Merge pull request #5000 from erik-krogh/redosOnlyNonMin

codeql-ci · web-flow · commit 0e059cea56c5 · 2021-01-21T15:29:03.000-08:00
Approved by esbena
diff --git a/javascript/ql/src/semmle/javascript/security/performance/ReDoSUtil.qll b/javascript/ql/src/semmle/javascript/security/performance/ReDoSUtil.qll
@@ -112,7 +112,9 @@ class RegExpRoot extends RegExpTerm {
     // there are no lookbehinds
     not exists(RegExpLookbehind lbh | getRoot(lbh) = this) and
     // is actually used as a RegExp
-    isUsedAsRegExp()
+    isUsedAsRegExp() and
+    // pragmatic performance optimization: ignore minified files.
+    not getRootTerm().getParent().(Expr).getTopLevel().isMinified()
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,9 @@ class RegExpRoot extends RegExpTerm {`
`112`	`112`	`// there are no lookbehinds`
`113`	`113`	`not exists(RegExpLookbehind lbh \| getRoot(lbh) = this) and`
`114`	`114`	`// is actually used as a RegExp`
`115`		`- isUsedAsRegExp()`
	`115`	`+ isUsedAsRegExp() and`
	`116`	`+ // pragmatic performance optimization: ignore minified files.`
	`117`	`+ not getRootTerm().getParent().(Expr).getTopLevel().isMinified()`
`116`	`118`	`}`
`117`	`119`	`}`
`118`	`120`