hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
84,559 Commits 1,741 Branches 166 Tags
8fd8fc07b7fb395ad05b0bbf313b6ee8de2ed016
Commit Graph

43 Commits

Author SHA1 Message Date
Kasper Svendsen
81b677a2d9 rename overlay[caller] to overlay[caller?] 2025-06-24 10:25:07 +02:00
Kasper Svendsen
c207cfdeb7 Overlay: Add overlay annotations to Java & shared libraries 2025-06-24 10:25:06 +02:00
erik-krogh
e74e5b3613 try to restrict the edges we follow (related to upper/lower-case) when contructing possible attack-strings for polynomial-redos 2024-02-22 13:15:17 +01:00
erik-krogh
396da117bb remove an FP in overly-large-range for [@-Z] 2024-01-25 14:15:06 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
erik-krogh
1a8a70dc1b mark the range [0-?] as good in the overly-large-range query 2024-01-17 13:11:57 +01:00
Geoffrey White
e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
Geoffrey White
8f115bfd06 Swift: Implement 'isUsedAsReplace'. 2023-10-30 14:33:42 +00:00
erik-krogh
fa1e8ee426 add getACodepoint to the shared Strings library, and use it in NfaUtils 2023-10-12 13:38:19 +02:00
erik-krogh
5d4b542995 escape unicode chars in overly-large-range 2023-09-28 20:16:09 +02:00
erik-krogh
9c0682848e use final class aliases to use extends instead of instanceof in the shared libraries 2023-09-18 10:25:49 +02:00
Rasmus Lerchedahl Petersen
e9e6bce80a shared: handle empty groups in delta 2023-08-24 21:21:49 +02:00
erik-krogh
db2b8d4bcc remove some test code I accidentially commited 2023-08-24 07:56:05 +02:00
erik-krogh
25e4f2c3a2 limit concretize to strings of at most length 100 2023-08-23 10:26:29 +02:00
erik-krogh
fe542565c3 fix performance 2023-08-09 13:48:07 +02:00
erik-krogh
0bce42410a support arbitrary codepoints in NfaUtils.qll 2023-08-08 22:14:51 +02:00
erik-krogh
0391e063ca move to4digitHex to Numbers.qll 2023-08-08 21:10:58 +02:00
erik-krogh
03fbd387df way better hex conversion 2023-08-08 09:08:39 +02:00
erik-krogh
92db7b047c escape unicode chars in the output for the ReDoS queries 2023-08-08 00:15:54 +02:00
Geoffrey White
a8aa33510d Shared: QLDoc NfaUtils::Make::State::hasLocationInfo. 2023-06-22 17:19:43 +01:00
erik-krogh
087e6d1c15 fix QL-for-QL warning 2023-06-15 14:14:34 +02:00
erik-krogh
21b55ce0cf stop spuriously matching everything when encountering an unsupported charclass 2023-06-15 14:14:34 +02:00
erik-krogh
efa53d21fa rename succ to pumpEnd 2023-05-23 09:56:06 +02:00
erik-krogh
36147e7afc revert the better super-linear algorith, 2023-05-23 09:56:06 +02:00
erik-krogh
404cbc93eb rename succ to pumpEnd throughout SuperLinearBackTracking.qll 2023-03-23 10:46:22 +01:00
erik-krogh
3f18b7730f address some review comments 2023-03-23 10:39:56 +01:00
erik-krogh
e189b36e3f materialize less strings when ranking states 2023-03-23 10:35:58 +01:00
erik-krogh
3d9bbd7824 ReDoS: fix potential bad mistake caught by QL-for-QL 2023-03-22 10:16:23 +01:00
erik-krogh
801e0ff050 ReDoS: implement a better super-linear algorithm, with better worst-case performance 2023-03-22 10:13:16 +01:00
Erik Krogh Kristensen
2270d6fa61 fix typo 
Co-authored-by: Taus <tausbn@github.com>
 2023-03-20 10:56:30 +01:00
erik-krogh
54ec047433 ReDoS: put an artificial limitation on the analysis in polynomial-redos for large regular expressions 2023-03-16 12:20:53 +01:00
Anders Schack-Mulligen
3640b6d3a8 Shared: Autoformat 2023-03-10 09:41:20 +01:00
erik-krogh
38ca68febb recognize "-->" as a bad tag filter 2023-01-10 18:09:56 +01:00
Tony Torralba
7ef8099a8b Shared: Remove omittable exists variables 2023-01-10 13:39:50 +01:00
erik-krogh
6c8b1cf4be changes based on Python review 2022-12-19 11:20:31 +01:00
erik-krogh
35e8d6afd4 move getACommonTld into a utility module without parameters 2022-12-18 17:23:45 +01:00
erik-krogh
26c5480ee6 share {js,rb}/regex/missing-regexp-anchor 2022-12-18 17:23:41 +01:00
erik-krogh
355499ea52 move getACommonTld to the shared pack 2022-12-17 17:26:18 +01:00
erik-krogh
f67d0bc8c0 put the shared HostnameRegexp code in the shared regex pack 2022-12-17 17:26:18 +01:00
erik-krogh
dff7b475fb make the top-level comment in SuperlinearBackTracking.qll a QLDoc 2022-11-15 11:46:44 +01:00
erik-krogh
324e0e8f90 always sort both by location and by term tostring 2022-11-14 17:33:48 +01:00
erik-krogh
f5daee2483 port canonicalization fix from #11071 to the shared pack 2022-11-07 14:26:55 +01:00
erik-krogh
5ec22bc180 add a shared regex pack 2022-11-07 14:22:46 +01:00