hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-05-25 17:45:13 +02:00
parent 2e4c2df67e
commit 3bea7df45d
22 changed files with 120 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.code.java.security.regexp.ExponentialBackTracking` instead. */
deprecated import semmle.code.java.security.regexp.ExponentialBackTracking as Dep
import Dep

4
java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.code.java.security.regexp.PolynomialReDoSQuery` instead. */
deprecated import semmle.code.java.security.regexp.PolynomialReDoSQuery as Dep
import Dep

4
java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.code.java.security.regexp.NfaUtils` instead. */
deprecated import semmle.code.java.security.regexp.NfaUtils as Dep
import Dep

4
java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.code.java.security.regexp.SuperlinearBackTracking` instead. */
deprecated import semmle.code.java.security.regexp.SuperlinearBackTracking as Dep
import Dep

4
javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.javascript.security.regexp.ExponentialBackTracking` instead. */
deprecated import semmle.javascript.security.regexp.ExponentialBackTracking as Dep
import Dep

7
javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoS.qll Normal file
View File

@@ -0,0 +1,7 @@
/** DEPRECATED. Import `PolynomialReDoSQuery` instead. */
import javascript
private import semmle.javascript.security.regexp.PolynomialReDoSQuery as PolynomialReDoSQuery // ignore-query-import
/** DEPRECATED. Import `PolynomialReDoSQuery` instead. */
deprecated module PolynomialReDoS = PolynomialReDoSQuery;

4
javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.javascript.security.regexp.PolynomialReDoSCustomizations` instead. */
deprecated import semmle.javascript.security.regexp.PolynomialReDoSCustomizations as Dep
import Dep

4
javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.javascript.security.regexp.NfaUtils` instead. */
deprecated import semmle.javascript.security.regexp.NfaUtils as Dep
import Dep

4
javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.javascript.security.regexp.SuperlinearBackTracking` instead. */
deprecated import semmle.javascript.security.regexp.SuperlinearBackTracking as Dep
import Dep

42
javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoS.qll
View File

@@ -1,42 +0,0 @@
/**
* Provides a taint tracking configuration for reasoning about
* polynomial regular expression denial-of-service attacks.
*
* Note, for performance reasons: only import this file if
* `PolynomialReDoS::Configuration` is needed, otherwise
* `PolynomialReDoSCustomizations` should be imported instead.
*/
import javascript
module PolynomialReDoS {
import PolynomialReDoSCustomizations::PolynomialReDoS
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "PolynomialReDoS" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) {
super.isSanitizerGuard(node) or
node instanceof LengthGuard
}
override predicate isSanitizer(DataFlow::Node node) {
super.isSanitizer(node) or
node instanceof Sanitizer
}
override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) {
super.hasFlowPath(source, sink) and
// require that there is a path without unmatched return steps
DataFlow::hasPathWithoutUnmatchedReturn(source, sink)
}
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
DataFlow::localFieldStep(pred, succ)
}
}
}

40
javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll Normal file
View File

@@ -0,0 +1,40 @@
/**
* Provides a taint tracking configuration for reasoning about
* polynomial regular expression denial-of-service attacks.
*
* Note, for performance reasons: only import this file if
* `PolynomialReDoS::Configuration` is needed, otherwise
* `PolynomialReDoSCustomizations` should be imported instead.
*/
import javascript
import PolynomialReDoSCustomizations::PolynomialReDoS
/** A taint-tracking configuration for reasoning about polynomial regular expression denial-of-service attacks. */
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "PolynomialReDoS" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) {
super.isSanitizerGuard(node) or
node instanceof LengthGuard
}
override predicate isSanitizer(DataFlow::Node node) {
super.isSanitizer(node) or
node instanceof Sanitizer
}
override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) {
super.hasFlowPath(source, sink) and
// require that there is a path without unmatched return steps
DataFlow::hasPathWithoutUnmatchedReturn(source, sink)
}
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
DataFlow::localFieldStep(pred, succ)
}
}

2
javascript/ql/src/Performance/PolynomialReDoS.ql
View File

@@ -14,7 +14,7 @@
*/ */
import javascript import javascript
import semmle.javascript.security.regexp.PolynomialReDoS::PolynomialReDoS import semmle.javascript.security.regexp.PolynomialReDoSQuery
import semmle.javascript.security.regexp.SuperlinearBackTracking import semmle.javascript.security.regexp.SuperlinearBackTracking
import DataFlow::PathGraph import DataFlow::PathGraph

4
python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.python.security.regexp.ExponentialBackTracking` instead. */
deprecated import semmle.python.security.regexp.ExponentialBackTracking as Dep
import Dep

4
python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.python.security.regexp.NfaUtils` instead. */
deprecated import semmle.python.security.regexp.NfaUtils as Dep
import Dep

4
python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `semmle.python.security.regexp.SuperlinearBackTracking` instead. */
deprecated import semmle.python.security.regexp.SuperlinearBackTracking as Dep
import Dep

4
ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `codeql.ruby.security.regexp.ExponentialBackTracking` instead. */
deprecated import codeql.ruby.security.regexp.ExponentialBackTracking as Dep
import Dep

4
ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSCustomizations.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `codeql.ruby.security.regexp.PolynomialReDoSCustomizations` instead. */
deprecated import codeql.ruby.security.regexp.PolynomialReDoSCustomizations as Dep
import Dep

4
ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSQuery.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `codeql.ruby.security.regexp.PolynomialReDoSQuery` instead. */
deprecated import codeql.ruby.security.regexp.PolynomialReDoSQuery as Dep
import Dep

4
ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `codeql.ruby.security.regexp.NfaUtils` instead. */
deprecated import codeql.ruby.security.regexp.NfaUtils as Dep
import Dep

4
ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `codeql.ruby.security.regexp.RegExpInjectionCustomizations` instead. */
deprecated import codeql.ruby.security.regexp.RegExpInjectionCustomizations as Dep
import Dep

4
ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionQuery.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `codeql.ruby.security.regexp.RegExpInjectionQuery` instead. */
deprecated import codeql.ruby.security.regexp.RegExpInjectionQuery as Dep
import Dep

4
ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll Normal file
View File

@@ -0,0 +1,4 @@
/** DEPRECATED. Import `codeql.ruby.security.regexp.SuperlinearBackTracking` instead. */
deprecated import codeql.ruby.security.regexp.SuperlinearBackTracking as Dep
import Dep