Merge pull request #8373 from hvitved/ruby/regex-multiples-parse-fix

hvitved · web-flow · commit 275902d5580b · 2022-03-09T10:30:01.000+01:00
Ruby: Fix incorrect parsing of ranges
diff --git a/ruby/ql/consistency-queries/RegExpConsistency.ql b/ruby/ql/consistency-queries/RegExpConsistency.ql
@@ -6,3 +6,9 @@ query predicate nonUniqueChild(RegExpParent parent, int i, RegExpTerm child) {
 }
 
 query predicate cyclic(RegExpParent parent) { parent = parent.getAChild+() }
+
+query predicate nonConsecutive(RegExpParent parent, int i) {
+  exists(parent.getChild(i)) and
+  i > 0 and
+  not exists(parent.getChild(i - 1))
+}
diff --git a/ruby/ql/lib/codeql/ruby/security/performance/ParseRegExp.qll b/ruby/ql/lib/codeql/ruby/security/performance/ParseRegExp.qll
@@ -402,7 +402,8 @@ abstract class RegExp extends AST::StringlikeLiteral {
     not exists(int x, int y | this.backreference(x, y) and x <= start and y >= end) and
     not exists(int x, int y |
       this.pStyleNamedCharacterProperty(x, y, _) and x <= start and y >= end
-    )
+    ) and
+    not exists(int x, int y | this.multiples(x, y, _, _) and x <= start and y >= end)
   }
 
   predicate normalCharacter(int start, int end) {
diff --git a/ruby/ql/test/library-tests/regexp/parse.expected b/ruby/ql/test/library-tests/regexp/parse.expected
@@ -29,29 +29,21 @@ regexp.rb:
 #    9| [RegExpRange] a{4,8}
 #-----| 0 -> [RegExpConstant, RegExpNormalChar] a
 
-#    9| [RegExpNormalChar] 4,8}
-
 #   10| [RegExpConstant, RegExpNormalChar] a
 
 #   10| [RegExpRange] a{,8}
 #-----| 0 -> [RegExpConstant, RegExpNormalChar] a
 
-#   10| [RegExpNormalChar] ,8}
-
 #   11| [RegExpConstant, RegExpNormalChar] a
 
 #   11| [InfiniteRepetitionQuantifier, RegExpRange] a{3,}
 #-----| 0 -> [RegExpConstant, RegExpNormalChar] a
 
-#   11| [RegExpNormalChar] 3,}
-
 #   12| [RegExpConstant, RegExpNormalChar] a
 
 #   12| [RegExpRange] a{7}
 #-----| 0 -> [RegExpConstant, RegExpNormalChar] a
 
-#   12| [RegExpNormalChar] 7}
-
 #   15| [RegExpConstant, RegExpNormalChar] foo
 
 #   15| [RegExpAlt] foo|bar
@@ -428,8 +420,6 @@ regexp.rb:
 #   62| [RegExpRange] \p{^Alnum}{2,3}
 #-----| 0 -> [RegExpNamedCharacterProperty] \p{^Alnum}
 
-#   62| [RegExpNormalChar] 2,3}
-
 #   63| [RegExpCharacterClass] [a-f\p{Digit}]
 #-----| 0 -> [RegExpCharacterRange] a-f
 #-----| 1 -> [RegExpNamedCharacterProperty] \p{Digit}
diff --git a/ruby/ql/test/library-tests/regexp/regexp.expected b/ruby/ql/test/library-tests/regexp/regexp.expected
@@ -11,3 +11,181 @@ groupNumber
 | regexp.rb:53:2:53:12 | (?'foo'fo+) | 1 |
 | regexp.rb:56:2:56:5 | (a+) | 1 |
 | regexp.rb:57:2:57:11 | (?<qux>q+) | 1 |
+term
+| regexp.rb:5:2:5:4 | abc | RegExpConstant,RegExpNormalChar |
+| regexp.rb:8:2:8:2 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:8:2:8:3 | a* | RegExpStar |
+| regexp.rb:8:2:8:8 | a*b+c?d | RegExpSequence |
+| regexp.rb:8:4:8:4 | b | RegExpConstant,RegExpNormalChar |
+| regexp.rb:8:4:8:5 | b+ | RegExpPlus |
+| regexp.rb:8:6:8:6 | c | RegExpConstant,RegExpNormalChar |
+| regexp.rb:8:6:8:7 | c? | RegExpOpt |
+| regexp.rb:8:8:8:8 | d | RegExpConstant,RegExpNormalChar |
+| regexp.rb:9:2:9:2 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:9:2:9:7 | a{4,8} | RegExpRange |
+| regexp.rb:10:2:10:2 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:10:2:10:6 | a{,8} | RegExpRange |
+| regexp.rb:11:2:11:2 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:11:2:11:6 | a{3,} | InfiniteRepetitionQuantifier,RegExpRange |
+| regexp.rb:12:2:12:2 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:12:2:12:5 | a{7} | RegExpRange |
+| regexp.rb:15:2:15:4 | foo | RegExpConstant,RegExpNormalChar |
+| regexp.rb:15:2:15:8 | foo\|bar | RegExpAlt |
+| regexp.rb:15:6:15:8 | bar | RegExpConstant,RegExpNormalChar |
+| regexp.rb:18:2:18:6 | [abc] | RegExpCharacterClass |
+| regexp.rb:18:3:18:3 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:18:4:18:4 | b | RegExpConstant,RegExpNormalChar |
+| regexp.rb:18:5:18:5 | c | RegExpConstant,RegExpNormalChar |
+| regexp.rb:19:2:19:13 | [a-fA-F0-9_] | RegExpCharacterClass |
+| regexp.rb:19:3:19:3 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:19:3:19:5 | a-f | RegExpCharacterRange |
+| regexp.rb:19:5:19:5 | f | RegExpConstant,RegExpNormalChar |
+| regexp.rb:19:6:19:6 | A | RegExpConstant,RegExpNormalChar |
+| regexp.rb:19:6:19:8 | A-F | RegExpCharacterRange |
+| regexp.rb:19:8:19:8 | F | RegExpConstant,RegExpNormalChar |
+| regexp.rb:19:9:19:9 | 0 | RegExpConstant,RegExpNormalChar |
+| regexp.rb:19:9:19:11 | 0-9 | RegExpCharacterRange |
+| regexp.rb:19:11:19:11 | 9 | RegExpConstant,RegExpNormalChar |
+| regexp.rb:19:12:19:12 | _ | RegExpConstant,RegExpNormalChar |
+| regexp.rb:20:2:20:3 | \\A | RegExpCaret |
+| regexp.rb:20:2:20:11 | \\A[+-]?\\d+ | RegExpSequence |
+| regexp.rb:20:4:20:7 | [+-] | RegExpCharacterClass |
+| regexp.rb:20:4:20:8 | [+-]? | RegExpOpt |
+| regexp.rb:20:5:20:5 | + | RegExpConstant,RegExpNormalChar |
+| regexp.rb:20:6:20:6 | - | RegExpConstant,RegExpNormalChar |
+| regexp.rb:20:9:20:10 | \\d | RegExpCharacterClassEscape |
+| regexp.rb:20:9:20:11 | \\d+ | RegExpPlus |
+| regexp.rb:21:2:21:5 | [\\w] | RegExpCharacterClass |
+| regexp.rb:21:2:21:6 | [\\w]+ | RegExpPlus |
+| regexp.rb:21:3:21:4 | \\w | RegExpCharacterClassEscape |
+| regexp.rb:22:2:22:3 | \\[ | RegExpConstant,RegExpEscape |
+| regexp.rb:22:2:22:10 | \\[\\][123] | RegExpSequence |
+| regexp.rb:22:4:22:5 | \\] | RegExpConstant,RegExpEscape |
+| regexp.rb:22:6:22:10 | [123] | RegExpCharacterClass |
+| regexp.rb:22:7:22:7 | 1 | RegExpConstant,RegExpNormalChar |
+| regexp.rb:22:8:22:8 | 2 | RegExpConstant,RegExpNormalChar |
+| regexp.rb:22:9:22:9 | 3 | RegExpConstant,RegExpNormalChar |
+| regexp.rb:23:2:23:7 | [^A-Z] | RegExpCharacterClass |
+| regexp.rb:23:4:23:4 | A | RegExpConstant,RegExpNormalChar |
+| regexp.rb:23:4:23:6 | A-Z | RegExpCharacterRange |
+| regexp.rb:23:6:23:6 | Z | RegExpConstant,RegExpNormalChar |
+| regexp.rb:24:2:24:4 | []] | RegExpCharacterClass |
+| regexp.rb:24:3:24:3 | ] | RegExpConstant,RegExpNormalChar |
+| regexp.rb:25:2:25:5 | [^]] | RegExpCharacterClass |
+| regexp.rb:25:4:25:4 | ] | RegExpConstant,RegExpNormalChar |
+| regexp.rb:26:2:26:5 | [^-] | RegExpCharacterClass |
+| regexp.rb:26:4:26:4 | - | RegExpConstant,RegExpNormalChar |
+| regexp.rb:27:2:27:4 | [\|] | RegExpCharacterClass |
+| regexp.rb:27:3:27:3 | \| | RegExpConstant,RegExpNormalChar |
+| regexp.rb:30:2:30:7 | [[a-f] | RegExpCharacterClass |
+| regexp.rb:30:2:30:11 | [[a-f]A-F] | RegExpSequence |
+| regexp.rb:30:3:30:3 | [ | RegExpConstant,RegExpNormalChar |
+| regexp.rb:30:4:30:4 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:30:4:30:6 | a-f | RegExpCharacterRange |
+| regexp.rb:30:6:30:6 | f | RegExpConstant,RegExpNormalChar |
+| regexp.rb:30:8:30:11 | A-F] | RegExpConstant,RegExpNormalChar |
+| regexp.rb:33:2:33:2 | . | RegExpDot |
+| regexp.rb:33:2:33:3 | .* | RegExpStar |
+| regexp.rb:34:2:34:2 | . | RegExpDot |
+| regexp.rb:34:2:34:3 | .* | RegExpStar |
+| regexp.rb:35:2:35:3 | \\w | RegExpCharacterClassEscape |
+| regexp.rb:35:2:35:4 | \\w+ | RegExpPlus |
+| regexp.rb:35:2:35:6 | \\w+\\W | RegExpSequence |
+| regexp.rb:35:5:35:6 | \\W | RegExpCharacterClassEscape |
+| regexp.rb:36:2:36:3 | \\s | RegExpCharacterClassEscape |
+| regexp.rb:36:2:36:5 | \\s\\S | RegExpSequence |
+| regexp.rb:36:4:36:5 | \\S | RegExpCharacterClassEscape |
+| regexp.rb:37:2:37:3 | \\d | RegExpCharacterClassEscape |
+| regexp.rb:37:2:37:5 | \\d\\D | RegExpSequence |
+| regexp.rb:37:4:37:5 | \\D | RegExpCharacterClassEscape |
+| regexp.rb:38:2:38:3 | \\h | RegExpCharacterClassEscape |
+| regexp.rb:38:2:38:5 | \\h\\H | RegExpSequence |
+| regexp.rb:38:4:38:5 | \\H | RegExpCharacterClassEscape |
+| regexp.rb:39:2:39:3 | \\n | RegExpConstant,RegExpEscape |
+| regexp.rb:39:2:39:7 | \\n\\r\\t | RegExpSequence |
+| regexp.rb:39:4:39:5 | \\r | RegExpConstant,RegExpEscape |
+| regexp.rb:39:6:39:7 | \\t | RegExpConstant,RegExpEscape |
+| regexp.rb:42:2:42:3 | \\G | RegExpSpecialChar |
+| regexp.rb:42:2:42:6 | \\Gabc | RegExpSequence |
+| regexp.rb:42:4:42:6 | abc | RegExpConstant,RegExpNormalChar |
+| regexp.rb:43:2:43:3 | \\b | RegExpSpecialChar |
+| regexp.rb:43:2:43:7 | \\b!a\\B | RegExpSequence |
+| regexp.rb:43:4:43:5 | !a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:43:6:43:7 | \\B | RegExpSpecialChar |
+| regexp.rb:46:2:46:6 | (foo) | RegExpGroup |
+| regexp.rb:46:2:46:7 | (foo)* | RegExpStar |
+| regexp.rb:46:2:46:10 | (foo)*bar | RegExpSequence |
+| regexp.rb:46:3:46:5 | foo | RegExpConstant,RegExpNormalChar |
+| regexp.rb:46:8:46:10 | bar | RegExpConstant,RegExpNormalChar |
+| regexp.rb:47:2:47:3 | fo | RegExpConstant,RegExpNormalChar |
+| regexp.rb:47:2:47:10 | fo(o\|b)ar | RegExpSequence |
+| regexp.rb:47:4:47:8 | (o\|b) | RegExpGroup |
+| regexp.rb:47:5:47:5 | o | RegExpConstant,RegExpNormalChar |
+| regexp.rb:47:5:47:7 | o\|b | RegExpAlt |
+| regexp.rb:47:7:47:7 | b | RegExpConstant,RegExpNormalChar |
+| regexp.rb:47:9:47:10 | ar | RegExpConstant,RegExpNormalChar |
+| regexp.rb:48:2:48:9 | (a\|b\|cd) | RegExpGroup |
+| regexp.rb:48:2:48:10 | (a\|b\|cd)e | RegExpSequence |
+| regexp.rb:48:3:48:3 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:48:3:48:8 | a\|b\|cd | RegExpAlt |
+| regexp.rb:48:5:48:5 | b | RegExpConstant,RegExpNormalChar |
+| regexp.rb:48:7:48:8 | cd | RegExpConstant,RegExpNormalChar |
+| regexp.rb:48:10:48:10 | e | RegExpConstant,RegExpNormalChar |
+| regexp.rb:49:2:49:7 | (?::+) | RegExpGroup |
+| regexp.rb:49:2:49:9 | (?::+)\\w | RegExpSequence |
+| regexp.rb:49:5:49:5 | : | RegExpConstant,RegExpNormalChar |
+| regexp.rb:49:5:49:6 | :+ | RegExpPlus |
+| regexp.rb:49:8:49:9 | \\w | RegExpCharacterClassEscape |
+| regexp.rb:52:2:52:11 | (?<id>\\w+) | RegExpGroup |
+| regexp.rb:52:8:52:9 | \\w | RegExpCharacterClassEscape |
+| regexp.rb:52:8:52:10 | \\w+ | RegExpPlus |
+| regexp.rb:53:2:53:12 | (?'foo'fo+) | RegExpGroup |
+| regexp.rb:53:9:53:9 | f | RegExpConstant,RegExpNormalChar |
+| regexp.rb:53:9:53:11 | fo+ | RegExpSequence |
+| regexp.rb:53:10:53:10 | o | RegExpConstant,RegExpNormalChar |
+| regexp.rb:53:10:53:11 | o+ | RegExpPlus |
+| regexp.rb:56:2:56:5 | (a+) | RegExpGroup |
+| regexp.rb:56:2:56:9 | (a+)b+\\1 | RegExpSequence |
+| regexp.rb:56:3:56:3 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:56:3:56:4 | a+ | RegExpPlus |
+| regexp.rb:56:6:56:6 | b | RegExpConstant,RegExpNormalChar |
+| regexp.rb:56:6:56:7 | b+ | RegExpPlus |
+| regexp.rb:56:8:56:9 | \\1 | RegExpBackRef |
+| regexp.rb:57:2:57:11 | (?<qux>q+) | RegExpGroup |
+| regexp.rb:57:2:57:22 | (?<qux>q+)\\s+\\k<qux>+ | RegExpSequence |
+| regexp.rb:57:9:57:9 | q | RegExpConstant,RegExpNormalChar |
+| regexp.rb:57:9:57:10 | q+ | RegExpPlus |
+| regexp.rb:57:12:57:13 | \\s | RegExpCharacterClassEscape |
+| regexp.rb:57:12:57:14 | \\s+ | RegExpPlus |
+| regexp.rb:57:15:57:21 | \\k<qux> | RegExpBackRef |
+| regexp.rb:57:15:57:22 | \\k<qux>+ | RegExpPlus |
+| regexp.rb:60:2:60:9 | \\p{Word} | RegExpNamedCharacterProperty |
+| regexp.rb:60:2:60:10 | \\p{Word}* | RegExpStar |
+| regexp.rb:61:2:61:10 | \\P{Digit} | RegExpNamedCharacterProperty |
+| regexp.rb:61:2:61:11 | \\P{Digit}+ | RegExpPlus |
+| regexp.rb:62:2:62:11 | \\p{^Alnum} | RegExpNamedCharacterProperty |
+| regexp.rb:62:2:62:16 | \\p{^Alnum}{2,3} | RegExpRange |
+| regexp.rb:63:2:63:15 | [a-f\\p{Digit}] | RegExpCharacterClass |
+| regexp.rb:63:2:63:16 | [a-f\\p{Digit}]+ | RegExpPlus |
+| regexp.rb:63:3:63:3 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:63:3:63:5 | a-f | RegExpCharacterRange |
+| regexp.rb:63:5:63:5 | f | RegExpConstant,RegExpNormalChar |
+| regexp.rb:63:6:63:14 | \\p{Digit} | RegExpNamedCharacterProperty |
+| regexp.rb:66:2:66:12 | [[:alpha:]] | RegExpCharacterClass |
+| regexp.rb:66:2:66:23 | [[:alpha:]][[:digit:]] | RegExpSequence |
+| regexp.rb:66:3:66:11 | [:alpha:] | RegExpNamedCharacterProperty |
+| regexp.rb:66:13:66:23 | [[:digit:]] | RegExpCharacterClass |
+| regexp.rb:66:14:66:22 | [:digit:] | RegExpNamedCharacterProperty |
+| regexp.rb:69:2:69:21 | [[:alpha:][:digit:]] | RegExpCharacterClass |
+| regexp.rb:69:3:69:11 | [:alpha:] | RegExpNamedCharacterProperty |
+| regexp.rb:69:12:69:20 | [:digit:] | RegExpNamedCharacterProperty |
+| regexp.rb:72:2:72:18 | [A-F[:digit:]a-f] | RegExpCharacterClass |
+| regexp.rb:72:3:72:3 | A | RegExpConstant,RegExpNormalChar |
+| regexp.rb:72:3:72:5 | A-F | RegExpCharacterRange |
+| regexp.rb:72:5:72:5 | F | RegExpConstant,RegExpNormalChar |
+| regexp.rb:72:6:72:14 | [:digit:] | RegExpNamedCharacterProperty |
+| regexp.rb:72:15:72:15 | a | RegExpConstant,RegExpNormalChar |
+| regexp.rb:72:15:72:17 | a-f | RegExpCharacterRange |
+| regexp.rb:72:17:72:17 | f | RegExpConstant,RegExpNormalChar |
+| regexp.rb:75:2:75:10 | [:digit:] | RegExpNamedCharacterProperty |
+| regexp.rb:79:2:79:4 | abc | RegExpConstant,RegExpNormalChar |
diff --git a/ruby/ql/test/library-tests/regexp/regexp.ql b/ruby/ql/test/library-tests/regexp/regexp.ql
@@ -3,3 +3,5 @@ import codeql.ruby.security.performance.RegExpTreeView
 query predicate groupName(RegExpGroup g, string name) { name = g.getName() }
 
 query predicate groupNumber(RegExpGroup g, int number) { number = g.getNumber() }
+
+query predicate term(RegExpTerm term, string c) { c = term.getPrimaryQlClasses() }

Original file line number	Diff line number	Diff line change
`@@ -6,3 +6,9 @@ query predicate nonUniqueChild(RegExpParent parent, int i, RegExpTerm child) {`
`6`	`6`	`}`
`7`	`7`
`8`	`8`	`query predicate cyclic(RegExpParent parent) { parent = parent.getAChild+() }`
	`9`	`+`
	`10`	`+query predicate nonConsecutive(RegExpParent parent, int i) {`
	`11`	`+ exists(parent.getChild(i)) and`
	`12`	`+ i > 0 and`
	`13`	`+ not exists(parent.getChild(i - 1))`
	`14`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -402,7 +402,8 @@ abstract class RegExp extends AST::StringlikeLiteral {`
`402`	`402`	`not exists(int x, int y \| this.backreference(x, y) and x <= start and y >= end) and`
`403`	`403`	`not exists(int x, int y \|`
`404`	`404`	`this.pStyleNamedCharacterProperty(x, y, _) and x <= start and y >= end`
`405`		`- )`
	`405`	`+ ) and`
	`406`	`+ not exists(int x, int y \| this.multiples(x, y, _, _) and x <= start and y >= end)`
`406`	`407`	`}`
`407`	`408`
`408`	`409`	`predicate normalCharacter(int start, int end) {`