From e2caf3e8c0d66475de33b65eb371748a68847f9d Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 29 Aug 2022 21:03:52 +0200 Subject: [PATCH] put a limit on the length of the equivalent range --- .../semmle/code/java/security/OverlyLargeRangeQuery.qll | 7 ++++++- .../semmle/javascript/security/OverlyLargeRangeQuery.qll | 7 ++++++- .../lib/semmle/python/security/OverlyLargeRangeQuery.qll | 7 ++++++- ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll | 7 ++++++- 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll b/java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll index 3a8bf058df87..f83a64116182 100644 --- a/java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll +++ b/java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll @@ -238,8 +238,13 @@ module RangePrinter { /** Gets a char range that is overly large because of `reason`. */ RegExpCharacterRange getABadRange(string reason, int priority) { + result instanceof OverlyWideRange and priority = 0 and - reason = "is equivalent to " + result.(OverlyWideRange).printEquivalent() + exists(string equiv | equiv = result.(OverlyWideRange).printEquivalent() | + if equiv.length() <= 50 + then reason = "is equivalent to " + equiv + else reason = "is equivalent to " + equiv.substring(0, 50) + "..." + ) or priority = 1 and exists(RegExpCharacterRange other | diff --git a/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll b/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll index 3a8bf058df87..f83a64116182 100644 --- a/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll @@ -238,8 +238,13 @@ module RangePrinter { /** Gets a char range that is overly large because of `reason`. */ RegExpCharacterRange getABadRange(string reason, int priority) { + result instanceof OverlyWideRange and priority = 0 and - reason = "is equivalent to " + result.(OverlyWideRange).printEquivalent() + exists(string equiv | equiv = result.(OverlyWideRange).printEquivalent() | + if equiv.length() <= 50 + then reason = "is equivalent to " + equiv + else reason = "is equivalent to " + equiv.substring(0, 50) + "..." + ) or priority = 1 and exists(RegExpCharacterRange other | diff --git a/python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll b/python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll index 3a8bf058df87..f83a64116182 100644 --- a/python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll +++ b/python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll @@ -238,8 +238,13 @@ module RangePrinter { /** Gets a char range that is overly large because of `reason`. */ RegExpCharacterRange getABadRange(string reason, int priority) { + result instanceof OverlyWideRange and priority = 0 and - reason = "is equivalent to " + result.(OverlyWideRange).printEquivalent() + exists(string equiv | equiv = result.(OverlyWideRange).printEquivalent() | + if equiv.length() <= 50 + then reason = "is equivalent to " + equiv + else reason = "is equivalent to " + equiv.substring(0, 50) + "..." + ) or priority = 1 and exists(RegExpCharacterRange other | diff --git a/ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll b/ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll index 3a8bf058df87..f83a64116182 100644 --- a/ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll @@ -238,8 +238,13 @@ module RangePrinter { /** Gets a char range that is overly large because of `reason`. */ RegExpCharacterRange getABadRange(string reason, int priority) { + result instanceof OverlyWideRange and priority = 0 and - reason = "is equivalent to " + result.(OverlyWideRange).printEquivalent() + exists(string equiv | equiv = result.(OverlyWideRange).printEquivalent() | + if equiv.length() <= 50 + then reason = "is equivalent to " + equiv + else reason = "is equivalent to " + equiv.substring(0, 50) + "..." + ) or priority = 1 and exists(RegExpCharacterRange other |