hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
4392f0270c autoformat 2021-01-06 10:37:36 +01:00
Erik Krogh Kristensen
3d98732136 support nested stars in js/ReDoS 2021-01-06 10:37:35 +01:00
Erik Krogh Kristensen
77967c3e63 undo unsound optimization in js/ReDoS 2021-01-06 10:36:21 +01:00
Erik Krogh Kristensen
b42aac17d5 add more tests for js/ReDoS 2021-01-06 10:34:06 +01:00
CodeQL CI
a5e28ac6d6 Merge pull request #4847 from erik-krogh/afterReDoS 
Approved by esbena
 2021-01-05 01:51:27 -08:00
Erik Krogh Kristensen
ce8cc2368b improve precision of intersect 2021-01-04 11:55:51 +01:00
Erik Krogh Kristensen
44571ffeea use the full ascii set instead of a few chosen chars 2020-12-22 16:00:23 +01:00
Erik Krogh Kristensen
303408b774 remove duplicate char 2020-12-22 15:48:24 +01:00
Erik Krogh Kristensen
354954c80c changes based on review 2020-12-22 15:41:06 +01:00
Erik Krogh Kristensen
530a4aea35 Merge branch 'main' into shellSanitizer 2020-12-22 13:57:15 +01:00
Erik Krogh Kristensen
f7f88689c4 use strings in isTypeofGard 2020-12-22 13:55:32 +01:00
CodeQL CI
2bb96369f1 Merge pull request #4868 from erik-krogh/boundShell 
Approved by esbena
 2020-12-22 03:35:42 -08:00
CodeQL CI
7c6b4d7324 Merge pull request #4865 from esbena/js/fix-execa-model 
Approved by erik-krogh
 2020-12-22 03:32:26 -08:00
Erik Krogh Kristensen
da9a4e5267 add test 2020-12-22 11:22:25 +01:00
Erik Krogh Kristensen
b8b5aef5f4 recognize Object.defineProperty(obj, prop, {get: func}) as a property-write 2020-12-22 11:21:41 +01:00
Erik Krogh Kristensen
6a9089b15e recognize bound functions in js/shell-command-constructed-from-input 2020-12-22 11:20:34 +01:00
CodeQL CI
67d0f4d938 Merge pull request #4866 from esbena/js/add-tests-for-examples 
Approved by erik-krogh
 2020-12-22 02:04:47 -08:00
CodeQL CI
e2bba97794 Merge pull request #4860 from erik-krogh/functionExports 
Approved by esbena
 2020-12-22 01:05:37 -08:00
Erik Krogh Kristensen
df95562f8f remove TTUndefined from TypeOfSanitizer in js/shell-command-constructed-from-input 2020-12-22 09:43:50 +01:00
CodeQL CI
b35edc9de6 Merge pull request #4732 from github/esbena-patch-4 
Approved by erik-krogh
 2020-12-22 00:42:25 -08:00
Erik Krogh Kristensen
6eb88b9e41 introduce and use TaintTracking::isTypeofGuard 2020-12-22 09:42:12 +01:00
Esben Sparre Andreasen
34a09ff522 JS: add js/conditional-bypass example as a test case 2020-12-22 09:34:25 +01:00
Esben Sparre Andreasen
ab4f3ea259 JS: fixup for execa.shell and execa.shellSync models 2020-12-22 09:06:18 +01:00
Esben Sparre Andreasen
ba714a1214 JS: add execa.shell tests 2020-12-22 09:01:43 +01:00
Erik Krogh Kristensen
34a6e15426 make TypeOfSanitizer slightly more robost 2020-12-22 08:53:14 +01:00
Erik Krogh Kristensen
18d26cabe5 Update javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-12-22 08:37:24 +01:00
Erik Krogh Kristensen
876ba7ef2d add typeof sanitizer to js/shell-command-constructed-from-input 2020-12-21 14:16:55 +01:00
Erik Krogh Kristensen
4ef569fbbe recognize more exported functions in js/shell-command-constructed-from-input 2020-12-21 13:50:22 +01:00
Erik Krogh Kristensen
e3ec67d5e3 avoid materializing isFeasibleTuple 2020-12-21 12:53:41 +01:00
Erik Krogh Kristensen
cbad705029 general performance improvements in the ReDoS utility library 2020-12-21 11:49:21 +01:00
Erik Krogh Kristensen
3a43421193 add missing qhelp 2020-12-19 00:02:42 +01:00
Erik Krogh Kristensen
05569187b4 improve performance of suffix checking 2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen
6369374224 implement new algorithm for detecting superlinear backtracking in regular expressions 2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen
7ce91e9146 introduce cannonical representatives of RegExpTerms to decrease the number of InputSymbols in the NFA 2020-12-18 17:21:11 +01:00
Erik Krogh Kristensen
34dda6d38b refactor to share predicates between regular expression queries 2020-12-18 16:15:56 +01:00
Erik Krogh Kristensen
b2116dc5b4 add more tests for polynomial/exponential redos 2020-12-18 13:19:17 +01:00
CodeQL CI
41ef7a3fce Merge pull request #4733 from erik-krogh/args 
Approved by esbena
 2020-12-16 06:51:26 -08:00
CodeQL CI
287954e0d8 Merge pull request #4686 from erik-krogh/buildFp 
Approved by esbena
 2020-12-16 06:42:41 -08:00
Erik Krogh Kristensen
99af484042 move the "commander" source 2020-12-16 15:05:59 +01:00
Erik Krogh Kristensen
2ae0400922 update docstring for dashdash 2020-12-16 15:00:44 +01:00
Erik Krogh Kristensen
3d03e7192c Update javascript/ql/src/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
 2020-12-16 14:57:20 +01:00
CodeQL CI
9ae8880bd0 Merge pull request #4802 from max-schaefer/js/external-remote-flow-sources 
Approved by asgerf, jf205
 2020-12-16 00:34:40 -08:00
CodeQL CI
66f4120cdd Merge pull request #4721 from github/nextReDoS 
Approved by asgerf
 2020-12-14 01:48:12 -08:00
Max Schaefer
9f8508fdc7 JavaScript: Allow specifying additional remote flow sources through JSON. 2020-12-12 11:42:55 +00:00
CodeQL CI
9ff6d68a9b Merge pull request #4778 from asgerf/js/more-prototype-pollution 
Approved by erik-krogh, mchammer01
 2020-12-11 13:58:09 -08:00
Asger F
ed729a1963 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2020-12-09 09:59:55 +00:00
Asger Feldthaus
fd293d07d7 JS: Address doc review 2020-12-09 09:58:52 +00:00
CodeQL CI
8129d0c0ac Merge pull request #4762 from asgerf/js/template-sinks-in-code-injection 
Approved by erik-krogh, mchammer01
 2020-12-07 04:35:11 -08:00
Asger Feldthaus
04f51bef5e JS: Add missing qldoc 2020-12-07 10:52:38 +00:00
Asger Feldthaus
f96c425a72 JS: Deny -> block 2020-12-07 10:50:01 +00:00