 2020
Closed
@dune73 dune73 mentioned this pull request Apr 6, 2020
Closed
This was linked to issues Apr 25, 2020
Rule 942230: False positive #1607
Open
Rule 942230: False positive #1598
Open
@franbuehler franbuehler mentioned this pull request Apr 29, 2020
Closed
@CRS-migration-bot CRS-migration-bot mentioned this pull request May 13, 2020
Closed
@franbuehler franbuehler mentioned this pull request Jun 15, 2020
Merged
@franbuehler franbuehler closed this by deleting the head repository Jun 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dune73 dune73 Awaiting requested review from dune73

Assignees

@dune73 dune73

Labels
In progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Rule 942230: False positive Rule 942230: False positive
2 participants
@franbuehler @dune73