hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

42 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
2163648b39 fix location off-by-ones with regexp parsing 2021-11-15 13:43:39 +01:00
Erik Krogh Kristensen
12305aae42 extract regexp literals from string concatenations 2021-10-28 10:44:33 +02:00
Erik Krogh Kristensen
805d1d170c do not filter away regular expressions with lookbehinds 2021-09-22 17:14:29 +02:00
Erik Krogh Kristensen
f5a1a12435 support case insensitive regexps in the ReDoS queries 2021-08-30 09:59:33 +02:00
Erik Krogh Kristensen
6da1007f67 mark new redos tests correctly 2021-07-16 13:37:47 +02:00
Erik Krogh Kristensen
b2b736db10 add more tests for non-empty positive lookaheads 2021-07-16 13:25:37 +02:00
Erik Krogh Kristensen
80d784e37a add a step over empty lookaheads/lookbehinds 2021-07-14 23:40:04 +02:00
Erik Krogh Kristensen
bff59a1aaa fix parse error in regular expressions 2021-03-08 12:04:11 +01:00
Asger Feldthaus
12079cd1e4 JS: Recognize RegExps in JSON schemas 2021-03-02 12:39:04 +00:00
Erik Krogh Kristensen
3d98732136 support nested stars in js/ReDoS 2021-01-06 10:37:35 +01:00
Erik Krogh Kristensen
77967c3e63 undo unsound optimization in js/ReDoS 2021-01-06 10:36:21 +01:00
Erik Krogh Kristensen
b42aac17d5 add more tests for js/ReDoS 2021-01-06 10:34:06 +01:00
Erik Krogh Kristensen
7ce91e9146 introduce cannonical representatives of RegExpTerms to decrease the number of InputSymbols in the NFA 2020-12-18 17:21:11 +01:00
Erik Krogh Kristensen
b2116dc5b4 add more tests for polynomial/exponential redos 2020-12-18 13:19:17 +01:00
Erik Krogh Kristensen
cc98c41dd6 revert marking repetitions with possibly empty body as forks 2020-12-03 20:08:07 +01:00
Erik Krogh Kristensen
33b2701551 refine isFork to remove false positive when a state has epsilon transition to itself 2020-11-29 21:42:50 +01:00
Erik Krogh Kristensen
729073fb43 detect ReDoS when the choices are "match some string" or "match Epsilon" 2020-11-27 20:15:23 +01:00
Erik Krogh Kristensen
e177d46c0a add two test cases that demonstrate the limits of the suffix construction 2020-11-27 13:45:34 +01:00
Erik Krogh Kristensen
9468a6e8dc update expected output 2020-11-26 12:32:55 +01:00
Erik Krogh Kristensen
b418cb5fe0 add test case where the successor of the repeating term matches epsilon 2020-11-25 13:59:10 +01:00
Erik Krogh Kristensen
a8944c8953 model accept states more accurately by adding an AcceptAny state, modelling $, and checking the existence of rejecting suffixes 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
d9ebb7b20e escape tabs 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
bcb2f2768d search for a prefix to the state that causes exponential backtracking 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
c4153a617e remove duplicated test cases from ReDoS, and adjust variables names to match test output 2020-11-18 14:49:09 +01:00
Erik Krogh Kristensen
55f2f86a26 limit the search of state-pairs to the ones that are reachable within the given length 2020-11-18 09:23:35 +01:00
Erik Krogh Kristensen
17a687b344 testing many possible intersections, instead of a single intersection 2020-11-08 23:24:36 +01:00
Erik Krogh Kristensen
34fd0d89f5 finding the minimum that is not an FP - instead of finding the minimum and then checking if it was an FP. And detecting more FPs by finding when a witness pass through the accept state 2020-11-08 23:24:27 +01:00
Erik Krogh Kristensen
ac514b1739 remove false positives where the analysis would wrongly conclude that the accept state could not be reached 2020-11-08 23:24:03 +01:00
Erik Krogh Kristensen
a5e75f53ff add support for escape char classes inside char classes 2020-11-08 23:22:49 +01:00
Erik Krogh Kristensen
0063cb140c add support for \W, \S, \D 2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen
2dd8b6ffef support \f and \v in the \s class 2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen
68fe03060d support \d \s and \w in ReDoS.ql 2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen
a09ffd5cda expand getAOverlapBetweenCharacterClasses to support overlap between more char classes 2020-11-08 23:16:37 +01:00
Erik Krogh Kristensen
82252c0f1c detect redos between charclass and inverted charclass 2020-11-08 23:16:34 +01:00
Erik Krogh Kristensen
16473fc2a4 matching a inverted char class with a char 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
804aaf36f0 support inverted char class and dot 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
64d680e2d3 support that an inverted char class can intersect with itself 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
321cf09bd8 add redos support for the simplest possible inverted char class 2020-11-06 10:18:57 +01:00
Esben Sparre Andreasen
1b73cee692 JS: add js/exploitable-polynomial-redos 2020-02-27 08:42:43 +01:00
Asger F
e0bdc777b9 JS: Make ReDoS check string-based regexes 2019-11-15 09:27:19 +00:00
Asger F
97e5da1046 JS: Update ReDoS query 2019-11-15 09:27:19 +00:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00