skip analyzing regular expressions in minified files for ReDoS

erik-krogh · erik-krogh · commit 62746bbbaca2 · 2021-01-21T22:31:42.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/security/performance/ReDoSUtil.qll b/javascript/ql/src/semmle/javascript/security/performance/ReDoSUtil.qll
@@ -112,7 +112,9 @@ class RegExpRoot extends RegExpTerm {
     // there are no lookbehinds
     not exists(RegExpLookbehind lbh | getRoot(lbh) = this) and
     // is actually used as a RegExp
-    isUsedAsRegExp()
+    isUsedAsRegExp() and
+    // is not inside a minified file.
+    not getRootTerm().getParent().(Expr).getTopLevel().isMinified()
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,9 @@ class RegExpRoot extends RegExpTerm {`
`112`	`112`	`// there are no lookbehinds`
`113`	`113`	`not exists(RegExpLookbehind lbh \| getRoot(lbh) = this) and`
`114`	`114`	`// is actually used as a RegExp`
`115`		`- isUsedAsRegExp()`
	`115`	`+ isUsedAsRegExp() and`
	`116`	`+ // is not inside a minified file.`
	`117`	`+ not getRootTerm().getParent().(Expr).getTopLevel().isMinified()`
`116`	`118`	`}`
`117`	`119`	`}`
`118`	`120`