Merge pull request #5613 from github/hmakholm/pr/fix-redos

rdmarsh2 · web-flow · commit e22ec50deee8 · 2021-04-06T15:54:27.000-07:00
Fix ReDOS in cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
diff --git a/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql b/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
@@ -93,7 +93,7 @@ class QuotedCommandInCreateProcessFunctionConfiguration extends DataFlow2::Confi
 
 bindingset[s]
 predicate isQuotedOrNoSpaceApplicationNameOnCmd(string s) {
-  s.regexpMatch("\"([^\"])*\"(\\s|.)*") // The first element (path) is quoted
+  s.regexpMatch("\"([^\"])*\"[\\s\\S]*") // The first element (path) is quoted
   or
   s.regexpMatch("[^\\s]+") // There are no spaces in the string
 }

Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ class QuotedCommandInCreateProcessFunctionConfiguration extends DataFlow2::Confi`
`93`	`93`
`94`	`94`	`bindingset[s]`
`95`	`95`	`predicate isQuotedOrNoSpaceApplicationNameOnCmd(string s) {`
`96`		`- s.regexpMatch("\"([^\"])\"(\\s\|.)") // The first element (path) is quoted`
	`96`	`+ s.regexpMatch("\"([^\"])\"[\\s\\S]") // The first element (path) is quoted`
`97`	`97`	`or`
`98`	`98`	`s.regexpMatch("[^\\s]+") // There are no spaces in the string`
`99`	`99`	`}`