codeql

mirror of https://github.com/github/codeql.git synced 2026-02-09 03:31:06 +01:00

Author	SHA1	Message	Date
erik-krogh	a86a940df7	add getRepr() and toString() on RelevantState	2022-09-05 13:27:34 +02:00
erik-krogh	3f1cb04f3e	sync files	2022-09-05 11:22:34 +02:00
erik-krogh	c38062ce93	convert RelevantState to a class in the PrefixConstruction module	2022-09-02 20:26:31 +02:00
erik-krogh	7fd426e748	print a correct range for ranges that doesn't contain any alpha-numeric chars	2022-08-30 13:57:11 +02:00
Erik Krogh Kristensen	8f0b999c31	Merge pull request #10207 from erik-krogh/fixRank fix performance issue in the ReDoS query	2022-08-30 10:17:11 +02:00
erik-krogh	f47b097d7c	put a limit on the length of the equivalent range	2022-08-29 21:03:52 +02:00
erik-krogh	77949cbeb3	add context to the rankState predicate in ExponentialBackTracking.qll	2022-08-29 13:42:05 +02:00
Erik Krogh Kristensen	ba1ad00d2a	Merge pull request #10062 from erik-krogh/redosPrefix JS: use the shared regular expression libraries in `js/case-sensitive-middleware-path`	2022-08-25 12:57:16 +02:00
Ian Lynagh	501a9b3c6b	Make *.qll non-executable	2022-08-24 16:36:15 +01:00
erik-krogh	5e3cb08ed2	rename stateInPumpableRegexp to stateInRelevantRegexp	2022-08-23 12:40:45 +02:00
erik-krogh	049af68bc2	restrict suffix-construction to relevant regexps	2022-08-21 20:35:39 +02:00
erik-krogh	d052b1e3c9	also support regular expressions without repetitions	2022-08-19 19:21:44 +02:00
erik-krogh	473bc92e2d	move the `PrefixConstruction` module out of the `ReDoSPruning` module	2022-08-18 10:07:48 +02:00
erik-krogh	5586c9a17e	delete old deprecations	2022-08-16 22:27:15 +02:00
erik-krogh	8e6a36256c	import the non-deprecated NfaUtils in the overly-large-range query	2022-08-16 11:21:43 +02:00
Erik Krogh Kristensen	f106e064fa	Merge pull request #9422 from erik-krogh/refacReDoS Refactorizations of the ReDoS libraries	2022-08-16 09:32:08 +02:00
Erik Krogh Kristensen	0adb588fe8	Merge pull request #9712 from erik-krogh/badRange JS/RB/PY/Java: add suspicious range query	2022-08-15 13:55:44 +02:00
erik-krogh	3a4a3437b5	fix some QL-for-QL warnings	2022-08-12 20:38:50 +02:00
erik-krogh	b9e96fb078	sync changes to other languages	2022-08-12 20:28:12 +02:00
Erik Krogh Kristensen	49276b1f38	Merge branch 'main' into refacReDoS	2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen	595875ff98	remove redundant not-equals check	2022-07-13 12:06:12 +02:00
Erik Krogh Kristensen	8e52fc97fc	changes based on review by Shack	2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen	aae3e2ddde	other changes based on Esbens review	2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen	ff25451699	rename query to overly-large-range, and rewrite the @description	2022-07-12 16:02:46 +02:00
yoff	cf9b69b5f2	python: More helpful comment	2022-06-30 13:07:13 +00:00
yoff	b0a29b146a	Update python/ql/lib/semmle/python/security/dataflow/TarSlipQuery.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-06-30 14:54:01 +02:00
yoff	df7ffb2880	Update python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-06-30 14:53:49 +02:00
yoff	1105cd569b	Merge branch 'main' into python/port-tarslip	2022-06-28 22:17:28 +02:00
yoff	ac0c8d238f	python: only clear taint on false-edge	2022-06-28 20:14:52 +00:00
Asger F	a522562f93	Merge pull request #9369 from asgerf/python/api-graph-api Python: API graph renaming and documentation	2022-06-28 14:48:12 +02:00
yoff	834d2603a2	python: update use of barrier guard	2022-06-28 11:15:37 +00:00
Erik Krogh Kristensen	a343ceaf8b	add suspicious-regexp-range query	2022-06-28 09:49:27 +02:00
yoff	67b6f215dc	Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-06-28 08:05:53 +02:00
Rasmus Wriedt Larsen	9e154ff4bd	Merge branch 'main' into python/port-tarslip	2022-06-27 14:36:15 +02:00
Erik Krogh Kristensen	9bc12ed8fd	sync review changes to other languages	2022-06-24 13:12:15 +02:00
Erik Krogh Kristensen	724721c5c8	fix typo	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	22871138c6	simplify the recursion between `TTrace` and `isReachableFromStartTuple` similar to the fix made by Shack in `ExponentialBackTracking.qll`	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	be37763125	improve performance of `process()` by pruning accept states early	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	3bea7df45d	add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	13482fc97b	rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp"	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	6b0df9bdfb	refactor the concretize algorithm	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	dbeae9aefb	make a parameterized module out of the RegexpMatching implementation	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	7fb3d81d2f	add further normalization of char classses	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	3be4a86acd	make ReDoSPruning into a parameterized module	2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen	dc06e9df02	move predicates that depend on isReDoSCandidate into a ReDoSPruning module	2022-06-23 14:36:24 +02:00
Rasmus Wriedt Larsen	3248f7b423	Merge pull request #9649 from RasmusWL/certificate-modeling Python/JS/Ruby: Ignore common words (like certain) as sensitive data source	2022-06-23 12:04:58 +02:00
Rasmus Wriedt Larsen	4be375521f	Python: Handle `_` in sensitive-data-sources	2022-06-22 11:05:14 +02:00
Rasmus Wriedt Larsen	5dc2bb717a	Python: ignore common words (certain/concert) as sensitive source	2022-06-22 11:05:05 +02:00
Asger F	60fde3c031	Python: Rename getARhs -> asSink	2022-06-21 12:44:06 +02:00
Anders Schack-Mulligen	a6c0a9e480	Python: one more fix	2022-06-21 09:19:45 +02:00

1 2 3 4

168 Commits