Java: condense '.' matching

Jami Cogswell · Jami Cogswell · commit b9f642f4aa11 · 2025-03-17T15:20:14.000-04:00
diff --git a/java/ql/lib/semmle/code/java/security/PathSanitizer.qll b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll
@@ -428,7 +428,7 @@ private predicate replacesDirectoryCharactersWithSingleReplaceAll(
     targetValue.matches("[%\\\\\\\\%]")
     or
     targetValue.matches("%|%") and
-    targetValue.matches("%" + ["\\.\\.", "[.][.]", "\\."] + "%") and
+    targetValue.matches("%" + ["[.]", "\\."] + "%") and
     targetValue.matches("%/%") and
     targetValue.matches("%\\\\\\\\%")
   )

Original file line number	Diff line number	Diff line change
`@@ -428,7 +428,7 @@ private predicate replacesDirectoryCharactersWithSingleReplaceAll(`
`428`	`428`	`targetValue.matches("[%\\\\\\\\%]")`
`429`	`429`	`or`
`430`	`430`	`targetValue.matches("%\|%") and`
`431`		`- targetValue.matches("%" + ["\\.\\.", "[.][.]", "\\."] + "%") and`
	`431`	`+ targetValue.matches("%" + ["[.]", "\\."] + "%") and`
`432`	`432`	`targetValue.matches("%/%") and`
`433`	`433`	`targetValue.matches("%\\\\\\\\%")`
`434`	`434`	`)`