forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathUnboundBackref.ql
More file actions
26 lines (24 loc) · 774 Bytes
/
UnboundBackref.ql
File metadata and controls
26 lines (24 loc) · 774 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
/**
* @name Unbound back reference
* @description Regular expression escape sequences of the form '\n', where 'n' is a positive number
* greater than the number of capture groups in the regular expression, are not allowed
* by the ECMAScript standard.
* @kind problem
* @problem.severity warning
* @id js/regex/unbound-back-reference
* @tags reliability
* correctness
* regular-expressions
* @precision very-high
*/
import javascript
from RegExpBackRef rebr, string ref
where
rebr.isPartOfRegExpLiteral() and
not exists(rebr.getGroup()) and
(
ref = rebr.getNumber().toString()
or
ref = "named '" + rebr.getName() + "'"
)
select rebr, "There is no capture group " + ref + " in this regular expression."