hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,145 Commits 1,693 Branches 161 Tags
cc98c41dd641a4dcdd17e8ccf9523e9ded4253df
Commit Graph

18145 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
cc98c41dd6 revert marking repetitions with possibly empty body as forks 2020-12-03 20:08:07 +01:00
Erik Krogh Kristensen
33b2701551 refine isFork to remove false positive when a state has epsilon transition to itself 2020-11-29 21:42:50 +01:00
Erik Krogh Kristensen
d7b22e3b1b update expected output for PolynomialBackTracking 2020-11-27 20:15:27 +01:00
Erik Krogh Kristensen
729073fb43 detect ReDoS when the choices are "match some string" or "match Epsilon" 2020-11-27 20:15:23 +01:00
Erik Krogh Kristensen
46ca56458a introduce a printable state class 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
8a3e87fe42 remove unnecessary one-step inline 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
36b9f0254e performance improvements for suffix check in js/redos 2020-11-27 13:45:41 +01:00
Erik Krogh Kristensen
e177d46c0a add two test cases that demonstrate the limits of the suffix construction 2020-11-27 13:45:34 +01:00
Erik Krogh Kristensen
f576144ec6 more pruning based on states being inside a repetition 2020-11-26 17:30:37 +01:00
Erik Krogh Kristensen
9468a6e8dc update expected output 2020-11-26 12:32:55 +01:00
Erik Krogh Kristensen
1b3c3ef4cb adjust comments in ReDoS test case 2020-11-26 10:31:44 +01:00
Erik Krogh Kristensen
11d878b413 adjust comments to reflect the precission of the suffix search 2020-11-25 14:40:33 +01:00
Erik Krogh Kristensen
b418cb5fe0 add test case where the successor of the repeating term matches epsilon 2020-11-25 13:59:10 +01:00
Erik Krogh Kristensen
500b94b50e rename witness to pump 2020-11-25 13:57:21 +01:00
Erik Krogh Kristensen
c5f5206174 update expected output 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
e03c19b7fc only search prefixes/suffixes from the candidates that are used in the end 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
b8fabfa24e only construct prefix/suffix for regular expressions that has a pumpable state 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
a8944c8953 model accept states more accurately by adding an AcceptAny state, modelling $, and checking the existence of rejecting suffixes 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
d9ebb7b20e escape tabs 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
bcb2f2768d search for a prefix to the state that causes exponential backtracking 2020-11-25 13:57:20 +01:00
Erik Krogh Kristensen
94aa162f8d prune state-pairs that are outside a backtracking repetition 2020-11-24 20:18:45 +01:00
Erik Krogh Kristensen
f3c3b82827 move condition inside parens 2020-11-24 20:16:40 +01:00
Erik Krogh Kristensen
d1706e8048 reuse InfiniteRepetitionQuantifier from SuperLiniearBacktracking 2020-11-24 20:16:36 +01:00
CodeQL CI
395403789e Merge pull request #4585 from erik-krogh/moreReDoS 
Approved by asgerf
 2020-11-24 18:52:36 +00:00
CodeQL CI
4be158b362 Merge pull request #4708 from erik-krogh/emptyName 
Approved by asgerf
 2020-11-24 17:34:55 +00:00
Rasmus Wriedt Larsen
aa4345ac76 Merge pull request #4710 from yoff/python-dataflow-variable-capture 
Python: Dataflow, variable capture
 2020-11-24 15:04:38 +01:00
yoff
215986bce5 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-11-24 14:12:23 +01:00
Rasmus Lerchedahl Petersen
05d156ba0f Python: add comments 2020-11-24 14:11:14 +01:00
CodeQL CI
8c68463e76 Merge pull request #4711 from erik-krogh/locType 
Approved by asgerf
 2020-11-24 13:10:32 +00:00
Jonas Jensen
260a8d4afb Merge pull request #4702 from MathiasVP/qualifier-as-parameter-for-callee 
C++: Abstractions for treating qualifiers as parameters in IR
 2020-11-24 12:58:27 +01:00
CodeQL CI
2277242196 Merge pull request #4692 from yoff/python-psycopg 
Approved by RasmusWL
 2020-11-24 10:59:04 +00:00
Mathias Vorreiter Pedersen
9d21b226d2 Merge branch 'main' into qualifier-as-parameter-for-callee 2020-11-24 11:13:14 +01:00
Cornelius Riemenschneider
14a03e2f54 Merge pull request #4715 from MathiasVP/remove-failing-duplicate-tests 
C++: Remove duplication-tests
 2020-11-24 11:04:46 +01:00
Mathias Vorreiter Pedersen
08f8660b17 C++/C#: Add pragma[noinline] to hasIndex predicates. 2020-11-24 10:45:02 +01:00
Mathias Vorreiter Pedersen
8bd14c5af6 C++: Remove duplication-tests directory since we no longer detect duplication. 2020-11-24 10:10:31 +01:00
Erik Krogh Kristensen
f03429a4b8 change description for source root folder 2020-11-23 23:46:44 +01:00
CodeQL CI
9123f249ad Merge pull request #4705 from erik-krogh/bigString 
Approved by asgerf
 2020-11-23 22:40:42 +00:00
Erik Krogh Kristensen
33dab1717e treat nodes with type "Location" as a location source - but not if we can track it from an original node with type "Location" 2020-11-23 17:03:50 +01:00
Rasmus Lerchedahl Petersen
39c5e0d487 Python: update test expectations 2020-11-23 16:46:35 +01:00
Rasmus Lerchedahl Petersen
38bb06a207 Merge remote-tracking branch 'upstream/main' into python-dataflow-variable-capture 2020-11-23 16:40:20 +01:00
Anders Schack-Mulligen
2cf10a7658 Merge pull request #4427 from aschackmull/java/fastjson 
Java: Add support for FastJson in unsafe deserialization.
 2020-11-23 14:40:14 +01:00
Erik Krogh Kristensen
f7f9beeefd avoid reporting empty names in js/exposure-of-private-files 2020-11-23 14:24:42 +01:00
Erik Krogh Kristensen
02d5fbf46b remove superfluous space 2020-11-23 14:22:16 +01:00
Rasmus Wriedt Larsen
9156163563 Merge pull request #4703 from github/hmakholm/pr/duplicate-code-2 
Remove unit tests for duplicate-code detection, take II
 2020-11-23 13:52:24 +01:00
Erik Krogh Kristensen
234730419b restrict computation of ConcatenationRoot::getConstantStringParts to results that are less than 1 million chars long 2020-11-23 10:29:47 +01:00
Tamás Vajk
7d38b2dd17 Merge pull request #4623 from tamasvajk/feature/csharp9-type-param-nullability 
C#: Add type parameter ref/value type tests
 2020-11-23 09:58:56 +01:00
Rasmus Lerchedahl Petersen
777100f25c Python: rename file, package, and class 2020-11-23 09:17:40 +01:00
Mathias Vorreiter Pedersen
a7644db762 C++: Use the new names in IR dataflow. Turns out DataFlowCall had its own implementation of getArgument already (which didn't handle qualifiers). The predicate wasn't used anywhere, so I simply removed it, as a better predicate is now available on the base class of DataFlowCall. 2020-11-21 01:00:59 +01:00
Mathias Vorreiter Pedersen
61bbceb201 C++/C#: Sync identical files 2020-11-21 00:55:07 +01:00
Mathias Vorreiter Pedersen
f173dc71c0 C++: Use shorter names for new IR predicates. This should hopefully guide users to use these predicates by default. 2020-11-21 00:54:50 +01:00