Skip to content

Commit a51f17e

Browse files
committed
Ruby: introduce RegExpPatternSource
1 parent 1240c11 commit a51f17e

File tree

1 file changed

+46
-1
lines changed

1 file changed

+46
-1
lines changed

ruby/ql/lib/codeql/ruby/security/performance/RegExpTreeView.qll

Lines changed: 46 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
private import codeql.ruby.ast.Literal as AST
2-
private import codeql.Locations
32
private import ParseRegExp
3+
import codeql.Locations
4+
private import codeql.ruby.DataFlow
45

56
/**
67
* Holds if `term` is an ecape class representing e.g. `\d`.
@@ -794,3 +795,47 @@ class RegExpNamedCharacterProperty extends RegExpTerm, TRegExpNamedCharacterProp
794795
RegExpTerm getParsedRegExp(AST::RegExpLiteral re) {
795796
result.getRegExp() = re and result.isRootTerm()
796797
}
798+
799+
/**
800+
* A node whose value may flow to a position where it is interpreted
801+
* as a part of a regular expression.
802+
*/
803+
abstract class RegExpPatternSource extends DataFlow::Node {
804+
/**
805+
* Gets a node where the pattern of this node is parsed as a part of
806+
* a regular expression.
807+
*/
808+
abstract DataFlow::Node getAParse();
809+
810+
/**
811+
* Gets the root term of the regular expression parsed from this pattern.
812+
*/
813+
abstract RegExpTerm getRegExpTerm();
814+
}
815+
816+
/**
817+
* A regular expression literal, viewed as the pattern source for itself.
818+
*/
819+
private class RegExpLiteralPatternSource extends RegExpPatternSource {
820+
private AST::RegExpLiteral astNode;
821+
822+
RegExpLiteralPatternSource() { astNode = this.asExpr().getExpr() }
823+
824+
override DataFlow::Node getAParse() { result = this }
825+
826+
override RegExpTerm getRegExpTerm() { result = astNode.getParsed() }
827+
}
828+
829+
/**
830+
* A node whose string value may flow to a position where it is interpreted
831+
* as a part of a regular expression.
832+
*/
833+
private class StringRegExpPatternSource extends RegExpPatternSource {
834+
private DataFlow::Node parse;
835+
836+
StringRegExpPatternSource() { this = regExpSource(parse) }
837+
838+
override DataFlow::Node getAParse() { result = parse }
839+
840+
override RegExpTerm getRegExpTerm() { result.getRegExp() = this.asExpr().getExpr() }
841+
}

0 commit comments

Comments
 (0)