80 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	474c808373	Merge pull request #7137 from erik-krogh/functionExport ... JS: recognize library inputs when the library exports "through" a function	2021-11-17 09:49:02 +01:00
Erik Krogh Kristensen	b9ea4a8709	recognize library inputs when the library exports "through" a function	2021-11-15 22:43:38 +01:00
Erik Krogh Kristensen	2163648b39	fix location off-by-ones with regexp parsing	2021-11-15 13:43:39 +01:00
Erik Krogh Kristensen	12305aae42	extract regexp literals from string concatenations	2021-10-28 10:44:33 +02:00
Erik Krogh Kristensen	805d1d170c	do not filter away regular expressions with lookbehinds	2021-09-22 17:14:29 +02:00
Erik Krogh Kristensen	05cc6bcf8a	adjust regexp libraries to how unpaired surrogate are parsed now	2021-09-13 14:02:05 +01:00
Chris Smowton	f24d7c4212	Acknowledge new FPs due to the extractor using U+FFFD for unpaired surrogates ... These were already misinterpreted, but the ReDoS code ignored them as they previously appeared to be `?` characters.	2021-09-13 14:02:05 +01:00
CodeQL CI	b4963c7538	Merge pull request #6558 from erik-krogh/redosCasing ... Approved by esbena, yoff	2021-09-02 12:20:08 +01:00
Erik Krogh Kristensen	486b283c20	support the "module" field in package.json files	2021-08-30 11:05:32 +02:00
Erik Krogh Kristensen	f5a1a12435	support case insensitive regexps in the ReDoS queries	2021-08-30 09:59:33 +02:00
Erik Krogh Kristensen	5d232bbfce	recognize more src folders when "main" in package.json points to a compiled output	2021-08-23 08:09:01 +02:00
Erik Krogh Kristensen	6da1007f67	mark new redos tests correctly	2021-07-16 13:37:47 +02:00
Erik Krogh Kristensen	b2b736db10	add more tests for non-empty positive lookaheads	2021-07-16 13:25:37 +02:00
Erik Krogh Kristensen	80d784e37a	add a step over empty lookaheads/lookbehinds	2021-07-14 23:40:04 +02:00
Erik Krogh Kristensen	e333267e69	require that the factory function is in a main module file	2021-05-05 12:00:38 +02:00
Erik Krogh Kristensen	aaf754ebf5	recognize more library input	2021-05-04 10:06:14 +02:00
Erik Krogh Kristensen	bff59a1aaa	fix parse error in regular expressions	2021-03-08 12:04:11 +01:00
Asger Feldthaus	fd9604c5ef	JS: Update expected output for poly ReDoS	2021-03-02 12:39:05 +00:00
Asger Feldthaus	12079cd1e4	JS: Recognize RegExps in JSON schemas	2021-03-02 12:39:04 +00:00
Erik Krogh Kristensen	d14586de56	add two non ReDoS regular expressions to the ReDoS test suite ... Adds the regular expression from #5145	2021-02-11 14:41:45 +01:00
Erik Krogh Kristensen	a44aefa6c9	add test for top-level closure modules - and simplify	2021-01-20 19:47:32 +01:00
Erik Krogh Kristensen	fbfbe70deb	add support for unnamed/default exports in PackageExports.qll	2021-01-19 22:40:45 +01:00
Erik Krogh Kristensen	01900d7ca2	remove false positive due to "\n" not being in the relevant relation	2021-01-18 14:47:29 +01:00
Erik Krogh Kristensen	1506ac09e5	limit the number of characters produced by getAThreewayIntersect	2021-01-15 13:54:16 +01:00
Erik Krogh Kristensen	c5595f4cbd	improve alert message for js/polynomial-redos	2021-01-14 13:48:26 +01:00
Erik Krogh Kristensen	86e33d9d79	select the shortest possible reason	2021-01-14 13:38:37 +01:00
Erik Krogh Kristensen	a520a51d42	highlight the use of the regular expression, instead of the sink for user input	2021-01-14 11:22:20 +01:00
Erik Krogh Kristensen	d71adff079	dont sanitize global replacements where the regexp is a char class	2021-01-13 10:12:12 +01:00
Erik Krogh Kristensen	eaee5c2d87	add library input as source for js/polynomial-redos	2021-01-12 20:21:33 +01:00
Erik Krogh Kristensen	3d98732136	support nested stars in js/ReDoS	2021-01-06 10:37:35 +01:00
Erik Krogh Kristensen	77967c3e63	undo unsound optimization in js/ReDoS	2021-01-06 10:36:21 +01:00
Erik Krogh Kristensen	b42aac17d5	add more tests for js/ReDoS	2021-01-06 10:34:06 +01:00
Erik Krogh Kristensen	ce8cc2368b	improve precision of intersect	2021-01-04 11:55:51 +01:00
Erik Krogh Kristensen	cbad705029	general performance improvements in the ReDoS utility library	2020-12-21 11:49:21 +01:00
Erik Krogh Kristensen	05569187b4	improve performance of suffix checking	2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen	6369374224	implement new algorithm for detecting superlinear backtracking in regular expressions	2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen	7ce91e9146	introduce cannonical representatives of RegExpTerms to decrease the number of InputSymbols in the NFA	2020-12-18 17:21:11 +01:00
Erik Krogh Kristensen	b2116dc5b4	add more tests for polynomial/exponential redos	2020-12-18 13:19:17 +01:00
Erik Krogh Kristensen	cc98c41dd6	revert marking repetitions with possibly empty body as forks	2020-12-03 20:08:07 +01:00
Erik Krogh Kristensen	33b2701551	refine isFork to remove false positive when a state has epsilon transition to itself	2020-11-29 21:42:50 +01:00
Erik Krogh Kristensen	d7b22e3b1b	update expected output for PolynomialBackTracking	2020-11-27 20:15:27 +01:00
Erik Krogh Kristensen	729073fb43	detect ReDoS when the choices are "match some string" or "match Epsilon"	2020-11-27 20:15:23 +01:00
Erik Krogh Kristensen	e177d46c0a	add two test cases that demonstrate the limits of the suffix construction	2020-11-27 13:45:34 +01:00
Erik Krogh Kristensen	9468a6e8dc	update expected output	2020-11-26 12:32:55 +01:00
Erik Krogh Kristensen	1b3c3ef4cb	adjust comments in ReDoS test case	2020-11-26 10:31:44 +01:00
Erik Krogh Kristensen	b418cb5fe0	add test case where the successor of the repeating term matches epsilon	2020-11-25 13:59:10 +01:00
Erik Krogh Kristensen	c5f5206174	update expected output	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	a8944c8953	model accept states more accurately by adding an AcceptAny state, modelling $, and checking the existence of rejecting suffixes	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	d9ebb7b20e	escape tabs	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	bcb2f2768d	search for a prefix to the state that causes exponential backtracking	2020-11-25 13:57:20 +01:00