Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix code scanning alert no. 2796: Inefficient regular expression #117

Closed
wants to merge 4 commits into from
Closed

Fix code scanning alert no. 2796: Inefficient regular expression #117

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2da2065
Fix code scanning alert no. 2796: Inefficient regular expression
cooljeanius Sep 28, 2024
6b4a905
Fix code scanning alert no. 2804: Inefficient regular expression
cooljeanius Sep 28, 2024
1a60197
Fix code scanning alert no. 2805: Inefficient regular expression
cooljeanius Sep 29, 2024
f2bf20d
Fix code scanning alert no. 2898: Inefficient regular expression
cooljeanius Sep 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ..._via_Chrome.webarchive/Technical Note TN2124 Mac OS X Debugging Magic_files/prototype.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4037,7 +4037,7 @@
},
split: function (b) {
var a = [];
b.scan(/(([\w#:.~>+()\s-]+|\*|\[.*?\])+)\s*(,|$)/, function (c) {
b.scan(/(([\w#:.~>+()]+|[\t\n\r\f\v-]*?|\*|\[[^\]]*?\])+)\s*(,|$)/, function (c) {

Check failure

Code scanning / CodeQL

Inefficient regular expression High documentation

This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '#'.

Copilot Autofix AI 5 months ago

To fix the problem, we need to modify the regular expression to remove the ambiguity that causes exponential backtracking. Specifically, we can replace the ambiguous character class [\w#:.~>+()]+ with a more precise expression that avoids nested quantifiers.

The best way to fix this is to ensure that the sub-expressions within the regular expression are not ambiguous and do not lead to excessive backtracking. We can achieve this by breaking down the character class into more specific parts and ensuring that each part is matched deterministically.

Suggested changeset 1
src/contrib/doc/Apple/TN2124_MacOSX_Debugging_Magic_via_Chrome.webarchive/Technical Note TN2124 Mac OS X Debugging Magic_files/prototype.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/contrib/doc/Apple/TN2124_MacOSX_Debugging_Magic_via_Chrome.webarchive/Technical Note TN2124  Mac OS X Debugging Magic_files/prototype.js b/src/contrib/doc/Apple/TN2124_MacOSX_Debugging_Magic_via_Chrome.webarchive/Technical Note TN2124  Mac OS X Debugging Magic_files/prototype.js
--- a/src/contrib/doc/Apple/TN2124_MacOSX_Debugging_Magic_via_Chrome.webarchive/Technical Note TN2124  Mac OS X Debugging Magic_files/prototype.js
+++ b/src/contrib/doc/Apple/TN2124_MacOSX_Debugging_Magic_via_Chrome.webarchive/Technical Note TN2124  Mac OS X Debugging Magic_files/prototype.js
@@ -4039,3 +4039,3 @@
     var a = [];
-    b.scan(/(([\w#:.~>+()]+|[\t\n\r\f\v-]*?|\*|\[[^\]]*?\])+)\s*(,|$)/, function (c) {
+    b.scan(/(([\w#:.~>+()]+|[\t\n\r\f\v-]+|\*|\[[^\]]*\])+)\s*(,|$)/, function (c) {
       a.push(c[1].strip());
EOF
@@ -4039,3 +4039,3 @@
var a = [];
b.scan(/(([\w#:.~>+()]+|[\t\n\r\f\v-]*?|\*|\[[^\]]*?\])+)\s*(,|$)/, function (c) {
b.scan(/(([\w#:.~>+()]+|[\t\n\r\f\v-]+|\*|\[[^\]]*\])+)\s*(,|$)/, function (c) {
a.push(c[1].strip());
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options

Check failure

Code scanning / CodeQL

Inefficient regular expression High documentation

This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\t'.

Copilot Autofix AI 5 months ago

To fix the problem, we need to modify the regular expression to remove the ambiguity that causes exponential backtracking. The sub-expression [\t\n\r\f\v-]*? can be rewritten to avoid ambiguity. One way to achieve this is by using a non-greedy match for the specific characters and ensuring that the pattern does not allow for multiple ways to match the same string.

Suggested changeset 1
src/contrib/doc/Apple/TN2124_MacOSX_Debugging_Magic_via_Chrome.webarchive/Technical Note TN2124 Mac OS X Debugging Magic_files/prototype.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/contrib/doc/Apple/TN2124_MacOSX_Debugging_Magic_via_Chrome.webarchive/Technical Note TN2124  Mac OS X Debugging Magic_files/prototype.js b/src/contrib/doc/Apple/TN2124_MacOSX_Debugging_Magic_via_Chrome.webarchive/Technical Note TN2124  Mac OS X Debugging Magic_files/prototype.js
--- a/src/contrib/doc/Apple/TN2124_MacOSX_Debugging_Magic_via_Chrome.webarchive/Technical Note TN2124  Mac OS X Debugging Magic_files/prototype.js
+++ b/src/contrib/doc/Apple/TN2124_MacOSX_Debugging_Magic_via_Chrome.webarchive/Technical Note TN2124  Mac OS X Debugging Magic_files/prototype.js
@@ -4039,3 +4039,3 @@
     var a = [];
-    b.scan(/(([\w#:.~>+()]+|[\t\n\r\f\v-]*?|\*|\[[^\]]*?\])+)\s*(,|$)/, function (c) {
+    b.scan(/(([\w#:.~>+()]+|[\t\n\r\f\v-]+|\*|\[[^\]]*?\])+)\s*(,|$)/, function (c) {
       a.push(c[1].strip());
EOF
@@ -4039,3 +4039,3 @@
var a = [];
b.scan(/(([\w#:.~>+()]+|[\t\n\r\f\v-]*?|\*|\[[^\]]*?\])+)\s*(,|$)/, function (c) {
b.scan(/(([\w#:.~>+()]+|[\t\n\r\f\v-]+|\*|\[[^\]]*?\])+)\s*(,|$)/, function (c) {
a.push(c[1].strip());
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
a.push(c[1].strip());
});
return a;
Expand Down
Loading