hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

1639 Commits

Author SHA1 Message Date
CodeQL CI
fc2fe6cccb Merge pull request #4928 from esbena/js/rewrite-multi-sanitization 
Approved by asgerf
 2021-01-18 05:11:42 -08:00
Asger Feldthaus
3db6069372 JS: Add test for new sink 2021-01-18 10:55:34 +00:00
Asger Feldthaus
2752b4ba64 JS: Shift line numbers in test 2021-01-18 10:54:39 +00:00
Erik Krogh Kristensen
1506ac09e5 limit the number of characters produced by getAThreewayIntersect 2021-01-15 13:54:16 +01:00
Erik Krogh Kristensen
c5595f4cbd improve alert message for js/polynomial-redos 2021-01-14 13:48:26 +01:00
Erik Krogh Kristensen
86e33d9d79 select the shortest possible reason 2021-01-14 13:38:37 +01:00
Erik Krogh Kristensen
a520a51d42 highlight the use of the regular expression, instead of the sink for user input 2021-01-14 11:22:20 +01:00
CodeQL CI
4229f556cb Merge pull request #4751 from erik-krogh/logInjection 
Approved by asgerf, mchammer01
 2021-01-14 00:32:46 -08:00
Esben Sparre Andreasen
1bc7d68a50 Update javascript/ql/test/query-tests/Security/CWE-730/server-crash.js 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-01-13 14:49:42 +01:00
Erik Krogh Kristensen
d71adff079 dont sanitize global replacements where the regexp is a char class 2021-01-13 10:12:12 +01:00
Esben Sparre Andreasen
d591c519a8 JS: reformulate js/server-crash as a path problem 2021-01-13 00:08:28 +01:00
Erik Krogh Kristensen
eaee5c2d87 add library input as source for js/polynomial-redos 2021-01-12 20:21:33 +01:00
CodeQL CI
1c8547c897 Merge pull request #4774 from erik-krogh/forms 
Approved by asgerf
 2021-01-12 02:01:38 -08:00
Esben Sparre Andreasen
847687974f JS: only select non-nullable terms in the broken sanitizer 2021-01-12 08:50:19 +01:00
Esben Sparre Andreasen
40cfbab335 JS: address review feedback 2021-01-12 08:49:08 +01:00
Esben Sparre Andreasen
2dbd762bd9 JS: reintroduce reverted js/server-crash 
This reverts commit 0a8d15ccc4.
 2021-01-11 14:13:41 +01:00
Esben Sparre Andreasen
580a24e982 JS: rewrite js/incomplete-multi-character-sanitization 2021-01-11 11:26:45 +01:00
CodeQL CI
807fc94627 Merge pull request #4921 from erik-krogh/moreShellSan 
Approved by esbena
 2021-01-08 00:58:26 -08:00
CodeQL CI
c193d9f375 Merge pull request #4823 from erik-krogh/furtherReDoS 
Approved by esbena
 2021-01-07 05:24:07 -08:00
Erik Krogh Kristensen
2aa59a3f8b support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input 2021-01-07 13:58:25 +01:00
Erik Krogh Kristensen
bfd8d1b1e9 Merge branch 'main' into revertSum 2021-01-06 23:04:08 +01:00
CodeQL CI
9d4cd0aa85 Merge pull request #4862 from erik-krogh/shellSanitizer 
Approved by esbena
 2021-01-06 11:16:12 -08:00
Erik Krogh Kristensen
f1cee70e82 add class-field flowstep to js/shell-command-constructed-from-input 2021-01-06 14:37:00 +01:00
Erik Krogh Kristensen
3d98732136 support nested stars in js/ReDoS 2021-01-06 10:37:35 +01:00
Erik Krogh Kristensen
77967c3e63 undo unsound optimization in js/ReDoS 2021-01-06 10:36:21 +01:00
Erik Krogh Kristensen
b42aac17d5 add more tests for js/ReDoS 2021-01-06 10:34:06 +01:00
CodeQL CI
a5e28ac6d6 Merge pull request #4847 from erik-krogh/afterReDoS 
Approved by esbena
 2021-01-05 01:51:27 -08:00
Erik Krogh Kristensen
ce8cc2368b improve precision of intersect 2021-01-04 11:55:51 +01:00
Erik Krogh Kristensen
530a4aea35 Merge branch 'main' into shellSanitizer 2020-12-22 13:57:15 +01:00
CodeQL CI
2bb96369f1 Merge pull request #4868 from erik-krogh/boundShell 
Approved by esbena
 2020-12-22 03:35:42 -08:00
CodeQL CI
7c6b4d7324 Merge pull request #4865 from esbena/js/fix-execa-model 
Approved by erik-krogh
 2020-12-22 03:32:26 -08:00
Erik Krogh Kristensen
da9a4e5267 add test 2020-12-22 11:22:25 +01:00
Esben Sparre Andreasen
34a09ff522 JS: add js/conditional-bypass example as a test case 2020-12-22 09:34:25 +01:00
Esben Sparre Andreasen
ab4f3ea259 JS: fixup for execa.shell and execa.shellSync models 2020-12-22 09:06:18 +01:00
Esben Sparre Andreasen
ba714a1214 JS: add execa.shell tests 2020-12-22 09:01:43 +01:00
Erik Krogh Kristensen
876ba7ef2d add typeof sanitizer to js/shell-command-constructed-from-input 2020-12-21 14:16:55 +01:00
Erik Krogh Kristensen
cbad705029 general performance improvements in the ReDoS utility library 2020-12-21 11:49:21 +01:00
Erik Krogh Kristensen
05569187b4 improve performance of suffix checking 2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen
6369374224 implement new algorithm for detecting superlinear backtracking in regular expressions 2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen
7ce91e9146 introduce cannonical representatives of RegExpTerms to decrease the number of InputSymbols in the NFA 2020-12-18 17:21:11 +01:00
Erik Krogh Kristensen
b2116dc5b4 add more tests for polynomial/exponential redos 2020-12-18 13:19:17 +01:00
CodeQL CI
41ef7a3fce Merge pull request #4733 from erik-krogh/args 
Approved by esbena
 2020-12-16 06:51:26 -08:00
CodeQL CI
287954e0d8 Merge pull request #4686 from erik-krogh/buildFp 
Approved by esbena
 2020-12-16 06:42:41 -08:00
CodeQL CI
66f4120cdd Merge pull request #4721 from github/nextReDoS 
Approved by asgerf
 2020-12-14 01:48:12 -08:00
CodeQL CI
9ff6d68a9b Merge pull request #4778 from asgerf/js/more-prototype-pollution 
Approved by erik-krogh, mchammer01
 2020-12-11 13:58:09 -08:00
CodeQL CI
8129d0c0ac Merge pull request #4762 from asgerf/js/template-sinks-in-code-injection 
Approved by erik-krogh, mchammer01
 2020-12-07 04:35:11 -08:00
Asger Feldthaus
254ac7f963 JS: Fix TypeofCheck 2020-12-07 10:46:00 +00:00
Asger Feldthaus
f132b4a279 JS: Add type confusion sink for prototype pollution checks 2020-12-07 10:16:38 +00:00
Asger Feldthaus
daab3c1437 JS: Add tests and fix some bugs 2020-12-07 10:16:38 +00:00
Asger Feldthaus
0a7513fdfb JS: Move and rename test cases as well 2020-12-07 10:16:38 +00:00