CodeQL library for Java
codeql/java-all 0.4.4 (changelog, source)
Search

Module PolynomialReDoSQuery

Definitions and configurations for the Polynomial ReDoS query

Import path

import semmle.code.java.security.regexp.PolynomialReDoSQuery

Imports

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

FlowSources

Provides classes representing various flow sources for taint tracking.

RegexFlowConfigs

Defines configurations and steps for handling regexes

Predicates

hasPolynomialReDoSResult

Holds if there is flow from source to sink that is matched against the regexp term regexp that is vulnerable to Polynomial ReDoS.

Classes

PolynomialRedosConfig

A configuration for Polynomial ReDoS queries.

PolynomialRedosSink

A sink for polynomial redos queries, where a regex is matched.

Aliases

SuperlinearBackTracking

A parameterized module implementing the analysis described in the above papers.