hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,895 Commits 1,671 Branches 157 Tags
4f54bb66b807ee4b22f6be28cfbb71d21b901b10
Commit Graph

6082 Commits

Author SHA1 Message Date
Tony Torralba
ca2959cf37 Merge pull request #8537 from atorralba/atorralba/unsafe_android_access_improvs 
Java: Improvements to UnsafeAndroidAccess
 2022-05-05 16:46:54 +02:00
Tom Hvitved
04cc73823d Java: Introduce 'with/without content' summary components 2022-05-05 14:25:48 +02:00
Tom Hvitved
d9d5372f28 Data flow: Sync files 2022-05-05 13:36:26 +02:00
Michael Nebel
2dc35c123a Java/Ruby: Sync files. 2022-05-05 13:08:55 +02:00
Tom Hvitved
66a9759329 Merge pull request #8870 from hvitved/dataflow/expect-content 
Data flow: Introduce `expectsContent`
 2022-05-05 09:01:40 +02:00
luchua-bc
937ab417b1 Query to detect hardcoded JWT secret keys 2022-05-04 23:09:48 +00:00
Joe Farebrother
64227c9109 Fix codescanning alerts 2022-05-04 15:58:30 +01:00
Joe Farebrother
c7d30087d1 Fix issue with named backrefs; add needed import 2022-05-04 15:41:42 +01:00
Joe Farebrother
2d82dfba38 Reorder backreference predicates 2022-05-04 15:41:41 +01:00
Joe Farebrother
9078e13f1c Apply reveiw suggestions 
- make java imports private
- qdoc fixes
- reorder predicates
- simplifications
 2022-05-04 15:41:41 +01:00
Joe Farebrother
b854a2185e Fix use of sinkModel 2022-05-04 15:41:41 +01:00
Joe Farebrother
b08f22c24d Remove unnecassary import 2022-05-04 15:41:41 +01:00
Joe Farebrother
66ab2bca75 Update PrintAst test output 2022-05-04 15:41:41 +01:00
Joe Farebrother
eec57d4f25 Simplify dataflow logic by using only one configuration, and expessing more sinks with models-as-data 2022-05-04 15:41:41 +01:00
Joe Farebrother
2a80540157 Sync shared files 2022-05-04 15:41:40 +01:00
Joe Farebrother
5e3ba130dc Add a test for deeply nested sequences 2022-05-04 15:41:40 +01:00
Joe Farebrother
4ed2e8d1fd Update tests to account for only regexes with quantifiers being considered 2022-05-04 15:41:40 +01:00
Joe Farebrother
e5ca924240 Allow quantifiers invoving {}; add comments 2022-05-04 15:41:40 +01:00
Chris Smowton
bc17d4b91f Break the recursion between seqChild, RegExpTerm and TRegExpSequence 2022-05-04 15:41:40 +01:00
Chris Smowton
0d13864bc8 Restrict polynomial ReDoS' strings-parsed-as-regexes search to those that could possibly be interesting 
In practice for polynomial ReDoS this means those regexes containing at least one potentially-infinite quantifier (* or +).
 2022-05-04 15:41:39 +01:00
Joe Farebrother
0f606d987d Remove redundant super call. 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-05-04 15:41:39 +01:00
Joe Farebrother
522a8aff6f Fix filename case 2022-05-04 15:41:39 +01:00
Joe Farebrother
3d65a9cafc Update shared files 2022-05-04 15:41:39 +01:00
Joe Farebrother
375ded4ede Move check to exlude test cases so that it also covers exponential redos 2022-05-04 15:41:39 +01:00
Joe Farebrother
1605d36ddf Refine polynomial redos sources to exclude length limited methods 2022-05-04 15:41:39 +01:00
Joe Farebrother
04edc10f1e Exclude regexes from test code 2022-05-04 15:41:38 +01:00
Joe Farebrother
6794268a3c Split PolynomialRedos definition into a library to avoid duplication in the tests 2022-05-04 15:41:38 +01:00
Joe Farebrother
5555985ad6 Distingush between whether or not a regex is matched against a full string 
Also some fixes and additional tests
 2022-05-04 15:41:38 +01:00
Joe Farebrother
bb562643c6 Support possessive quantifiers, which cannot backtrack. 
They are approximated by limiting them to up to one repetition (effectively making *+ like ? and ++ like a no-op).
 2022-05-04 15:41:37 +01:00
Joe Farebrother
49374b877a Fix parsing of alternations in character classes 2022-05-04 15:41:37 +01:00
Joe Farebrother
5ba6bafbef Use occursInRegex more ccnsistently throughout 2022-05-04 15:41:37 +01:00
Chris Smowton
f5809a7440 ReDoS performance fixes 2022-05-04 15:41:37 +01:00
Joe Farebrother
2d963176bf Fix change note 2022-05-04 15:41:37 +01:00
Joe Farebrother
9bd3916800 Add change note 2022-05-04 15:41:37 +01:00
Joe Farebrother
3ce0c2c23b Add more regex use functions in String 2022-05-04 15:41:36 +01:00
Joe Farebrother
5364001aa2 Update docs to be about Java 2022-05-04 15:41:36 +01:00
Joe Farebrother
c312b4b6b0 Add missing qldoc 2022-05-04 15:41:36 +01:00
Joe Farebrother
57ba8a4d1b Improve handling of hex escapes; and support some named character classes 2022-05-04 15:41:36 +01:00
Joe Farebrother
5143585080 Fix to PolynomialRedos not finding results and to test cases not finding that 2022-05-04 15:41:36 +01:00
Joe Farebrother
91887ab229 Sync shared files 2022-05-04 15:41:36 +01:00
Joe Farebrother
e23162d91b Add test cases for PolynomialRedos dataflow logic; make fixes 2022-05-04 15:41:35 +01:00
Joe Farebrother
5a4316d945 Add test cases for exponential redos query 2022-05-04 15:41:35 +01:00
Joe Farebrother
457cf41825 Support more escaped characters 2022-05-04 15:41:35 +01:00
Joe Farebrother
4b845d5dac Move test cases to their own directory to avoid conflict 2022-05-04 15:41:35 +01:00
Joe Farebrother
9f4da65030 Improve calculation of locations of regex terms 2022-05-04 15:41:35 +01:00
Joe Farebrother
dd200e29d4 Improve char set depth calculation 2022-05-04 15:41:35 +01:00
Joe Farebrother
e797d2195c Topologically sort RegexString 2022-05-04 15:41:34 +01:00
Joe Farebrother
bc109521aa Simplify octal handling 2022-05-04 15:41:34 +01:00
Joe Farebrother
9e88c67c19 Add more test cases; make some fixes 2022-05-04 15:41:34 +01:00
Joe Farebrother
aa1337db86 Apply style suggestions from code review 2022-05-04 15:41:34 +01:00