Skip to content

Commit d0563c8

Browse files
authored
Merge pull request github#6665 from smowton/smowton/fix/python-redos-invalid-utf16
ReDoS: fix unpaired surrogate test
2 parents 2db039f + 38cc9be commit d0563c8

File tree

3 files changed

+10
-8
lines changed

3 files changed

+10
-8
lines changed

python/ql/test/library-tests/regexparser/redos.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -266,11 +266,11 @@
266266
# GOOD
267267
good27 = re.compile(r'''(thisisagoddamnlongstringforstresstestingthequery|imanotherbutunrelatedstringcomparedtotheotherstring)*-''')
268268

269-
# GOOD
270-
good28 = re.compile(r'''foo([\uDC66\uDC67]|[\uDC68\uDC69])*foo''')
269+
# GOOD (but false positive caused by the extractor converting all four unpaired surrogates to \uFFFD)
270+
good28 = re.compile('''foo([\uDC66\uDC67]|[\uDC68\uDC69])*foo''')
271271

272-
# GOOD
273-
good29 = re.compile(r'''foo((\uDC66|\uDC67)|(\uDC68|\uDC69))*foo''')
272+
# GOOD (but false positive caused by the extractor converting all four unpaired surrogates to \uFFFD)
273+
good29 = re.compile('''foo((\uDC66|\uDC67)|(\uDC68|\uDC69))*foo''')
274274

275275
# NOT GOOD (but cannot currently construct a prefix)
276276
bad62 = re.compile(r'''a{2,3}(b+)+X''')

python/ql/test/query-tests/Security/CWE-730-ReDoS/ReDoS.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,8 @@
6565
| redos.py:259:24:259:126 | (.thisisagoddamnlongstringforstresstestingthequery\|\\sthisisagoddamnlongstringforstresstestingthequery)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of ' thisisagoddamnlongstringforstresstestingthequery'. |
6666
| redos.py:262:24:262:87 | (thisisagoddamnlongstringforstresstestingthequery\|this\\w+query)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'thisisagoddamnlongstringforstresstestingthequery'. |
6767
| redos.py:262:78:262:80 | \\w+ | This part of the regular expression may cause exponential backtracking on strings starting with 'this' and containing many repetitions of 'aquerythis'. |
68+
| redos.py:268:28:268:39 | ([\ufffd\ufffd]\|[\ufffd\ufffd])* | This part of the regular expression may cause exponential backtracking on strings starting with 'foo' and containing many repetitions of '\ufffd'. |
69+
| redos.py:271:28:271:41 | ((\ufffd\|\ufffd)\|(\ufffd\|\ufffd))* | This part of the regular expression may cause exponential backtracking on strings starting with 'foo' and containing many repetitions of '\ufffd'. |
6870
| redos.py:274:31:274:32 | b+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'b'. |
6971
| redos.py:277:48:277:50 | \\s* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '"" a='. |
7072
| redos.py:283:26:283:27 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |

python/ql/test/query-tests/Security/CWE-730-ReDoS/redos.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -264,11 +264,11 @@
264264
# GOOD
265265
good27 = re.compile(r'''(thisisagoddamnlongstringforstresstestingthequery|imanotherbutunrelatedstringcomparedtotheotherstring)*-''')
266266

267-
# GOOD
268-
good28 = re.compile(r'''foo([\uDC66\uDC67]|[\uDC68\uDC69])*foo''')
267+
# GOOD (but false positive caused by the extractor converting all four unpaired surrogates to \uFFFD)
268+
good28 = re.compile('''foo([\uDC66\uDC67]|[\uDC68\uDC69])*foo''')
269269

270-
# GOOD
271-
good29 = re.compile(r'''foo((\uDC66|\uDC67)|(\uDC68|\uDC69))*foo''')
270+
# GOOD (but false positive caused by the extractor converting all four unpaired surrogates to \uFFFD)
271+
good29 = re.compile('''foo((\uDC66|\uDC67)|(\uDC68|\uDC69))*foo''')
272272

273273
# NOT GOOD (but cannot currently construct a prefix)
274274
bad62 = re.compile(r'''a{2,3}(b+)+X''')

0 commit comments

Comments
 (0)