Ian Lynagh
40b1825ef1
Update javascript/ql/lib/change-notes/released/0.2.4.md
...
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com >
2022-08-25 14:24:20 +01:00
github-actions[bot]
0f63bc077f
Release preparation for version 2.10.4
2022-08-25 12:52:26 +00:00
Erik Krogh Kristensen
ba1ad00d2a
Merge pull request #10062 from erik-krogh/redosPrefix
...
JS: use the shared regular expression libraries in `js/case-sensitive-middleware-path`
2022-08-25 12:57:16 +02:00
Ian Lynagh
501a9b3c6b
Make *.qll non-executable
2022-08-24 16:36:15 +01:00
Erik Krogh Kristensen
28d58be1b6
Merge pull request #10126 from erik-krogh/myApply
...
JS: precise flow through calls to `.apply()`
2022-08-24 12:55:36 +02:00
erik-krogh
5e3cb08ed2
rename stateInPumpableRegexp to stateInRelevantRegexp
2022-08-23 12:40:45 +02:00
erik-krogh
82d9180892
only have one deprecated alias for XmlDtd
2022-08-23 10:38:23 +02:00
erik-krogh
a57981ea69
apply suggestions from review
2022-08-23 10:18:14 +02:00
erik-krogh
78ba7650b3
change the change-notes
2022-08-23 07:28:46 +02:00
erik-krogh
28083ebe09
run the implicit-this patch
2022-08-22 21:23:31 +02:00
erik-krogh
a593a52b5e
add missing qldoc (that was already missing?)
2022-08-22 21:22:39 +02:00
erik-krogh
e89e0eb7fb
make some acronyms camelCase
2022-08-22 21:22:35 +02:00
erik-krogh
9c95dcc126
add change-note
2022-08-22 14:09:19 +02:00
erik-krogh
2ac5441aec
rename the XMLDTD class to XmlDTD
2022-08-22 14:09:19 +02:00
erik-krogh
1a89ddae5d
update some comments from XML to Xml
2022-08-22 14:09:19 +02:00
erik-krogh
ce9f69a639
rename all occurrences of XML to Xml
2022-08-22 14:08:31 +02:00
Rasmus Wriedt Larsen
61bf2154cd
Merge branch 'main' into shared-http-client-request
2022-08-22 12:05:37 +02:00
erik-krogh
2fd09d34de
improve performance of global dataflow by inlining a step predicate
2022-08-22 08:35:19 +02:00
erik-krogh
2f11f3760e
simplify getALibraryInputParameter by adding more general dataflow for the arguments object
2022-08-22 08:32:43 +02:00
Erik Krogh Kristensen
31c09ba678
implement flow for .apply() by adding a ReflectiveParametersNode data-flow node
2022-08-22 08:29:28 +02:00
Erik Krogh Kristensen
d86b7f6c54
recognize an access to the arguments object as library-input
2022-08-22 08:29:24 +02:00
Erik Krogh Kristensen
7b1ef7473e
change ArrayCreationStep to a PreCallGraphStep and unrestrict the storeStep
2022-08-22 08:15:54 +02:00
erik-krogh
049af68bc2
restrict suffix-construction to relevant regexps
2022-08-21 20:35:39 +02:00
erik-krogh
bcf4c57060
Merge branch 'main' into redosPrefix
2022-08-19 19:22:49 +02:00
erik-krogh
d052b1e3c9
also support regular expressions without repetitions
2022-08-19 19:21:44 +02:00
Tom Hvitved
663096fe3a
Remove redundant overrides
2022-08-19 13:57:41 +02:00
Rasmus Wriedt Larsen
e6b4d12f94
Sync ConceptsShared
2022-08-18 13:42:52 +02:00
Asger F
349331d6ca
Merge pull request #10082 from asgerf/js/exports-handling2
...
JS: Handle nested conditions in "exports" section
2022-08-18 11:10:59 +02:00
erik-krogh
473bc92e2d
move the PrefixConstruction module out of the ReDoSPruning module
2022-08-18 10:07:48 +02:00
Harry Maclean
70ec70940a
Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization
2022-08-18 10:02:39 +12:00
Erik Krogh Kristensen
e93ff8672c
Merge pull request #10075 from erik-krogh/depOld
...
delete old deprecations
2022-08-17 21:21:57 +02:00
erik-krogh
6b9f01535b
change All to Most in the change-notes
2022-08-17 15:34:57 +02:00
Erik Krogh Kristensen
bd4947fdbd
Merge pull request #10046 from erik-krogh/protoFunc
...
JS: generalize `BarrierGuardFunction`to work on function that have multiple parameters
2022-08-17 14:50:54 +02:00
erik-krogh
2622c78766
add change-notes
2022-08-17 13:55:16 +02:00
erik-krogh
b2e3d8bb86
remove some more legacy code that existed to support deprecated code
2022-08-17 13:32:39 +02:00
Harry Maclean
1f4dad4167
Update for rename of ReDoSUtil to NfaUtils
2022-08-17 16:03:49 +12:00
Harry Maclean
f1a546c4d6
Rename IncompleteMultiCharacterSanitization[Query]
2022-08-17 16:03:49 +12:00
Harry Maclean
e48158b9ad
JS: Share more code with Ruby
2022-08-17 16:03:49 +12:00
Harry Maclean
b7d9bf4066
Share IncompleteMultiCharacterSanitization JS/Ruby
...
Most of the classes and predicates in this query can be shared between
the two languages. There's just a few language-specific things that we
place in IncompleteMultiCharacterSanitizationSpecific.
2022-08-17 16:03:46 +12:00
erik-krogh
478e0bf5a3
delete old code that only existed to support a deleted deprecated feature
2022-08-16 23:35:48 +02:00
erik-krogh
5586c9a17e
delete old deprecations
2022-08-16 22:27:15 +02:00
Erik Krogh Kristensen
fd5b8896df
Merge pull request #10063 from erik-krogh/fixRbDep
...
re-deprecate ReDoSUtil in ruby
2022-08-16 13:27:52 +02:00
Alex Ford
d02ad51d74
Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3
...
Post-release preparation for codeql-cli-2.10.3
2022-08-16 12:04:07 +01:00
Asger F
449e697761
JS: Handle nested conditions in "exports" section
2022-08-16 11:45:48 +02:00
erik-krogh
8e6a36256c
import the non-deprecated NfaUtils in the overly-large-range query
2022-08-16 11:21:43 +02:00
Erik Krogh Kristensen
f106e064fa
Merge pull request #9422 from erik-krogh/refacReDoS
...
Refactorizations of the ReDoS libraries
2022-08-16 09:32:08 +02:00
erik-krogh
14cfe2e250
improve the join-order of BarrierGuardFunction::isBarrierCall
2022-08-16 09:28:48 +02:00
erik-krogh
3355a7a046
generalize BarrierGuardFunctionto work on function that have multiple parameters
2022-08-16 09:13:15 +02:00
Asger F
eaf3aa7075
Merge pull request #10036 from asgerf/js/exports-handling
...
JS: More precise handling of "exports"
2022-08-15 15:32:00 +02:00
Erik Krogh Kristensen
0adb588fe8
Merge pull request #9712 from erik-krogh/badRange
...
JS/RB/PY/Java: add suspicious range query
2022-08-15 13:55:44 +02:00
