Skip to content

Commit 3f33faf

Browse files
owen-mcowen-mc
committed
Convert regex injection barrier to MaD
1 parent 07f914c commit 3f33faf

File tree

2 files changed

+7
-11
lines changed

2 files changed

+7
-11
lines changed

java/ql/lib/ext/java.util.regex.model.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,11 @@ extensions:
1212
- ["java.util.regex", "Pattern", False, "split", "(CharSequence)", "", "Argument[this]", "regex-use[0]", "manual"]
1313
- ["java.util.regex", "Pattern", False, "split", "(CharSequence,int)", "", "Argument[this]", "regex-use[0]", "manual"]
1414
- ["java.util.regex", "Pattern", False, "splitAsStream", "(CharSequence)", "", "Argument[this]", "regex-use[0]", "manual"]
15+
- addsTo:
16+
pack: codeql/java-all
17+
extensible: barrierModel
18+
data:
19+
- ["java.util.regex", "Pattern", False, "quote", "(String)", "", "ReturnValue", "regex-use", "manual"]
1520
- addsTo:
1621
pack: codeql/java-all
1722
extensible: summaryModel

java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -21,17 +21,8 @@ private class DefaultRegexInjectionSink extends RegexInjectionSink {
2121
}
2222
}
2323

24-
/**
25-
* A call to the `Pattern.quote` method, which gives metacharacters or escape sequences
26-
* no special meaning.
27-
*/
28-
private class PatternQuoteCall extends RegexInjectionSanitizer {
29-
PatternQuoteCall() {
30-
exists(MethodCall ma, Method m | m = ma.getMethod() |
31-
ma.getArgument(0) = this.asExpr() and
32-
m instanceof PatternQuoteMethod
33-
)
34-
}
24+
private class DefaultRegexInjectionSanitizer extends RegexInjectionSanitizer {
25+
DefaultRegexInjectionSanitizer() { barrierNode(this, "regex-use") }
3526
}
3627

3728
/**

0 commit comments

Comments
 (0)