codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	8a3e87fe42	remove unnecessary one-step inline	2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen	36b9f0254e	performance improvements for suffix check in js/redos	2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen	e177d46c0a	add two test cases that demonstrate the limits of the suffix construction	2020-11-27 13:45:34 +01:00
Jonas Jensen	ad4b2beafa	Merge pull request #4727 from criemen/remove-abstract-classes C++/C#/JS/Python/Java XML.qll: Remove abstract from class hierarchy.	2020-11-27 08:17:21 +01:00
Erik Krogh Kristensen	f576144ec6	more pruning based on states being inside a repetition	2020-11-26 17:30:37 +01:00
Erik Krogh Kristensen	9468a6e8dc	update expected output	2020-11-26 12:32:55 +01:00
Erik Krogh Kristensen	1b3c3ef4cb	adjust comments in ReDoS test case	2020-11-26 10:31:44 +01:00
Cornelius Riemenschneider	3bfb398516	Autoformat XML.qll.	2020-11-25 18:20:50 +01:00
Cornelius Riemenschneider	7eec988fb5	XML.qll: Remove abstract from class hierarchy.	2020-11-25 17:22:03 +01:00
Erik Krogh Kristensen	11d878b413	adjust comments to reflect the precission of the suffix search	2020-11-25 14:40:33 +01:00
Erik Krogh Kristensen	b418cb5fe0	add test case where the successor of the repeating term matches epsilon	2020-11-25 13:59:10 +01:00
Erik Krogh Kristensen	500b94b50e	rename `witness` to `pump`	2020-11-25 13:57:21 +01:00
Erik Krogh Kristensen	c5f5206174	update expected output	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	e03c19b7fc	only search prefixes/suffixes from the candidates that are used in the end	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	b8fabfa24e	only construct prefix/suffix for regular expressions that has a pumpable state	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	a8944c8953	model accept states more accurately by adding an AcceptAny state, modelling `$`, and checking the existence of rejecting suffixes	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	d9ebb7b20e	escape tabs	2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen	bcb2f2768d	search for a prefix to the state that causes exponential backtracking	2020-11-25 13:57:20 +01:00
CodeQL CI	34ffcb5677	Merge pull request #4593 from asgerf/js/react-hot Approved by erik-krogh	2020-11-25 12:01:38 +00:00
Erik Krogh Kristensen	94aa162f8d	prune state-pairs that are outside a backtracking repetition	2020-11-24 20:18:45 +01:00
Erik Krogh Kristensen	f3c3b82827	move condition inside parens	2020-11-24 20:16:40 +01:00
Erik Krogh Kristensen	d1706e8048	reuse InfiniteRepetitionQuantifier from SuperLiniearBacktracking	2020-11-24 20:16:36 +01:00
CodeQL CI	395403789e	Merge pull request #4585 from erik-krogh/moreReDoS Approved by asgerf	2020-11-24 18:52:36 +00:00
CodeQL CI	4be158b362	Merge pull request #4708 from erik-krogh/emptyName Approved by asgerf	2020-11-24 17:34:55 +00:00
CodeQL CI	8c68463e76	Merge pull request #4711 from erik-krogh/locType Approved by asgerf	2020-11-24 13:10:32 +00:00
Erik Krogh Kristensen	f03429a4b8	change description for source root folder	2020-11-23 23:46:44 +01:00
Erik Krogh Kristensen	33dab1717e	treat nodes with type "Location" as a location source - but not if we can track it from an original node with type "Location"	2020-11-23 17:03:50 +01:00
Erik Krogh Kristensen	f7f9beeefd	avoid reporting empty names in `js/exposure-of-private-files`	2020-11-23 14:24:42 +01:00
Erik Krogh Kristensen	02d5fbf46b	remove superfluous space	2020-11-23 14:22:16 +01:00
Erik Krogh Kristensen	234730419b	restrict computation of ConcatenationRoot::getConstantStringParts to results that are less than 1 million chars long	2020-11-23 10:29:47 +01:00
Asger Feldthaus	f894cf2074	JS: Add support for react-hot-loader	2020-11-20 15:28:32 +00:00
Asger Feldthaus	16429c8ca4	JS: followed -> followed by	2020-11-20 14:44:25 +00:00
Asger Feldthaus	7536c49c6f	JS: Use getAParameter and not getReceiver instead of getASuccessor	2020-11-20 10:34:30 +00:00
Asger F	405f07720a	Apply suggestions from code review Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>	2020-11-20 10:21:19 +00:00
Asger Feldthaus	b34df9ff33	JS: Autoformat	2020-11-20 10:15:35 +00:00
Asger Feldthaus	f737f34dcd	JS: Add UntrustedDataToExternalApi query	2020-11-19 13:42:25 +00:00
Erik Krogh Kristensen	a3b21ad43b	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2020-11-19 11:42:12 +01:00
Erik Krogh Kristensen	cc1d797cef	adjust top comment to reflect what the query does, and add comment about which kind of accepting state is assumed.	2020-11-18 21:32:31 +01:00
Erik Krogh Kristensen	58c31f0eca	prune more regexps initially in the ReDoS query	2020-11-18 15:14:46 +01:00
Erik Krogh Kristensen	c4153a617e	remove duplicated test cases from ReDoS, and adjust variables names to match test output	2020-11-18 14:49:09 +01:00
Erik Krogh Kristensen	8270bf5bb9	make the character search skip unencodable characters	2020-11-18 11:55:49 +01:00
Erik Krogh Kristensen	55f2f86a26	limit the search of state-pairs to the ones that are reachable within the given length	2020-11-18 09:23:35 +01:00
Erik Krogh Kristensen	c4d7533701	Merge branch 'main' into moreReDoS	2020-11-17 17:34:49 +01:00
Erik Krogh Kristensen	97acf1fd87	fix FP related to inverted character classes choosing a char that was not matched by the char class	2020-11-17 17:34:43 +01:00
CodeQL CI	09cfb24afa	Merge pull request #4648 from erik-krogh/regexpParse Approved by asgerf	2020-11-16 08:20:40 +00:00
Erik Krogh Kristensen	a49b99b18c	autoformat	2020-11-13 20:06:17 +01:00
Erik Krogh Kristensen	affb11b0e3	changes based on review	2020-11-13 19:46:37 +01:00
Erik Krogh Kristensen	2f4fcc2f5e	Apply suggestions from code review Co-authored-by: Asger F <asgerf@github.com>	2020-11-13 18:03:07 +01:00
Erik Krogh Kristensen	7f68b07665	Merge branch 'main' into regexpParse	2020-11-13 09:33:16 +01:00
Erik Krogh Kristensen	7cf7a44fda	autoformat	2020-11-12 22:33:00 +01:00

1 2 3 4 5 ...

5161 Commits