Skip to content

Commit 6676ba9

Browse files
committed
Add initial test data for problem query
1 parent 6d3c6e5 commit 6676ba9

6 files changed

Lines changed: 317 additions & 0 deletions

File tree

Original file line numberDiff line numberDiff line change
@@ -0,0 +1,154 @@
1+
[
2+
{
3+
"nwo": "github/codeql",
4+
"status": "Completed",
5+
"interpretedResults": [
6+
{
7+
"message": {
8+
"tokens": [
9+
{
10+
"t": "text",
11+
"text": "This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'."
12+
}
13+
]
14+
},
15+
"shortDescription": "This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'.",
16+
"fileLink": {
17+
"fileLinkPrefix": "https://github.com/github/codeql/blob/d094bbc06d063d0da8d0303676943c345e61de53",
18+
"filePath": "javascript/extractor/tests/regexp/input/multipart.js"
19+
},
20+
"severity": "Warning",
21+
"codeSnippet": {
22+
"startLine": 15,
23+
"endLine": 22,
24+
"text": "\nvar bad95 = new RegExp(\n \"(a\" + \n \"|\" + \n \"aa)*\" + \n \"b$\"\n);\n\n"
25+
},
26+
"highlightedRegion": {
27+
"startLine": 17,
28+
"startColumn": 6,
29+
"endLine": 20,
30+
"endColumn": 6
31+
},
32+
"codeFlows": []
33+
}
34+
]
35+
},
36+
{
37+
"nwo": "meteor/meteor",
38+
"status": "Completed",
39+
"interpretedResults": [
40+
{
41+
"message": {
42+
"tokens": [
43+
{
44+
"t": "text",
45+
"text": "This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '----'."
46+
}
47+
]
48+
},
49+
"shortDescription": "This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '----'.",
50+
"fileLink": {
51+
"fileLinkPrefix": "https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12",
52+
"filePath": "packages/deprecated/markdown/showdown.js"
53+
},
54+
"severity": "Warning",
55+
"codeSnippet": {
56+
"startLine": 413,
57+
"endLine": 417,
58+
"text": "\t\t/g,hashElement);\n\t*/\n\ttext = text.replace(/(\\n\\n[ ]{0,3}<!(--[^\\r]*?--\\s*)+>[ \\t]*(?=\\n{2,}))/g,hashElement);\n\n\t// PHP and ASP-style processor instructions (<?...?> and <%...%>)\n"
59+
},
60+
"highlightedRegion": {
61+
"startLine": 415,
62+
"startColumn": 41,
63+
"endLine": 415,
64+
"endColumn": 48
65+
},
66+
"codeFlows": []
67+
},
68+
{
69+
"message": {
70+
"tokens": [
71+
{
72+
"t": "text",
73+
"text": "This part of the regular expression may cause exponential backtracking on strings starting with '<!--' and containing many repetitions of '----'."
74+
}
75+
]
76+
},
77+
"shortDescription": "This part of the regular expression may cause exponential backtracking on strings starting with '<!--' and containing many repetitions of '----'.",
78+
"fileLink": {
79+
"fileLinkPrefix": "https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12",
80+
"filePath": "packages/deprecated/markdown/showdown.js"
81+
},
82+
"severity": "Warning",
83+
"codeSnippet": {
84+
"startLine": 521,
85+
"endLine": 525,
86+
"text": "\t// Build a regex to find HTML tags and comments. See Friedl's\n\t// \"Mastering Regular Expressions\", 2nd Ed., pp. 200-201.\n\tvar regex = /(<[a-z\\/!$](\"[^\"]*\"|'[^']*'|[^'\">])*>|<!(--.*?--\\s*)+>)/gi;\n\n\ttext = text.replace(regex, function(wholeMatch) {\n"
87+
},
88+
"highlightedRegion": {
89+
"startLine": 523,
90+
"startColumn": 58,
91+
"endLine": 523,
92+
"endColumn": 61
93+
},
94+
"codeFlows": []
95+
},
96+
{
97+
"message": {
98+
"tokens": [
99+
{
100+
"t": "text",
101+
"text": "This part of the regular expression may cause exponential backtracking on strings starting with ''' and containing many repetitions of '\\&'."
102+
}
103+
]
104+
},
105+
"shortDescription": "This part of the regular expression may cause exponential backtracking on strings starting with ''' and containing many repetitions of '\\&'.",
106+
"fileLink": {
107+
"fileLinkPrefix": "https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12",
108+
"filePath": "tools/tests/apps/modules/imports/links/acorn/src/parseutil.js"
109+
},
110+
"severity": "Warning",
111+
"codeSnippet": {
112+
"startLine": 7,
113+
"endLine": 11,
114+
"text": "// ## Parser utilities\n\nconst literal = /^(?:'((?:\\\\.|[^'])*?)'|\"((?:\\\\.|[^\"])*?)\")/\npp.strictDirective = function(start) {\n for (;;) {\n"
115+
},
116+
"highlightedRegion": {
117+
"startLine": 9,
118+
"startColumn": 24,
119+
"endLine": 9,
120+
"endColumn": 38
121+
},
122+
"codeFlows": []
123+
},
124+
{
125+
"message": {
126+
"tokens": [
127+
{
128+
"t": "text",
129+
"text": "This part of the regular expression may cause exponential backtracking on strings starting with '\"' and containing many repetitions of '\\!'."
130+
}
131+
]
132+
},
133+
"shortDescription": "This part of the regular expression may cause exponential backtracking on strings starting with '\"' and containing many repetitions of '\\!'.",
134+
"fileLink": {
135+
"fileLinkPrefix": "https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12",
136+
"filePath": "tools/tests/apps/modules/imports/links/acorn/src/parseutil.js"
137+
},
138+
"severity": "Warning",
139+
"codeSnippet": {
140+
"startLine": 7,
141+
"endLine": 11,
142+
"text": "// ## Parser utilities\n\nconst literal = /^(?:'((?:\\\\.|[^'])*?)'|\"((?:\\\\.|[^\"])*?)\")/\npp.strictDirective = function(start) {\n for (;;) {\n"
143+
},
144+
"highlightedRegion": {
145+
"startLine": 9,
146+
"startColumn": 43,
147+
"endLine": 9,
148+
"endColumn": 57
149+
},
150+
"codeFlows": []
151+
}
152+
]
153+
}
154+
]
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
{
2+
"queryName": "Inefficient regular expression",
3+
"queryFilePath": "c:\\git-repo\\vscode-codeql-starter\\ql\\javascript\\ql\\src\\Performance\\ReDoS.ql",
4+
"queryText": "/**\n * @name Inefficient regular expression\n * @description A regular expression that requires exponential time to match certain inputs\n * can be a performance bottleneck, and may be vulnerable to denial-of-service\n * attacks.\n * @kind problem\n * @problem.severity error\n * @security-severity 7.5\n * @precision high\n * @id js/redos\n * @tags security\n * external/cwe/cwe-1333\n * external/cwe/cwe-730\n * external/cwe/cwe-400\n */\n\nimport javascript\nimport semmle.javascript.security.performance.ReDoSUtil\nimport semmle.javascript.security.performance.ExponentialBackTracking\n\nfrom RegExpTerm t, string pump, State s, string prefixMsg\nwhere hasReDoSResult(t, pump, s, prefixMsg)\nselect t,\n \"This part of the regular expression may cause exponential backtracking on strings \" + prefixMsg +\n \"containing many repetitions of '\" + pump + \"'.\"\n",
5+
"language": "javascript",
6+
"controllerRepository": {
7+
"owner": "dsp-testing",
8+
"name": "qc-controller"
9+
},
10+
"executionStartTime": 1650464389790,
11+
"actionsWorkflowRunId": 2196289254
12+
}
Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
### github/codeql
2+
3+
[javascript/extractor/tests/regexp/input/multipart.js](https://github.com/github/codeql/blob/d094bbc06d063d0da8d0303676943c345e61de53/javascript/extractor/tests/regexp/input/multipart.js#L17-L20)
4+
5+
<pre><code class="javascript">
6+
7+
var bad95 = new RegExp(
8+
"<strong>(a" + </strong>
9+
<strong> "|" + </strong>
10+
<strong> "aa)*" + </strong>
11+
<strong> "</strong>b$"
12+
);
13+
14+
15+
</code></pre>
16+
17+
*This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'aa'.*
18+
19+
----------------------------------------
Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
### meteor/meteor
2+
3+
[packages/deprecated/markdown/showdown.js](https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12/packages/deprecated/markdown/showdown.js#L415-L415)
4+
5+
<pre><code class="javascript">
6+
/g,hashElement);
7+
*/
8+
text = text.replace(/(\n\n[ ]{0,3}<!(--<strong>[^\r]*?</strong>--\s*)+>[ \t]*(?=\n{2,}))/g,hashElement);
9+
10+
// PHP and ASP-style processor instructions (<?...?> and <%...%>)
11+
12+
</code></pre>
13+
14+
*This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '----'.*
15+
16+
----------------------------------------
17+
18+
[packages/deprecated/markdown/showdown.js](https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12/packages/deprecated/markdown/showdown.js#L523-L523)
19+
20+
<pre><code class="javascript">
21+
// Build a regex to find HTML tags and comments. See Friedl's
22+
// "Mastering Regular Expressions", 2nd Ed., pp. 200-201.
23+
var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|<!(--<strong>.*?</strong>--\s*)+>)/gi;
24+
25+
text = text.replace(regex, function(wholeMatch) {
26+
27+
</code></pre>
28+
29+
*This part of the regular expression may cause exponential backtracking on strings starting with '<!--' and containing many repetitions of '----'.*
30+
31+
----------------------------------------
32+
33+
[tools/tests/apps/modules/imports/links/acorn/src/parseutil.js](https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12/tools/tests/apps/modules/imports/links/acorn/src/parseutil.js#L9-L9)
34+
35+
<pre><code class="javascript">
36+
// ## Parser utilities
37+
38+
const literal = /^(?:'(<strong>(?:\\.|[^'])*?</strong>)'|"((?:\\.|[^"])*?)")/
39+
pp.strictDirective = function(start) {
40+
for (;;) {
41+
42+
</code></pre>
43+
44+
*This part of the regular expression may cause exponential backtracking on strings starting with ''' and containing many repetitions of '\&'.*
45+
46+
----------------------------------------
47+
48+
[tools/tests/apps/modules/imports/links/acorn/src/parseutil.js](https://github.com/meteor/meteor/blob/53f3c4442d3542d3d2a012a854472a0d1bef9d12/tools/tests/apps/modules/imports/links/acorn/src/parseutil.js#L9-L9)
49+
50+
<pre><code class="javascript">
51+
// ## Parser utilities
52+
53+
const literal = /^(?:'((?:\\.|[^'])*?)'|"(<strong>(?:\\.|[^"])*?</strong>)")/
54+
pp.strictDirective = function(start) {
55+
for (;;) {
56+
57+
</code></pre>
58+
59+
*This part of the regular expression may cause exponential backtracking on strings starting with '"' and containing many repetitions of '\!'.*
60+
61+
----------------------------------------
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
### Results for "Inefficient regular expression"
2+
3+
<details>
4+
<summary>Query</summary>
5+
6+
```ql
7+
/**
8+
* @name Inefficient regular expression
9+
* @description A regular expression that requires exponential time to match certain inputs
10+
* can be a performance bottleneck, and may be vulnerable to denial-of-service
11+
* attacks.
12+
* @kind problem
13+
* @problem.severity error
14+
* @security-severity 7.5
15+
* @precision high
16+
* @id js/redos
17+
* @tags security
18+
* external/cwe/cwe-1333
19+
* external/cwe/cwe-730
20+
* external/cwe/cwe-400
21+
*/
22+
23+
import javascript
24+
import semmle.javascript.security.performance.ReDoSUtil
25+
import semmle.javascript.security.performance.ExponentialBackTracking
26+
27+
from RegExpTerm t, string pump, State s, string prefixMsg
28+
where hasReDoSResult(t, pump, s, prefixMsg)
29+
select t,
30+
"This part of the regular expression may cause exponential backtracking on strings " + prefixMsg +
31+
"containing many repetitions of '" + pump + "'."
32+
33+
```
34+
35+
</details>
36+
37+
<br />
38+
39+
### Summary
40+
41+
| Repository | Results |
42+
| --- | --- |
43+
| github/codeql | [1 result(s)](#file-github-codeql-md) |
44+
| meteor/meteor | [4 result(s)](#file-meteor-meteor-md) |

extensions/ql-vscode/test/pure-tests/remote-queries/markdown-generation/markdown-generation.test.ts

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,33 @@ describe('markdown generation', async function() {
3030
expect(markdownFile1.join('\n')).to.equal(expectedTestOutput1);
3131
expect(markdownFile2.join('\n')).to.equal(expectedTestOutput2);
3232
});
33+
34+
it('for problem-query: should generate markdown file for each repo with results', async function() {
35+
const problemQuery = JSON.parse(
36+
await fs.readFile(path.join(__dirname, 'data/interpreted-results/problem/problem-query.json'), 'utf8')
37+
);
38+
39+
const analysesResults = JSON.parse(
40+
await fs.readFile(path.join(__dirname, 'data/interpreted-results/problem/analyses-results.json'), 'utf8')
41+
);
42+
const markdownFiles = generateMarkdown(problemQuery, analysesResults);
43+
44+
// Check that query has results for two repositories, plus a summary file
45+
expect(markdownFiles.length).to.equal(3);
46+
47+
const markdownFile0 = markdownFiles[0]; // summary file
48+
const markdownFile1 = markdownFiles[1]; // results for github/codeql repo
49+
const markdownFile2 = markdownFiles[2]; // results for meteor/meteor repo
50+
51+
const expectedSummaryFile = await readTestOutputFile('data/interpreted-results/problem/summary.md');
52+
const expectedTestOutput1 = await readTestOutputFile('data/interpreted-results/problem/results-repo1.md');
53+
const expectedTestOutput2 = await readTestOutputFile('data/interpreted-results/problem/results-repo2.md');
54+
55+
// Check that markdown output is correct, after making line endings consistent
56+
expect(markdownFile0.join('\n')).to.equal(expectedSummaryFile);
57+
expect(markdownFile1.join('\n')).to.equal(expectedTestOutput1);
58+
expect(markdownFile2.join('\n')).to.equal(expectedTestOutput2);
59+
});
3360
});
3461

3562
/**

0 commit comments

Comments
 (0)