codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Esben Sparre Andreasen	580a24e982	JS: rewrite js/incomplete-multi-character-sanitization	2021-01-11 11:26:45 +01:00
CodeQL CI	807fc94627	Merge pull request #4921 from erik-krogh/moreShellSan Approved by esbena	2021-01-08 00:58:26 -08:00
Erik Krogh Kristensen	6423c32990	Update javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-01-07 22:02:39 +01:00
CodeQL CI	c193d9f375	Merge pull request #4823 from erik-krogh/furtherReDoS Approved by esbena	2021-01-07 05:24:07 -08:00
Erik Krogh Kristensen	7eab08511b	add source code examples to `blocksCharInAccess`	2021-01-07 13:58:26 +01:00
Erik Krogh Kristensen	8b03ab0c01	update docstring for `getAShellChar` Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2021-01-07 13:58:26 +01:00
Erik Krogh Kristensen	2aa59a3f8b	support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input	2021-01-07 13:58:25 +01:00
Erik Krogh Kristensen	7e21081b70	add comment about regexp detected by js/polynomial-redos	2021-01-07 12:06:12 +01:00
Erik Krogh Kristensen	bfd8d1b1e9	Merge branch 'main' into revertSum	2021-01-06 23:04:08 +01:00
CodeQL CI	9d4cd0aa85	Merge pull request #4862 from erik-krogh/shellSanitizer Approved by esbena	2021-01-06 11:16:12 -08:00
Erik Krogh Kristensen	f1cee70e82	add class-field flowstep to js/shell-command-constructed-from-input	2021-01-06 14:37:00 +01:00
Erik Krogh Kristensen	28cffa1e07	add comment in isFork about /(a)/ regular expressions	2021-01-06 10:44:13 +01:00
Erik Krogh Kristensen	c58f67b189	reintroduce performance improvement - but sound this time	2021-01-06 10:44:13 +01:00
Erik Krogh Kristensen	4392f0270c	autoformat	2021-01-06 10:37:36 +01:00
Erik Krogh Kristensen	3d98732136	support nested stars in js/ReDoS	2021-01-06 10:37:35 +01:00
Erik Krogh Kristensen	77967c3e63	undo unsound optimization in js/ReDoS	2021-01-06 10:36:21 +01:00
Erik Krogh Kristensen	b42aac17d5	add more tests for js/ReDoS	2021-01-06 10:34:06 +01:00
CodeQL CI	a5e28ac6d6	Merge pull request #4847 from erik-krogh/afterReDoS Approved by esbena	2021-01-05 01:51:27 -08:00
Erik Krogh Kristensen	368603eefa	add change note	2021-01-04 15:23:52 +01:00
Erik Krogh Kristensen	ce8cc2368b	improve precision of intersect	2021-01-04 11:55:51 +01:00
Erik Krogh Kristensen	44571ffeea	use the full ascii set instead of a few chosen chars	2020-12-22 16:00:23 +01:00
Erik Krogh Kristensen	303408b774	remove duplicate char	2020-12-22 15:48:24 +01:00
Erik Krogh Kristensen	354954c80c	changes based on review	2020-12-22 15:41:06 +01:00
Erik Krogh Kristensen	530a4aea35	Merge branch 'main' into shellSanitizer	2020-12-22 13:57:15 +01:00
Erik Krogh Kristensen	f7f88689c4	use strings in isTypeofGard	2020-12-22 13:55:32 +01:00
CodeQL CI	2bb96369f1	Merge pull request #4868 from erik-krogh/boundShell Approved by esbena	2020-12-22 03:35:42 -08:00
CodeQL CI	7c6b4d7324	Merge pull request #4865 from esbena/js/fix-execa-model Approved by erik-krogh	2020-12-22 03:32:26 -08:00
Erik Krogh Kristensen	da9a4e5267	add test	2020-12-22 11:22:25 +01:00
Erik Krogh Kristensen	b8b5aef5f4	recognize `Object.defineProperty(obj, prop, {get: func})` as a property-write	2020-12-22 11:21:41 +01:00
Erik Krogh Kristensen	6a9089b15e	recognize bound functions in js/shell-command-constructed-from-input	2020-12-22 11:20:34 +01:00
CodeQL CI	67d0f4d938	Merge pull request #4866 from esbena/js/add-tests-for-examples Approved by erik-krogh	2020-12-22 02:04:47 -08:00
CodeQL CI	e2bba97794	Merge pull request #4860 from erik-krogh/functionExports Approved by esbena	2020-12-22 01:05:37 -08:00
Erik Krogh Kristensen	df95562f8f	remove TTUndefined from TypeOfSanitizer in js/shell-command-constructed-from-input	2020-12-22 09:43:50 +01:00
CodeQL CI	b35edc9de6	Merge pull request #4732 from github/esbena-patch-4 Approved by erik-krogh	2020-12-22 00:42:25 -08:00
Erik Krogh Kristensen	6eb88b9e41	introduce and use TaintTracking::isTypeofGuard	2020-12-22 09:42:12 +01:00
Esben Sparre Andreasen	34a09ff522	JS: add js/conditional-bypass example as a test case	2020-12-22 09:34:25 +01:00
Esben Sparre Andreasen	009527c69c	JS: add change note	2020-12-22 09:26:35 +01:00
Esben Sparre Andreasen	ab4f3ea259	JS: fixup for execa.shell and execa.shellSync models	2020-12-22 09:06:18 +01:00
Esben Sparre Andreasen	ba714a1214	JS: add execa.shell tests	2020-12-22 09:01:43 +01:00
Erik Krogh Kristensen	34a6e15426	make TypeOfSanitizer slightly more robost	2020-12-22 08:53:14 +01:00
Erik Krogh Kristensen	18d26cabe5	Update javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll Co-authored-by: Esben Sparre Andreasen <esbena@github.com>	2020-12-22 08:37:24 +01:00
Erik Krogh Kristensen	876ba7ef2d	add typeof sanitizer to js/shell-command-constructed-from-input	2020-12-21 14:16:55 +01:00
Erik Krogh Kristensen	4ef569fbbe	recognize more exported functions in js/shell-command-constructed-from-input	2020-12-21 13:50:22 +01:00
Erik Krogh Kristensen	e3ec67d5e3	avoid materializing isFeasibleTuple	2020-12-21 12:53:41 +01:00
Erik Krogh Kristensen	cbad705029	general performance improvements in the ReDoS utility library	2020-12-21 11:49:21 +01:00
Erik Krogh Kristensen	3a43421193	add missing qhelp	2020-12-19 00:02:42 +01:00
Erik Krogh Kristensen	05569187b4	improve performance of suffix checking	2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen	6369374224	implement new algorithm for detecting superlinear backtracking in regular expressions	2020-12-18 17:21:15 +01:00
Erik Krogh Kristensen	7ce91e9146	introduce cannonical representatives of RegExpTerms to decrease the number of InputSymbols in the NFA	2020-12-18 17:21:11 +01:00
Erik Krogh Kristensen	34dda6d38b	refactor to share predicates between regular expression queries	2020-12-18 16:15:56 +01:00

... 11 12 13 14 15 ...

5849 Commits