From 32119926ffd37e0da72e4b4deba354f7fea16846 Mon Sep 17 00:00:00 2001
From: Asger F <asgerf@github.com>
Date: Fri, 7 Feb 2025 11:04:15 +0100
Subject: [PATCH] JS: Restrict AP limit for regexp injection

---
 .../javascript/security/dataflow/RegExpInjectionQuery.qll       | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll
index 606b0df62517..17b67cbd98f4 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll
@@ -21,6 +21,8 @@ module RegExpInjectionConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 
   predicate observeDiffInformedIncrementalMode() { any() }
+
+  int accessPathLimit() { result = 1 }
 }
 
 /**