codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	77967c3e63	undo unsound optimization in js/ReDoS	2021-01-06 10:36:21 +01:00
Erik Krogh Kristensen	b42aac17d5	add more tests for js/ReDoS	2021-01-06 10:34:06 +01:00
Erik Krogh Kristensen	ce8cc2368b	improve precision of intersect	2021-01-04 11:55:51 +01:00
Erik Krogh Kristensen	cbad705029	general performance improvements in the ReDoS utility library	2020-12-21 11:49:21 +01:00
Erik Krogh Kristensen	05569187b4	improve performance of suffix checking	2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen	6369374224	implement new algorithm for detecting superlinear backtracking in regular expressions	2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen	7ce91e9146	introduce cannonical representatives of RegExpTerms to decrease the number of InputSymbols in the NFA	2020-12-18 17:21:11 +01:00
Erik Krogh Kristensen	b2116dc5b4	add more tests for polynomial/exponential redos	2020-12-18 13:19:17 +01:00
Erik Krogh Kristensen	cc98c41dd6	revert marking repetitions with possibly empty body as forks	2020-12-03 20:08:07 +01:00
Erik Krogh Kristensen	33b2701551	refine isFork to remove false positive when a state has epsilon transition to itself	2020-11-29 21:42:50 +01:00
Erik Krogh Kristensen	d7b22e3b1b	update expected output for PolynomialBackTracking	2020-11-27 20:15:27 +01:00
Erik Krogh Kristensen	729073fb43	detect ReDoS when the choices are "match some string" or "match Epsilon"	2020-11-27 20:15:23 +01:00
Erik Krogh Kristensen	e177d46c0a	add two test cases that demonstrate the limits of the suffix construction	2020-11-27 13:45:34 +01:00
Erik Krogh Kristensen	9468a6e8dc	update expected output	2020-11-26 12:32:55 +01:00
Erik Krogh Kristensen	1b3c3ef4cb	adjust comments in ReDoS test case	2020-11-26 10:31:44 +01:00
Erik Krogh Kristensen	b418cb5fe0	add test case where the successor of the repeating term matches epsilon	2020-11-25 13:59:10 +01:00
Erik Krogh Kristensen	c5f5206174	update expected output	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	a8944c8953	model accept states more accurately by adding an AcceptAny state, modelling `$`, and checking the existence of rejecting suffixes	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	d9ebb7b20e	escape tabs	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	bcb2f2768d	search for a prefix to the state that causes exponential backtracking	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	c4153a617e	remove duplicated test cases from ReDoS, and adjust variables names to match test output	2020-11-18 14:49:09 +01:00
Erik Krogh Kristensen	8270bf5bb9	make the character search skip unencodable characters	2020-11-18 11:55:49 +01:00
Erik Krogh Kristensen	55f2f86a26	limit the search of state-pairs to the ones that are reachable within the given length	2020-11-18 09:23:35 +01:00
Erik Krogh Kristensen	c4d7533701	Merge branch 'main' into moreReDoS	2020-11-17 17:34:49 +01:00
Erik Krogh Kristensen	97acf1fd87	fix FP related to inverted character classes choosing a char that was not matched by the char class	2020-11-17 17:34:43 +01:00
Erik Krogh Kristensen	e01d4b104e	update expected output	2020-11-10 23:42:38 +01:00
Erik Krogh Kristensen	3ef5d89e39	update expected output	2020-11-08 23:27:38 +01:00
Erik Krogh Kristensen	17a687b344	testing many possible intersections, instead of a single intersection	2020-11-08 23:24:36 +01:00
Erik Krogh Kristensen	34fd0d89f5	finding the minimum that is not an FP - instead of finding the minimum and then checking if it was an FP. And detecting more FPs by finding when a witness pass through the accept state	2020-11-08 23:24:27 +01:00
Erik Krogh Kristensen	ac514b1739	remove false positives where the analysis would wrongly conclude that the accept state could not be reached	2020-11-08 23:24:03 +01:00
Erik Krogh Kristensen	a5e75f53ff	add support for escape char classes inside char classes	2020-11-08 23:22:49 +01:00
Erik Krogh Kristensen	0063cb140c	add support for \W, \S, \D	2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen	2dd8b6ffef	support \f and \v in the \s class	2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen	68fe03060d	support \d \s and \w in ReDoS.ql	2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen	fa54ad1a5e	refactor character class implementation in ReDoS.ql - preparing support for RegExpCharacterClassEscape	2020-11-08 23:16:55 +01:00
Erik Krogh Kristensen	a09ffd5cda	expand `getAOverlapBetweenCharacterClasses` to support overlap between more char classes	2020-11-08 23:16:37 +01:00
Erik Krogh Kristensen	82252c0f1c	detect redos between charclass and inverted charclass	2020-11-08 23:16:34 +01:00
Erik Krogh Kristensen	16473fc2a4	matching a inverted char class with a char	2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen	804aaf36f0	support inverted char class and dot	2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen	64d680e2d3	support that an inverted char class can intersect with itself	2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen	321cf09bd8	add redos support for the simplest possible inverted char class	2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen	e16fa0668a	update expected output	2020-11-04 18:24:31 +01:00
Erik Krogh Kristensen	b02004430c	prune results that end with newline, where the input cannot contain newlines	2020-11-03 14:48:39 +01:00
Erik Krogh Kristensen	ebc4856456	detect more expensive regexps in js/polynomial-redos	2020-10-30 09:52:13 +01:00
Erik Krogh Kristensen	b09015380a	add support for String.prototype.replaceAll	2020-09-21 10:50:04 +02:00
Esben Sparre Andreasen	1b73cee692	JS: add js/exploitable-polynomial-redos	2020-02-27 08:42:43 +01:00
Asger F	e0bdc777b9	JS: Make ReDoS check string-based regexes	2019-11-15 09:27:19 +00:00
Asger F	97e5da1046	JS: Update ReDoS query	2019-11-15 09:27:19 +00:00
Max Schaefer	3e92d0ffb5	JavaScript: Remove redundant `--experimental` extractor options.	2019-11-05 15:59:24 +00:00
Pavel Avgustinov	b55526aa58	QL code and tests for C#/C++/JavaScript.	2018-08-02 17:53:23 +01:00

1 2

100 Commits