New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JS/PY/RB: get ReDoSUtil in sync for ruby #7173
Conversation
|
From the PR title, it sounds to me like this only changes the Ruby implementation, but that is clearly not the case. Can you elaborate a bit? |
|
When I added the ReDoS queries for Ruby, I started from the existing Python parser and the JS/Python I haven't reviewed @erik-krogh's changes closely yet, but it looks he's generalised the concept of a character class so that the code can be shared with Ruby without losing support for those constructs. Is that right? Edit: if that is correct, then this also paves the way for supporting the |
That is exactly right. The new predicate generalizes escape classes, and "normalizes" them to |
Just a typo in a comment, but otherwise looks great. Thanks for doing this!
ruby/ql/test/query-tests/security/cwe-1333-exponential-redos/tst.rb
Outdated
Show resolved
Hide resolved
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
No description provided.
The text was updated successfully, but these errors were encountered: