Update for rename of ReDoSUtil to NfaUtils

hmac · hmac · commit 1f4dad4167f3 · 2022-08-17T16:03:49.000+12:00
diff --git a/javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationQuery.qll
@@ -36,8 +36,8 @@ private DangerousPrefixSubstring getADangerousMatchedChar(EmptyReplaceRegExpTerm
   result = t.getAMatchedString()
   or
   // A substring matched by some character class. This is only used to match the "word" part of a HTML tag (e.g. "iframe" in "<iframe").
-  exists(ReDoSUtil::CharacterClass cc |
-    cc = ReDoSUtil::getCanonicalCharClass(t) and
+  exists(NfaUtils::CharacterClass cc |
+    cc = NfaUtils::getCanonicalCharClass(t) and
     cc.matches(result) and
     result.regexpMatch("\\w") and
     // excluding character classes that match ">" (e.g. /<[^<]*>/), as these might consume nested HTML tags, and thus prevent the dangerous pattern this query is looking for.
diff --git a/javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationSpecific.qll b/javascript/ql/lib/semmle/javascript/security/IncompleteMultiCharacterSanitizationSpecific.qll
@@ -3,7 +3,7 @@
  */
 
 import javascript
-import semmle.javascript.security.performance.ReDoSUtil as ReDoSUtil
+import semmle.javascript.security.regexp.NfaUtils as NfaUtils
 
 class StringSubstitutionCall = StringReplaceCall;
 
diff --git a/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationQuery.qll b/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationQuery.qll
@@ -36,8 +36,8 @@ private DangerousPrefixSubstring getADangerousMatchedChar(EmptyReplaceRegExpTerm
   result = t.getAMatchedString()
   or
   // A substring matched by some character class. This is only used to match the "word" part of a HTML tag (e.g. "iframe" in "<iframe").
-  exists(ReDoSUtil::CharacterClass cc |
-    cc = ReDoSUtil::getCanonicalCharClass(t) and
+  exists(NfaUtils::CharacterClass cc |
+    cc = NfaUtils::getCanonicalCharClass(t) and
     cc.matches(result) and
     result.regexpMatch("\\w") and
     // excluding character classes that match ">" (e.g. /<[^<]*>/), as these might consume nested HTML tags, and thus prevent the dangerous pattern this query is looking for.
diff --git a/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationSpecific.qll b/ruby/ql/lib/codeql/ruby/security/IncompleteMultiCharacterSanitizationSpecific.qll
@@ -4,7 +4,7 @@
 
 import codeql.ruby.frameworks.core.String
 import codeql.ruby.regexp.RegExpTreeView
-import codeql.ruby.security.performance.ReDoSUtil as ReDoSUtil
+import codeql.ruby.security.regexp.NfaUtils as NfaUtils
 
 /**
  * A regexp term that matches substrings that should be replaced with the empty string.
