hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

100 Commits

Author SHA1 Message Date
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
10a7294327 JS: Accept trivial test changes 
This adds Alert annotations for alerts that seem intentional by the test
but has not been annotated with 'NOT OK', or the comment was in the wrong
place.

In a few cases I included 'Source' expectations to make it easier to see
what happened. Other 'Source' expectations will be added in bulk a later
commit.
 2025-02-28 13:27:43 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
d0ce53ed82 JS: Enable post-processing for all .qlref files 2025-02-28 13:27:33 +01:00
Asger F
426edd55f2 JS: Update output after line number change 
Some OK-style comments had to be moved to the following line, shifting line numbers.

In selected range also included the comments themselves.

Lastly, the result sets were reordered by the CLI in some cases.
 2025-02-28 13:27:31 +01:00
Asger F
9be041e27d JS: Update OK-style comments to $-style 2025-02-28 13:27:28 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Erik Krogh Kristensen
da4da229b1 move tests to new test location 2022-08-09 16:25:00 +02:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen
2e4c2df67e move the JS ReDoS test to a more appropriate folder 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
cb0a6936ad add support for the "exports" property in a package.json 2022-06-14 13:31:47 +02:00
Erik Krogh Kristensen
0d8bef7e92 Merge pull request #6736 from erik-krogh/polyReplace 
JS: track flow through string replace calls that just replace single chars for js/polynomial-redos
 2022-05-04 16:30:20 +02:00
Erik Krogh Kristensen
ad3399733b recognize more module exports from the factory pattern 2022-02-23 21:29:45 +01:00
Erik Krogh Kristensen
d55920ad27 add model for the snapdragon library 2022-02-10 11:32:59 +01:00
Erik Krogh Kristensen
1a8b6d7414 recognize ranges without upper bounds 2022-01-07 18:38:01 +01:00
Erik Krogh Kristensen
acaf294bee support a limited number of regexp ranges 2022-01-07 18:36:30 +01:00
Erik Krogh Kristensen
6327fced6f remove paths without unmatched returns from polynomial-redos 2021-12-02 10:03:28 +01:00
Erik Krogh Kristensen
474c808373 Merge pull request #7137 from erik-krogh/functionExport 
JS: recognize library inputs when the library exports "through" a function
 2021-11-17 09:49:02 +01:00
Erik Krogh Kristensen
b9ea4a8709 recognize library inputs when the library exports "through" a function 2021-11-15 22:43:38 +01:00
Erik Krogh Kristensen
2163648b39 fix location off-by-ones with regexp parsing 2021-11-15 13:43:39 +01:00
Erik Krogh Kristensen
12305aae42 extract regexp literals from string concatenations 2021-10-28 10:44:33 +02:00
Erik Krogh Kristensen
a082ed917c track flow through string replace calls that just replace single chars 2021-09-22 19:43:48 +02:00
Erik Krogh Kristensen
805d1d170c do not filter away regular expressions with lookbehinds 2021-09-22 17:14:29 +02:00
Erik Krogh Kristensen
05cc6bcf8a adjust regexp libraries to how unpaired surrogate are parsed now 2021-09-13 14:02:05 +01:00
Chris Smowton
f24d7c4212 Acknowledge new FPs due to the extractor using U+FFFD for unpaired surrogates 
These were already misinterpreted, but the ReDoS code ignored them as they previously appeared to be `?` characters.
 2021-09-13 14:02:05 +01:00
CodeQL CI
b4963c7538 Merge pull request #6558 from erik-krogh/redosCasing 
Approved by esbena, yoff
 2021-09-02 12:20:08 +01:00
Erik Krogh Kristensen
486b283c20 support the "module" field in package.json files 2021-08-30 11:05:32 +02:00
Erik Krogh Kristensen
f5a1a12435 support case insensitive regexps in the ReDoS queries 2021-08-30 09:59:33 +02:00
Erik Krogh Kristensen
5d232bbfce recognize more src folders when "main" in package.json points to a compiled output 2021-08-23 08:09:01 +02:00
Erik Krogh Kristensen
6da1007f67 mark new redos tests correctly 2021-07-16 13:37:47 +02:00
Erik Krogh Kristensen
b2b736db10 add more tests for non-empty positive lookaheads 2021-07-16 13:25:37 +02:00
Erik Krogh Kristensen
80d784e37a add a step over empty lookaheads/lookbehinds 2021-07-14 23:40:04 +02:00
Erik Krogh Kristensen
e333267e69 require that the factory function is in a main module file 2021-05-05 12:00:38 +02:00
Erik Krogh Kristensen
aaf754ebf5 recognize more library input 2021-05-04 10:06:14 +02:00
Erik Krogh Kristensen
bff59a1aaa fix parse error in regular expressions 2021-03-08 12:04:11 +01:00
Asger Feldthaus
fd9604c5ef JS: Update expected output for poly ReDoS 2021-03-02 12:39:05 +00:00
Asger Feldthaus
12079cd1e4 JS: Recognize RegExps in JSON schemas 2021-03-02 12:39:04 +00:00
Erik Krogh Kristensen
d14586de56 add two non ReDoS regular expressions to the ReDoS test suite 
Adds the regular expression from #5145
 2021-02-11 14:41:45 +01:00
Erik Krogh Kristensen
a44aefa6c9 add test for top-level closure modules - and simplify 2021-01-20 19:47:32 +01:00
Erik Krogh Kristensen
fbfbe70deb add support for unnamed/default exports in PackageExports.qll 2021-01-19 22:40:45 +01:00
Erik Krogh Kristensen
01900d7ca2 remove false positive due to "\n" not being in the relevant relation 2021-01-18 14:47:29 +01:00
Erik Krogh Kristensen
1506ac09e5 limit the number of characters produced by getAThreewayIntersect 2021-01-15 13:54:16 +01:00
Erik Krogh Kristensen
c5595f4cbd improve alert message for js/polynomial-redos 2021-01-14 13:48:26 +01:00
Erik Krogh Kristensen
86e33d9d79 select the shortest possible reason 2021-01-14 13:38:37 +01:00
Erik Krogh Kristensen
a520a51d42 highlight the use of the regular expression, instead of the sink for user input 2021-01-14 11:22:20 +01:00
Erik Krogh Kristensen
d71adff079 dont sanitize global replacements where the regexp is a char class 2021-01-13 10:12:12 +01:00
Erik Krogh Kristensen
eaee5c2d87 add library input as source for js/polynomial-redos 2021-01-12 20:21:33 +01:00
Erik Krogh Kristensen
3d98732136 support nested stars in js/ReDoS 2021-01-06 10:37:35 +01:00