JS: Fix parsing of non-BMP chars before a quantifier

asger-semmle · asger-semmle · commit 37aa85fe8123 · 2019-11-15T09:27:21.000Z
diff --git a/javascript/extractor/src/com/semmle/js/parser/RegExpParser.java b/javascript/extractor/src/com/semmle/js/parser/RegExpParser.java
@@ -326,10 +326,21 @@ private RegExpTerm parseAtom() {
       this.error(Error.UNEXPECTED_CHARACTER, endPos);
       endPos = startPos + 1; // To ensure progress, make sure we parse at least one character.
     }
+    // Check if the end of the constant belongs under an upcoming quantifier.
     if (endPos != startPos + 1
         && endPos < src.length()
         && "*+?{".indexOf(src.charAt(endPos)) != -1) {
-      endPos--; // Last constant belongs under an upcoming quantifier.
+      if (Character.isLowSurrogate(src.charAt(endPos - 1))
+          && Character.isHighSurrogate(src.charAt(endPos - 2))) {
+        // Don't split the surrogate pair.
+        if (endPos == startPos + 2) {
+          // The whole constant is a single wide character.
+        } else {
+          endPos -= 2; // Last 2 characters belong to an upcoming quantifier.
+        }
+      } else {
+        endPos--; // Last character belongs to an upcoming quantifier.
+      }
     }
     String str = src.substring(startPos, endPos);
     this.pos = endPos;
diff --git a/javascript/ql/test/library-tests/RegExp/MissingUnicodeFlag/MissingUnicodeFlag.expected b/javascript/ql/test/library-tests/RegExp/MissingUnicodeFlag/MissingUnicodeFlag.expected
@@ -1 +1,2 @@
-| tst.js:1:1:1:9 | /[\\u12340\\udf40-\\u12345\\udf45]/ | Character class with supplementary characters in non-unicode literal. |
+| tst.js:1:1:1:9 | /[\\u12340\\udf40-\\u12345\\udf45]/ | Split supplementary character in non-unicode literal. |
+| tst.js:3:1:3:5 | /\\u12340\\udf40+/ | Split supplementary character in non-unicode literal. |
diff --git a/javascript/ql/test/library-tests/RegExp/MissingUnicodeFlag/MissingUnicodeFlag.ql b/javascript/ql/test/library-tests/RegExp/MissingUnicodeFlag/MissingUnicodeFlag.ql
@@ -8,5 +8,7 @@ where wideConstant.getLiteral() = literal and
     wideConstant.getParent() instanceof RegExpCharacterClass
     or
     wideConstant.getParent() instanceof RegExpCharacterRange
+    or
+    wideConstant.getParent() instanceof RegExpQuantifier
   )
-select literal, "Character class with supplementary characters in non-unicode literal."
+select literal, "Split supplementary character in non-unicode literal."
diff --git a/javascript/ql/test/library-tests/RegExp/MissingUnicodeFlag/tst.js b/javascript/ql/test/library-tests/RegExp/MissingUnicodeFlag/tst.js
@@ -1,2 +1,5 @@
 /[𒍀-𒍅]/; // NOT OK
 /[𒍀-𒍅]/u; // OK
+/𒍀+/; // NOT OK
+/𒍀+/u; // OK
+/(𒍀)+/; // OK

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		`-\| tst.js:1:1:1:9 \| /[\\u12340\\udf40-\\u12345\\udf45]/ \| Character class with supplementary characters in non-unicode literal. \|`
	`1`	`+\| tst.js:1:1:1:9 \| /[\\u12340\\udf40-\\u12345\\udf45]/ \| Split supplementary character in non-unicode literal. \|`
	`2`	`+\| tst.js:3:1:3:5 \| /\\u12340\\udf40+/ \| Split supplementary character in non-unicode literal. \|`
Original file line number	Diff line number	Diff line change
`@@ -8,5 +8,7 @@ where wideConstant.getLiteral() = literal and`
`8`	`8`	`wideConstant.getParent() instanceof RegExpCharacterClass`
`9`	`9`	`or`
`10`	`10`	`wideConstant.getParent() instanceof RegExpCharacterRange`
	`11`	`+ or`
	`12`	`+ wideConstant.getParent() instanceof RegExpQuantifier`
`11`	`13`	`)`
`12`		`-select literal, "Character class with supplementary characters in non-unicode literal."`
	`14`	`+select literal, "Split supplementary character in non-unicode literal."`