hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

3028 Commits

Author SHA1 Message Date
Joe Farebrother
eec57d4f25 Simplify dataflow logic by using only one configuration, and expessing more sinks with models-as-data 2022-05-04 15:41:41 +01:00
Joe Farebrother
2a80540157 Sync shared files 2022-05-04 15:41:40 +01:00
Joe Farebrother
e5ca924240 Allow quantifiers invoving {}; add comments 2022-05-04 15:41:40 +01:00
Chris Smowton
bc17d4b91f Break the recursion between seqChild, RegExpTerm and TRegExpSequence 2022-05-04 15:41:40 +01:00
Chris Smowton
0d13864bc8 Restrict polynomial ReDoS' strings-parsed-as-regexes search to those that could possibly be interesting 
In practice for polynomial ReDoS this means those regexes containing at least one potentially-infinite quantifier (* or +).
 2022-05-04 15:41:39 +01:00
Joe Farebrother
0f606d987d Remove redundant super call. 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-05-04 15:41:39 +01:00
Joe Farebrother
522a8aff6f Fix filename case 2022-05-04 15:41:39 +01:00
Joe Farebrother
3d65a9cafc Update shared files 2022-05-04 15:41:39 +01:00
Joe Farebrother
375ded4ede Move check to exlude test cases so that it also covers exponential redos 2022-05-04 15:41:39 +01:00
Joe Farebrother
1605d36ddf Refine polynomial redos sources to exclude length limited methods 2022-05-04 15:41:39 +01:00
Joe Farebrother
04edc10f1e Exclude regexes from test code 2022-05-04 15:41:38 +01:00
Joe Farebrother
6794268a3c Split PolynomialRedos definition into a library to avoid duplication in the tests 2022-05-04 15:41:38 +01:00
Joe Farebrother
5555985ad6 Distingush between whether or not a regex is matched against a full string 
Also some fixes and additional tests
 2022-05-04 15:41:38 +01:00
Joe Farebrother
bb562643c6 Support possessive quantifiers, which cannot backtrack. 
They are approximated by limiting them to up to one repetition (effectively making *+ like ? and ++ like a no-op).
 2022-05-04 15:41:37 +01:00
Joe Farebrother
49374b877a Fix parsing of alternations in character classes 2022-05-04 15:41:37 +01:00
Joe Farebrother
5ba6bafbef Use occursInRegex more ccnsistently throughout 2022-05-04 15:41:37 +01:00
Chris Smowton
f5809a7440 ReDoS performance fixes 2022-05-04 15:41:37 +01:00
Joe Farebrother
3ce0c2c23b Add more regex use functions in String 2022-05-04 15:41:36 +01:00
Joe Farebrother
c312b4b6b0 Add missing qldoc 2022-05-04 15:41:36 +01:00
Joe Farebrother
57ba8a4d1b Improve handling of hex escapes; and support some named character classes 2022-05-04 15:41:36 +01:00
Joe Farebrother
5143585080 Fix to PolynomialRedos not finding results and to test cases not finding that 2022-05-04 15:41:36 +01:00
Joe Farebrother
91887ab229 Sync shared files 2022-05-04 15:41:36 +01:00
Joe Farebrother
e23162d91b Add test cases for PolynomialRedos dataflow logic; make fixes 2022-05-04 15:41:35 +01:00
Joe Farebrother
457cf41825 Support more escaped characters 2022-05-04 15:41:35 +01:00
Joe Farebrother
9f4da65030 Improve calculation of locations of regex terms 2022-05-04 15:41:35 +01:00
Joe Farebrother
dd200e29d4 Improve char set depth calculation 2022-05-04 15:41:35 +01:00
Joe Farebrother
e797d2195c Topologically sort RegexString 2022-05-04 15:41:34 +01:00
Joe Farebrother
bc109521aa Simplify octal handling 2022-05-04 15:41:34 +01:00
Joe Farebrother
9e88c67c19 Add more test cases; make some fixes 2022-05-04 15:41:34 +01:00
Joe Farebrother
aa1337db86 Apply style suggestions from code review 2022-05-04 15:41:34 +01:00
Joe Farebrother
e954db293a Convert snake case predicates to camel case 2022-05-04 15:41:34 +01:00
Joe Farebrother
5b61de67de Implement style/doc suggestions from code review 2022-05-04 15:41:33 +01:00
Joe Farebrother
28649da187 Add parser tests; fix some parser issues. 
[temporarily renamed existing regex/Test.java during rebasing to avoid conflict]
 2022-05-04 15:41:33 +01:00
Joe Farebrother
8e1918216e Add PrintAst support for regex terms 2022-05-04 15:41:33 +01:00
Joe Farebrother
ca422a2186 Use explicit this 2022-05-04 15:41:33 +01:00
Joe Farebrother
f9f7a01f57 Add Java ReDoS libraries to identical-files.json 2022-05-04 15:41:33 +01:00
Joe Farebrother
11e465f2ac Implement remaining syntax differences 2022-05-04 15:41:33 +01:00
Joe Farebrother
7530902ad7 Add approximate support for nested character classes. 
This shouldn't fail to parse on any correctly formed character class; but may give incorrect contents when nested classes are involved.
 2022-05-04 15:41:33 +01:00
Joe Farebrother
d04c99b0be Support quote sequences 2022-05-04 15:41:32 +01:00
Joe Farebrother
59945cd8b3 Add dataflow logic to PolynomialRedDoS 2022-05-04 15:41:30 +01:00
Joe Farebrother
a8f7a4459e Port redos libraries from Python 2022-05-04 15:40:56 +01:00
Tom Hvitved
8e33653d25 Merge pull request #9017 from hvitved/dataflow/subpaths-perf 
Data flow: Speedup `subpaths` predicate
 2022-05-04 16:37:52 +02:00
Tom Hvitved
9cb63c0a5e Data flow: Sync files 2022-05-04 14:49:26 +02:00
Tony Torralba
2d3b15f936 Add more taint models 2022-05-04 12:32:59 +02:00
Tony Torralba
8601137602 Fix bad join order by moving WebViewRef::getAnAccess from callsites into predicates 2022-05-04 11:58:47 +02:00
Tony Torralba
3b1210eacb Update java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-05-04 10:53:31 +02:00
Tony Torralba
49259a6575 Remove everything related to WebView CSV models 
This reverts commit c6c72eb.
 2022-05-04 10:53:31 +02:00
Tony Torralba
dce11f3984 Removed unnecessary imports 2022-05-04 10:53:30 +02:00
Tony Torralba
f5e72e6e33 Remove getUnderlyingExpr 2022-05-04 10:53:30 +02:00
Tony Torralba
7ba5a032ce Add tests and stubs for the new sources and flow steps 2022-05-04 10:53:30 +02:00