hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-25 19:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,742 Commits 1,692 Branches 161 Tags
ca18179bd2d36f9cf3ad28b70a845bfada96dbed
Commit Graph

71 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
dc6d3fe7ba Use flowFrom. 2025-12-03 14:04:18 +01:00
Alex Eyers-Taylor
2201974844 Jave: Use force local to make parsing local after global regex finding. 2025-09-16 15:55:04 +01:00
Kasper Svendsen
c207cfdeb7 Overlay: Add overlay annotations to Java & shared libraries 2025-06-24 10:25:06 +02:00
Jami Cogswell
eea3e82cca Java: fix 'regex-use' comments 2024-07-25 10:39:03 -04:00
Owen Mansel-Chan
89f958105a Mention regex-use sink kind in QLDoc for regexSinkKindInfo 2024-07-23 21:38:30 +01:00
erik-krogh
baa31e1469 delete outdated deprecations 2024-04-25 22:19:28 +02:00
Anders Schack-Mulligen
2925e45434 Java/Dataflow: Propagate MaD-id/model-id to PathGraph. 2024-04-12 09:19:51 +02:00
Marcono1234
3edfdc5ceb Java: Improve Regex flag parsing 
Fixes:
- Flag `d` not being recognized
- Syntax for disabling flags (`-`) not being recognized
- Non-capturing group with flags erroneously containing `:` as literal
 2024-01-06 04:15:09 +01:00
Ed Minnix
1b8f3f3450 Deprecate or remove imports of dataflow library copies 2023-12-08 10:42:10 -05:00
Chris Smowton
f552a15aae Mass-rename MethodAccess -> MethodCall 2023-10-24 10:30:26 +01:00
yoff
4a37c2fc3a Merge pull request #13778 from geoffw0/javaparsemode 
Java: Understand multiple parse mode flags specified in a regular expression string
 2023-09-18 14:22:59 +02:00
Geoffrey White
8c3e778be6 Java: Port regex mode flag character fix from Python. 2023-09-13 17:50:52 +01:00
erik-krogh
45c39e6072 limit field flow when tracking regex strings in Java 2023-08-08 09:01:23 +02:00
Geoffrey White
45a9d5bc7d Java: QLDoc. 2023-07-20 11:53:52 +01:00
Geoffrey White
369f88beda Java: Fix for multiple parse mode flags. 2023-07-20 11:49:54 +01:00
Ed Minnix
b4130e650d Refactor RegexFlowConfigs.qll 2023-03-29 22:33:08 -04:00
erik-krogh
880632f536 use Number.qll to parse hex numbers in regex parsing for Python/Java 2023-03-16 14:25:53 +01:00
Tony Torralba
32471d326e Java: Remove omittable exists variables 2023-01-10 13:37:19 +01:00
erik-krogh
ba7321ac5c add qldoc to RegExpCharEscape 2022-12-18 17:23:45 +01:00
erik-krogh
26c5480ee6 share {js,rb}/regex/missing-regexp-anchor 2022-12-18 17:23:41 +01:00
erik-krogh
f67d0bc8c0 put the shared HostnameRegexp code in the shared regex pack 2022-12-17 17:26:18 +01:00
Michael Nebel
b3a3b676ba Java: Remove manual models from QL code. 2022-11-28 12:30:34 +01:00
erik-krogh
95f35196e4 add missing additional keywords 2022-11-23 20:45:51 +01:00
Jami
8a73675483 Merge pull request #11070 from jcogs33/java-regex-injection 
Java: Promote regex injection query from experimental
 2022-11-21 15:04:26 -05:00
erik-krogh
b737bdbca0 add a Java implementation of RegexTreeViewSig 2022-11-14 21:29:41 +01:00
erik-krogh
20254dfc08 move existing regex-tree into a module 2022-11-14 21:29:41 +01:00
Jami Cogswell
b99a1d2cd9 update sink and tests 2022-11-08 15:29:33 -05:00
Jami Cogswell
be548c13e1 switch sink to use csv models 2022-11-08 15:29:33 -05:00
Jami Cogswell
50d638d1b6 create RegexInjection.qll file 2022-11-08 15:29:33 -05:00
Jami Cogswell
f6f26fe6c5 refactor code; add change note 2022-11-08 15:29:33 -05:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Erik Krogh Kristensen
887f6557ed fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Michael Nebel
2e46e93f36 Java: Update java models with provenance column information. 2022-06-20 16:20:02 +02:00
Joe Farebrother
c7d30087d1 Fix issue with named backrefs; add needed import 2022-05-04 15:41:42 +01:00
Joe Farebrother
2d82dfba38 Reorder backreference predicates 2022-05-04 15:41:41 +01:00
Joe Farebrother
9078e13f1c Apply reveiw suggestions 
- make java imports private
- qdoc fixes
- reorder predicates
- simplifications
 2022-05-04 15:41:41 +01:00
Joe Farebrother
b854a2185e Fix use of sinkModel 2022-05-04 15:41:41 +01:00
Joe Farebrother
b08f22c24d Remove unnecassary import 2022-05-04 15:41:41 +01:00
Joe Farebrother
eec57d4f25 Simplify dataflow logic by using only one configuration, and expessing more sinks with models-as-data 2022-05-04 15:41:41 +01:00
Joe Farebrother
e5ca924240 Allow quantifiers invoving {}; add comments 2022-05-04 15:41:40 +01:00
Chris Smowton
bc17d4b91f Break the recursion between seqChild, RegExpTerm and TRegExpSequence 2022-05-04 15:41:40 +01:00
Chris Smowton
0d13864bc8 Restrict polynomial ReDoS' strings-parsed-as-regexes search to those that could possibly be interesting 
In practice for polynomial ReDoS this means those regexes containing at least one potentially-infinite quantifier (* or +).
 2022-05-04 15:41:39 +01:00
Joe Farebrother
375ded4ede Move check to exlude test cases so that it also covers exponential redos 2022-05-04 15:41:39 +01:00
Joe Farebrother
04edc10f1e Exclude regexes from test code 2022-05-04 15:41:38 +01:00
Joe Farebrother
5555985ad6 Distingush between whether or not a regex is matched against a full string 
Also some fixes and additional tests
 2022-05-04 15:41:38 +01:00
Joe Farebrother
bb562643c6 Support possessive quantifiers, which cannot backtrack. 
They are approximated by limiting them to up to one repetition (effectively making *+ like ? and ++ like a no-op).
 2022-05-04 15:41:37 +01:00
Joe Farebrother
49374b877a Fix parsing of alternations in character classes 2022-05-04 15:41:37 +01:00
Joe Farebrother
5ba6bafbef Use occursInRegex more ccnsistently throughout 2022-05-04 15:41:37 +01:00
Chris Smowton
f5809a7440 ReDoS performance fixes 2022-05-04 15:41:37 +01:00
Joe Farebrother
3ce0c2c23b Add more regex use functions in String 2022-05-04 15:41:36 +01:00