55
66class PolyRedosTest {
77 void test (HttpServletRequest request ) {
8- String tainted = request .getParameter ("inp" );
8+ String tainted = request .getParameter ("inp" ); // $ Source[java/polynomial-redos]
99 String reg = "0\\ .\\ d+E?\\ d+!" ;
1010 Predicate <String > dummyPred = (s -> s .length () % 7 == 0 );
11-
12- tainted .matches (reg ); // $ hasPolyRedos
13- tainted .split (reg ); // $ hasPolyRedos
14- tainted .split (reg , 7 ); // $ hasPolyRedos
15- tainted .replaceAll (reg , "a" ); // $ hasPolyRedos
16- tainted .replaceFirst (reg , "a" ); // $ hasPolyRedos
17- Pattern .matches (reg , tainted ); // $ hasPolyRedos
18- Pattern .compile (reg ).matcher (tainted ).matches (); // $ hasPolyRedos
19- Pattern .compile (reg ).split (tainted ); // $ hasPolyRedos
20- Pattern .compile (reg , Pattern .DOTALL ).split (tainted ); // $ hasPolyRedos
21- Pattern .compile (reg ).split (tainted , 7 ); // $ hasPolyRedos
22- Pattern .compile (reg ).splitAsStream (tainted ); // $ hasPolyRedos
23- Pattern .compile (reg ).asPredicate ().test (tainted ); // $ hasPolyRedos
24- Pattern .compile (reg ).asMatchPredicate ().negate ().and (dummyPred ).or (dummyPred ).test (tainted ); // $ hasPolyRedos
25- Predicate .not (dummyPred .and (dummyPred .or (Pattern .compile (reg ).asPredicate ()))).test (tainted ); // $ hasPolyRedos
26-
27- Splitter .on (Pattern .compile (reg )).split (tainted ); // $ hasPolyRedos
28- Splitter .on (reg ).split (tainted );
29- Splitter .onPattern (reg ).split (tainted ); // $ hasPolyRedos
30- Splitter .onPattern (reg ).splitToList (tainted ); // $ hasPolyRedos
31- Splitter .onPattern (reg ).limit (7 ).omitEmptyStrings ().trimResults ().split (tainted ); // $ hasPolyRedos
32- Splitter .onPattern (reg ).withKeyValueSeparator (" => " ).split (tainted ); // $ hasPolyRedos
11+
12+ tainted .matches (reg ); // $ Alert[java/polynomial-redos]
13+ tainted .split (reg ); // $ Alert[java/polynomial-redos]
14+ tainted .split (reg , 7 ); // $ Alert[java/polynomial-redos]
15+ tainted .replaceAll (reg , "a" ); // $ Alert[java/polynomial-redos]
16+ tainted .replaceFirst (reg , "a" ); // $ Alert[java/polynomial-redos]
17+ Pattern .matches (reg , tainted ); // $ Alert[java/polynomial-redos]
18+ Pattern .compile (reg ).matcher (tainted ).matches (); // $ Alert[java/polynomial-redos]
19+ Pattern .compile (reg ).split (tainted ); // $ Alert[java/polynomial-redos]
20+ Pattern .compile (reg , Pattern .DOTALL ).split (tainted ); // $ Alert[java/polynomial-redos]
21+ Pattern .compile (reg ).split (tainted , 7 ); // $ Alert[java/polynomial-redos]
22+ Pattern .compile (reg ).splitAsStream (tainted ); // $ Alert[java/polynomial-redos]
23+ Pattern .compile (reg ).asPredicate ().test (tainted ); // $ Alert[java/polynomial-redos]
24+ Pattern .compile (reg ).asMatchPredicate ().negate ().and (dummyPred ).or (dummyPred ).test (tainted ); // $ Alert[java/polynomial-redos]
25+ Predicate .not (dummyPred .and (dummyPred .or (Pattern .compile (reg ).asPredicate ()))).test (tainted ); // $ Alert[java/polynomial-redos]
26+
27+ Splitter .on (Pattern .compile (reg )).split (tainted ); // $ Alert[java/polynomial-redos]
28+ Splitter .on (reg ).split (tainted );
29+ Splitter .onPattern (reg ).split (tainted ); // $ Alert[java/polynomial-redos]
30+ Splitter .onPattern (reg ).splitToList (tainted ); // $ Alert[java/polynomial-redos]
31+ Splitter .onPattern (reg ).limit (7 ).omitEmptyStrings ().trimResults ().split (tainted ); // $ Alert[java/polynomial-redos]
32+ Splitter .onPattern (reg ).withKeyValueSeparator (" => " ).split (tainted ); // $ Alert[java/polynomial-redos]
3333 Splitter .on (";" ).withKeyValueSeparator (reg ).split (tainted );
34- Splitter .on (";" ).withKeyValueSeparator (Splitter .onPattern (reg )).split (tainted ); // $ hasPolyRedos
34+ Splitter .on (";" ).withKeyValueSeparator (Splitter .onPattern (reg )).split (tainted ); // $ Alert[java/polynomial-redos]
3535
3636 }
3737
3838 void test2 (HttpServletRequest request ) {
39- String tainted = request .getParameter ("inp" );
39+ String tainted = request .getParameter ("inp" ); // $ Source[java/polynomial-redos]
4040
4141 Pattern p1 = Pattern .compile (".*a" );
4242 Pattern p2 = Pattern .compile (".*b" );
4343
44- p1 .matcher (tainted ).matches ();
45- p2 .matcher (tainted ).find (); // $ hasPolyRedos
44+ p1 .matcher (tainted ).matches ();
45+ p2 .matcher (tainted ).find (); // $ Alert[java/polynomial-redos]
4646 }
4747
4848 void test3 (HttpServletRequest request ) {
49- String tainted = request .getParameter ("inp" );
49+ String tainted = request .getParameter ("inp" ); // $ Source[java/polynomial-redos]
5050
5151 Pattern p1 = Pattern .compile ("ab*b*" );
5252 Pattern p2 = Pattern .compile ("cd*d*" );
5353
54- p1 .matcher (tainted ).matches (); // $ hasPolyRedos
55- p2 .matcher (tainted ).find ();
54+ p1 .matcher (tainted ).matches (); // $ Alert[java/polynomial-redos]
55+ p2 .matcher (tainted ).find ();
5656 }
5757
5858 void test4 (HttpServletRequest request ) {
59- String tainted = request .getParameter ("inp" );
59+ String tainted = request .getParameter ("inp" ); // $ Source[java/polynomial-redos]
6060
6161 tainted .matches (".*a" );
62- tainted .replaceAll (".*b" , "c" ); // $ hasPolyRedos
62+ tainted .replaceAll (".*b" , "c" ); // $ Alert[java/polynomial-redos]
6363 }
6464
6565 static Pattern p3 = Pattern .compile (".*a" );
6666 static Pattern p4 = Pattern .compile (".*b" );
67-
67+
6868
6969 void test5 (HttpServletRequest request ) {
70- String tainted = request .getParameter ("inp" );
70+ String tainted = request .getParameter ("inp" ); // $ Source[java/polynomial-redos]
7171
72- p3 .asMatchPredicate ().test (tainted );
73- p4 .asPredicate ().test (tainted ); // $ hasPolyRedos
72+ p3 .asMatchPredicate ().test (tainted );
73+ p4 .asPredicate ().test (tainted ); // $ Alert[java/polynomial-redos]
7474 }
7575
7676 void test6 (HttpServletRequest request ) {
7777 Pattern p = Pattern .compile ("^a*a*$" );
7878
79- p .matcher (request .getParameter ("inp" )).matches (); // $ hasPolyRedos
79+ p .matcher (request .getParameter ("inp" )).matches (); // $ Alert[java/polynomial-redos]
8080 p .matcher (request .getHeader ("If-None-Match" )).matches ();
8181 p .matcher (request .getRequestURI ()).matches ();
8282 p .matcher (request .getCookies ()[0 ].getName ()).matches ();
8383 }
84- }
84+ }
0 commit comments