Java: temp test case fix

github · Feb 19, 2025 · ac328fd · ac328fd
1 parent 622d854
commit ac328fd
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/java/ql/lib/semmle/code/java/security/PathSanitizer.qll b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll
@@ -427,6 +427,7 @@ private class DirectoryCharactersGuard extends PathGuard {
       checkedExpr = mc.getQualifier() and
       this = mc
     |
+      // TODO: improve the below
       // Allow anything except `.`, '/', '\'
       (
         not target.getStringValue().matches("%[^%]%") and
@@ -439,8 +440,8 @@ private class DirectoryCharactersGuard extends PathGuard {
       // Disallow `.`, '/', '\'
       (
         not target.getStringValue().matches("%[^%" + ["\\.", "/", "\\\\"] + "%]%") and
-        // Assuming a regex containing line breaks is correctly matching line breaks in a string
-        target.getStringValue().matches("%" + ["\\.", "/", "\\\\"] + "%")
+        target.getStringValue().matches("%" + ["\\.", "/", "\\\\"] + "%") and
+        not isStringPartialMatch(mc) // ! temporary test case fix; remove
       ) and
       branch = false
     )