hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

2325 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
fd0d5c9e46 add command parsing model for "commander" 2020-11-27 09:58:00 +00:00
Erik Krogh Kristensen
653ebf7668 add command parsing model for "dashdash" 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
269de49196 add model for "meow" 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
c5ac98d2e8 add command parsing model for command-line-args 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
f33cd8bc8e add command parsing model for argparse 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
45067ee651 add command parsing model for "arg" 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
821b4be522 more accurately model command parsers that take process.argv as an argument 2020-11-27 09:56:50 +00:00
Erik Krogh Kristensen
9468a6e8dc update expected output 2020-11-26 12:32:55 +01:00
Erik Krogh Kristensen
1b3c3ef4cb adjust comments in ReDoS test case 2020-11-26 10:31:44 +01:00
Erik Krogh Kristensen
b418cb5fe0 add test case where the successor of the repeating term matches epsilon 2020-11-25 13:59:10 +01:00
Erik Krogh Kristensen
c5f5206174 update expected output 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
a8944c8953 model accept states more accurately by adding an AcceptAny state, modelling $, and checking the existence of rejecting suffixes 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
d9ebb7b20e escape tabs 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
bcb2f2768d search for a prefix to the state that causes exponential backtracking 2020-11-25 13:57:20 +01:00
CodeQL CI
395403789e Merge pull request #4585 from erik-krogh/moreReDoS 
Approved by asgerf
 2020-11-24 18:52:36 +00:00
CodeQL CI
4be158b362 Merge pull request #4708 from erik-krogh/emptyName 
Approved by asgerf
 2020-11-24 17:34:55 +00:00
Erik Krogh Kristensen
33dab1717e treat nodes with type "Location" as a location source - but not if we can track it from an original node with type "Location" 2020-11-23 17:03:50 +01:00
Erik Krogh Kristensen
f7f9beeefd avoid reporting empty names in js/exposure-of-private-files 2020-11-23 14:24:42 +01:00
Erik Krogh Kristensen
02d5fbf46b remove superfluous space 2020-11-23 14:22:16 +01:00
Asger Feldthaus
f737f34dcd JS: Add UntrustedDataToExternalApi query 2020-11-19 13:42:25 +00:00
Erik Krogh Kristensen
c4153a617e remove duplicated test cases from ReDoS, and adjust variables names to match test output 2020-11-18 14:49:09 +01:00
Erik Krogh Kristensen
8270bf5bb9 make the character search skip unencodable characters 2020-11-18 11:55:49 +01:00
Erik Krogh Kristensen
64828713d6 remove FPs in js/build-artifact-leak where the "leaked" properties are constrained to a safe subset 2020-11-18 10:35:02 +01:00
Erik Krogh Kristensen
55f2f86a26 limit the search of state-pairs to the ones that are reachable within the given length 2020-11-18 09:23:35 +01:00
Erik Krogh Kristensen
c4d7533701 Merge branch 'main' into moreReDoS 2020-11-17 17:34:49 +01:00
Erik Krogh Kristensen
97acf1fd87 fix FP related to inverted character classes choosing a char that was not matched by the char class 2020-11-17 17:34:43 +01:00
CodeQL CI
09cfb24afa Merge pull request #4648 from erik-krogh/regexpParse 
Approved by asgerf
 2020-11-16 08:20:40 +00:00
Erik Krogh Kristensen
7f68b07665 Merge branch 'main' into regexpParse 2020-11-13 09:33:16 +01:00
Erik Krogh Kristensen
49be7e959f Merge branch 'main' into jwt 2020-11-12 21:36:09 +01:00
Erik Krogh Kristensen
99d03bab24 only flag the secret key in JWT 2020-11-12 21:36:05 +01:00
Erik Krogh Kristensen
e01d4b104e update expected output 2020-11-10 23:42:38 +01:00
Erik Krogh Kristensen
5ecae55e77 add keys used by jsonwebtoken as CredentialsExpr 2020-11-10 10:41:39 +01:00
Erik Krogh Kristensen
e75259d3a6 model the verify function in jsonwebtoken 2020-11-10 10:41:39 +01:00
Erik Krogh Kristensen
6732493377 add model for jwt-decode 2020-11-10 10:41:36 +01:00
Erik Krogh Kristensen
3ef5d89e39 update expected output 2020-11-08 23:27:38 +01:00
Erik Krogh Kristensen
17a687b344 testing many possible intersections, instead of a single intersection 2020-11-08 23:24:36 +01:00
Erik Krogh Kristensen
34fd0d89f5 finding the minimum that is not an FP - instead of finding the minimum and then checking if it was an FP. And detecting more FPs by finding when a witness pass through the accept state 2020-11-08 23:24:27 +01:00
Erik Krogh Kristensen
ac514b1739 remove false positives where the analysis would wrongly conclude that the accept state could not be reached 2020-11-08 23:24:03 +01:00
Erik Krogh Kristensen
a5e75f53ff add support for escape char classes inside char classes 2020-11-08 23:22:49 +01:00
Erik Krogh Kristensen
0063cb140c add support for \W, \S, \D 2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen
2dd8b6ffef support \f and \v in the \s class 2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen
68fe03060d support \d \s and \w in ReDoS.ql 2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen
fa54ad1a5e refactor character class implementation in ReDoS.ql - preparing support for RegExpCharacterClassEscape 2020-11-08 23:16:55 +01:00
Erik Krogh Kristensen
a09ffd5cda expand getAOverlapBetweenCharacterClasses to support overlap between more char classes 2020-11-08 23:16:37 +01:00
Erik Krogh Kristensen
82252c0f1c detect redos between charclass and inverted charclass 2020-11-08 23:16:34 +01:00
Erik Krogh Kristensen
16473fc2a4 matching a inverted char class with a char 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
804aaf36f0 support inverted char class and dot 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
64d680e2d3 support that an inverted char class can intersect with itself 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
321cf09bd8 add redos support for the simplest possible inverted char class 2020-11-06 10:18:57 +01:00
Asger Feldthaus
24714c41be JS: Update test output after rebase 2020-11-06 09:14:03 +00:00