search

jf205 / codeql-starter

Starter workspace to use with the CodeQL extension for Visual Studio Code.
MIT License
0 stars 0 forks source link

Query run by jf205 against 21 `javascript` repositories #1

Open github-actions[bot] opened 2 years ago

github-actions[bot] commented 2 years ago

Query

Click to expand ```ql /** * @name Inefficient regular expression * @description A regular expression that requires exponential time to match certain inputs * can be a performance bottleneck, and may be vulnerable to denial-of-service * attacks. * @kind problem * @problem.severity error * @security-severity 7.5 * @precision high * @id js/redos * @tags security * external/cwe/cwe-1333 * external/cwe/cwe-730 * external/cwe/cwe-400 */ import javascript import semmle.javascript.security.performance.ReDoSUtil import semmle.javascript.security.performance.ExponentialBackTracking from RegExpTerm t, string pump, State s, string prefixMsg where hasReDoSResult(t, pump, s, prefixMsg) select t, "This part of the regular expression may cause exponential backtracking on strings " + prefixMsg + "containing many repetitions of '" + pump + "'." ```

Results

Repository Results
Azure/azure-functions-ux 6 result(s)
Automattic/jetpack 4 result(s)
52North/SOS 3 result(s)
B3Partners/tailormap 2 result(s)
AlCalzone/ioBroker.ble No results
AlCalzone/node-tradfri-client No results
ArkEcosystem/core No results
Authenticator-Extension/Authenticator No results
AlCalzone/shared-utils No results
AurityLab/recaptcha-v3 No results
B3Partners/brmo No results
Azure/autorest No results
B3Partners/flamingo-ibis No results
94fzb/zrlog No results
Alfresco/alfresco-ng2-components No results
Alfresco/alfresco-js-api No results
Axosoft/vscode-gitlens No results
Azure/azure-iot-sdk-node No results
AlCalzone/ioBroker.tradfri No results
AlCalzone/node-dtls-client No results
AlCalzone/node-coap-client No results
github-actions[bot] commented 2 years ago

Azure/azure-functions-ux

- Message
[([^\\_] @escapes _(?!_))+](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '@escapes'.
[([^\\*] @escapes \*(?!\*))+](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) This part of the regular expression may cause exponential backtracking on strings starting with '**' and containing many repetitions of '@escapes'.
[([^\\*] @escapes)+](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) This part of the regular expression may cause exponential backtracking on strings starting with '*' and containing many repetitions of '@escapes'.
[([^\\`] @escapes)+](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) This part of the regular expression may cause exponential backtracking on strings starting with '`' and containing many repetitions of '@escapes'.
[(?:[^\]\\] @escapes)*](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) This part of the regular expression may cause exponential backtracking on strings starting with '[' and containing many repetitions of '@escapes'.
[(?:[^\]\\] @escapes)*](https://github.com/Azure/azure-functions-ux/blob/HEAD/client/src/assets/monaco/min/vs/basic-languages/src/markdown.js#L7) This part of the regular expression may cause exponential backtracking on strings starting with '[' and containing many repetitions of '@escapes'.
github-actions[bot] commented 2 years ago

Automattic/jetpack

- Message
[((([a-z] \d [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]) (([a-z] \d [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z] \d - \. _ ~ [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z] \d [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+](https://github.com/Automattic/jetpack/blob/HEAD/projects/plugins/jetpack/modules/sharedaddy/sharing.js#L412) This part of the regular expression may cause exponential backtracking on strings starting with 'a@' and containing many repetitions of '9.9.'.
[([a-z] \d - \. _ ~ [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*](https://github.com/Automattic/jetpack/blob/HEAD/projects/plugins/jetpack/modules/sharedaddy/sharing.js#L412) This part of the regular expression may cause exponential backtracking on strings starting with 'a@a' and containing many repetitions of '9.9'.
[((([a-z] \d [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]) (([a-z] \d [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z] \d - \. _ ~ [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z] \d [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+](https://github.com/Automattic/jetpack/blob/HEAD/projects/plugins/jetpack/modules/widgets/simple-payments/customizer.js#L304) This part of the regular expression may cause exponential backtracking on strings starting with 'a@' and containing many repetitions of '9.9.'.
[([a-z] \d - \. _ ~ [\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*](https://github.com/Automattic/jetpack/blob/HEAD/projects/plugins/jetpack/modules/widgets/simple-payments/customizer.js#L304) This part of the regular expression may cause exponential backtracking on strings starting with 'a@a' and containing many repetitions of '9.9'.
github-actions[bot] commented 2 years ago

52North/SOS

- Message
[([^\-] [\r\n] -[^\-])*](https://github.com/52North/SOS/blob/HEAD/spring/views/src/main/webapp/static/lib/vkbeautify-0.99.00.beta.js#L325) This part of the regular expression may cause exponential backtracking on strings starting with '<!--' and containing many repetitions of '\n'.
[([^*] [\r\n] (\*+([^*/] [\r\n])))*](https://github.com/52North/SOS/blob/HEAD/spring/views/src/main/webapp/static/lib/vkbeautify-0.99.00.beta.js#L341) This part of the regular expression may cause exponential backtracking on strings starting with '/*' and containing many repetitions of '\n'.
[([^*/] [\r\n])](https://github.com/52North/SOS/blob/HEAD/spring/views/src/main/webapp/static/lib/vkbeautify-0.99.00.beta.js#L341) This part of the regular expression may cause exponential backtracking on strings starting with '/**' and containing many repetitions of '\n*'.
github-actions[bot] commented 2 years ago

B3Partners/tailormap

- Message
[(?:\\\] .)*?](https://github.com/B3Partners/tailormap/blob/HEAD/viewer/src/main/webapp/extjs/ext-all-debug.js#L28478) This part of the regular expression may cause exponential backtracking on strings starting with '[=' and containing many repetitions of '\\]'.
[(?:\\\] .)*?](https://github.com/B3Partners/tailormap/blob/HEAD/viewer-admin/src/main/webapp/extjs/ext-all-debug.js#L28478) This part of the regular expression may cause exponential backtracking on strings starting with '[=' and containing many repetitions of '\\]'.