Merge pull request #10220 from erik-krogh/overlapsWithNothing

print a correct range for ranges that doesn't contain any alpha-numeric chars

Author: erik-krogh

java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll

@@ -173,7 +173,7 @@ module RangePrinter {
   }
 
   /** Gets the number of parts we should print for a given `range`. */
-  private int parts(OverlyWideRange range) { result = 1 + strictcount(cutoff(range, _)) }
+  private int parts(OverlyWideRange range) { result = 1 + count(cutoff(range, _)) }
 
   /** Holds if the given part of a range should span from `low` to `high`. */
   private predicate part(OverlyWideRange range, int part, string low, string high) {

javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll

@@ -173,7 +173,7 @@ module RangePrinter {
   }
 
   /** Gets the number of parts we should print for a given `range`. */
-  private int parts(OverlyWideRange range) { result = 1 + strictcount(cutoff(range, _)) }
+  private int parts(OverlyWideRange range) { result = 1 + count(cutoff(range, _)) }
 
   /** Holds if the given part of a range should span from `low` to `high`. */
   private predicate part(OverlyWideRange range, int part, string low, string high) {

python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll

@@ -173,7 +173,7 @@ module RangePrinter {
   }
 
   /** Gets the number of parts we should print for a given `range`. */
-  private int parts(OverlyWideRange range) { result = 1 + strictcount(cutoff(range, _)) }
+  private int parts(OverlyWideRange range) { result = 1 + count(cutoff(range, _)) }
 
   /** Holds if the given part of a range should span from `low` to `high`. */
   private predicate part(OverlyWideRange range, int part, string low, string high) {

ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll

@@ -173,7 +173,7 @@ module RangePrinter {
   }
 
   /** Gets the number of parts we should print for a given `range`. */
-  private int parts(OverlyWideRange range) { result = 1 + strictcount(cutoff(range, _)) }
+  private int parts(OverlyWideRange range) { result = 1 + count(cutoff(range, _)) }
 
   /** Holds if the given part of a range should span from `low` to `high`. */
   private predicate part(OverlyWideRange range, int part, string low, string high) {

ruby/ql/test/query-tests/security/cwe-020/SuspiciousRegexpRange/OverlyLargeRangeQuery.expected

@@ -8,3 +8,4 @@
 | suspicous_regexp_range.rb:23:20:23:22 | 7-F | Suspicious character range that is equivalent to [7-9:;<=>?@A-F]. |
 | suspicous_regexp_range.rb:25:24:25:26 | 0-9 | Suspicious character range that overlaps with \\d in the same character class. |
 | suspicous_regexp_range.rb:27:27:27:29 | .-? | Suspicious character range that overlaps with \\w in the same character class, and is equivalent to [.\\/0-9:;<=>?]. |
+| suspicous_regexp_range.rb:33:28:33:30 | %-. | Suspicious character range that is equivalent to [%&'()*+,\\-.]. |

ruby/ql/test/query-tests/security/cwe-020/SuspiciousRegexpRange/suspicous_regexp_range.rb

@@ -29,3 +29,5 @@
 escapes = /[\000-\037\047\134\177-\377]/n # OK - they are escapes
 
 nested = /[a-z&&[^a-c]]/ # OK
+
+overlapsWithNothing = /[\w_%-.]/;