JS: Check for [^.]

asger-semmle · asger-semmle · commit 4d1f7836f227 · 2019-11-15T09:27:21.000Z
diff --git a/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll b/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll
@@ -18,6 +18,7 @@ predicate isDotConstant(RegExpTerm term) {
   or
   exists(RegExpCharacterClass cls |
     term = cls and
+    not cls.isInverted() and
     cls.getNumChild() = 1 and
     cls.getAChild().(RegExpConstant).getValue() = "."
   )

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ predicate isDotConstant(RegExpTerm term) {`
`18`	`18`	`or`
`19`	`19`	`exists(RegExpCharacterClass cls \|`
`20`	`20`	`term = cls and`
	`21`	`+ not cls.isInverted() and`
`21`	`22`	`cls.getNumChild() = 1 and`
`22`	`23`	`cls.getAChild().(RegExpConstant).getValue() = "."`
`23`	`24`	`)`