lib/contrast/agent/assess/rule/redos.rb in contrast-agent-3.10.2 vs lib/contrast/agent/assess/rule/redos.rb in contrast-agent-3.11.0
- old
+ new
@@ -15,11 +15,11 @@
NAME = 'redos'
def name
NAME
end
- def regexp_complexity_check context, trigger_node, source, object, ret, invoked, *args
+ def regexp_complexity_check context, trigger_node, source, object, ret, *args
# we can arrive here either from:
# regexp =~ string
# string =~ regexp
# regexp.match string
#
@@ -29,12 +29,12 @@
# (1) regexp must be exploitable
return unless regexp_vulnerable?(regexp)
# (2) regexp must evaluate against user input
- if trigger_node.violated?(string) # rubocop:disable Style/GuardClause
- Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(context, trigger_node, source, object, ret, invoked + 1, args)
- end
+ return unless trigger_node.violated?(string)
+
+ Contrast::Agent::Assess::Policy::TriggerMethod.build_finding(context, trigger_node, source, object, ret, args)
end
protected
VULNERABLE_PATTERN = /[\[(].*?[\[(].*?[\])][*+?].*?[\])][*+?]/.cs__freeze