sync files

erik-krogh · erik-krogh · commit 252394666c04 · 2022-09-13T20:44:05.000+02:00
diff --git a/java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll b/java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll
@@ -96,7 +96,10 @@ class OverlyWideRange extends RegExpCharacterRange {
       toCodePoint("A") <= high
       or
       // a non-alphanumeric char as part of the range boundaries
-      exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode()))
+      exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode())) and
+      // while still being ascii
+      low < 128 and
+      high < 128
     ) and
     // allowlist for known ranges
     not this = allowedWideRanges()
diff --git a/python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll b/python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll
@@ -96,7 +96,10 @@ class OverlyWideRange extends RegExpCharacterRange {
       toCodePoint("A") <= high
       or
       // a non-alphanumeric char as part of the range boundaries
-      exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode()))
+      exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode())) and
+      // while still being ascii
+      low < 128 and
+      high < 128
     ) and
     // allowlist for known ranges
     not this = allowedWideRanges()
diff --git a/ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll b/ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll
@@ -96,7 +96,10 @@ class OverlyWideRange extends RegExpCharacterRange {
       toCodePoint("A") <= high
       or
       // a non-alphanumeric char as part of the range boundaries
-      exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode()))
+      exists(int bound | bound = [low, high] | not isAlphanumeric(bound.toUnicode())) and
+      // while still being ascii
+      low < 128 and
+      high < 128
     ) and
     // allowlist for known ranges
     not this = allowedWideRanges()
