hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

5316 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
f33cd8bc8e add command parsing model for argparse 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
45067ee651 add command parsing model for "arg" 2020-11-27 09:57:05 +00:00
Erik Krogh Kristensen
821b4be522 more accurately model command parsers that take process.argv as an argument 2020-11-27 09:56:50 +00:00
Jonas Jensen
ad4b2beafa Merge pull request #4727 from criemen/remove-abstract-classes 
C++/C#/JS/Python/Java XML.qll: Remove abstract from class hierarchy.
 2020-11-27 08:17:21 +01:00
Erik Krogh Kristensen
f576144ec6 more pruning based on states being inside a repetition 2020-11-26 17:30:37 +01:00
Erik Krogh Kristensen
9468a6e8dc update expected output 2020-11-26 12:32:55 +01:00
Esben Sparre Andreasen
82e8114c0f Add security tag to js/angular/double-compilation 2020-11-26 10:39:19 +01:00
Erik Krogh Kristensen
1b3c3ef4cb adjust comments in ReDoS test case 2020-11-26 10:31:44 +01:00
Cornelius Riemenschneider
3bfb398516 Autoformat XML.qll. 2020-11-25 18:20:50 +01:00
Cornelius Riemenschneider
7eec988fb5 XML.qll: Remove abstract from class hierarchy. 2020-11-25 17:22:03 +01:00
Erik Krogh Kristensen
11d878b413 adjust comments to reflect the precission of the suffix search 2020-11-25 14:40:33 +01:00
Erik Krogh Kristensen
b418cb5fe0 add test case where the successor of the repeating term matches epsilon 2020-11-25 13:59:10 +01:00
Erik Krogh Kristensen
500b94b50e rename witness to pump 2020-11-25 13:57:21 +01:00
Erik Krogh Kristensen
c5f5206174 update expected output 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
e03c19b7fc only search prefixes/suffixes from the candidates that are used in the end 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
b8fabfa24e only construct prefix/suffix for regular expressions that has a pumpable state 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
a8944c8953 model accept states more accurately by adding an AcceptAny state, modelling $, and checking the existence of rejecting suffixes 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
d9ebb7b20e escape tabs 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
bcb2f2768d search for a prefix to the state that causes exponential backtracking 2020-11-25 13:57:20 +01:00
CodeQL CI
34ffcb5677 Merge pull request #4593 from asgerf/js/react-hot 
Approved by erik-krogh
 2020-11-25 12:01:38 +00:00
Erik Krogh Kristensen
94aa162f8d prune state-pairs that are outside a backtracking repetition 2020-11-24 20:18:45 +01:00
Erik Krogh Kristensen
f3c3b82827 move condition inside parens 2020-11-24 20:16:40 +01:00
Erik Krogh Kristensen
d1706e8048 reuse InfiniteRepetitionQuantifier from SuperLiniearBacktracking 2020-11-24 20:16:36 +01:00
CodeQL CI
395403789e Merge pull request #4585 from erik-krogh/moreReDoS 
Approved by asgerf
 2020-11-24 18:52:36 +00:00
CodeQL CI
4be158b362 Merge pull request #4708 from erik-krogh/emptyName 
Approved by asgerf
 2020-11-24 17:34:55 +00:00
Asger Feldthaus
432a59185f Merge branch 'js/api-graph-tweaks' of github.com:asgerf/codeql into js/api-graph-tweaks 2020-11-24 14:32:28 +00:00
Asger Feldthaus
cf12b65c80 JS: Autoformat 2020-11-24 14:32:20 +00:00
CodeQL CI
8c68463e76 Merge pull request #4711 from erik-krogh/locType 
Approved by asgerf
 2020-11-24 13:10:32 +00:00
Erik Krogh Kristensen
f03429a4b8 change description for source root folder 2020-11-23 23:46:44 +01:00
Asger F
ac6d4aac9d Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-11-23 21:20:38 +00:00
Asger Feldthaus
d3412bb0ec JS: Fix typo in NoSQL model 2020-11-23 21:19:17 +00:00
Asger Feldthaus
85f0a627c4 JS: Autoformat 2020-11-23 16:17:22 +00:00
Asger Feldthaus
c146e044ca JS: Update NoSQL model 2020-11-23 16:17:00 +00:00
Asger Feldthaus
b6b8a55b37 JS: Add test case 2020-11-23 16:16:50 +00:00
Erik Krogh Kristensen
33dab1717e treat nodes with type "Location" as a location source - but not if we can track it from an original node with type "Location" 2020-11-23 17:03:50 +01:00
Asger Feldthaus
ac00e02855 JS: Add API::Node.getAValueReachingRhs 2020-11-23 15:37:08 +00:00
Asger Feldthaus
3b5ff73862 JS: Introduce API::InvokeNode to simplify reasoning about calls 2020-11-23 15:36:32 +00:00
Erik Krogh Kristensen
f7f9beeefd avoid reporting empty names in js/exposure-of-private-files 2020-11-23 14:24:42 +01:00
Erik Krogh Kristensen
02d5fbf46b remove superfluous space 2020-11-23 14:22:16 +01:00
Erik Krogh Kristensen
234730419b restrict computation of ConcatenationRoot::getConstantStringParts to results that are less than 1 million chars long 2020-11-23 10:29:47 +01:00
Asger Feldthaus
f894cf2074 JS: Add support for react-hot-loader 2020-11-20 15:28:32 +00:00
Asger Feldthaus
16429c8ca4 JS: followed -> followed by 2020-11-20 14:44:25 +00:00
Asger Feldthaus
7536c49c6f JS: Use getAParameter and not getReceiver instead of getASuccessor 2020-11-20 10:34:30 +00:00
Asger F
405f07720a Apply suggestions from code review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-11-20 10:21:19 +00:00
Asger Feldthaus
b34df9ff33 JS: Autoformat 2020-11-20 10:15:35 +00:00
Asger Feldthaus
f737f34dcd JS: Add UntrustedDataToExternalApi query 2020-11-19 13:42:25 +00:00
Erik Krogh Kristensen
a3b21ad43b Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-11-19 11:42:12 +01:00
Erik Krogh Kristensen
cc1d797cef adjust top comment to reflect what the query does, and add comment about which kind of accepting state is assumed. 2020-11-18 21:32:31 +01:00
Erik Krogh Kristensen
58c31f0eca prune more regexps initially in the ReDoS query 2020-11-18 15:14:46 +01:00
Erik Krogh Kristensen
c4153a617e remove duplicated test cases from ReDoS, and adjust variables names to match test output 2020-11-18 14:49:09 +01:00