16 Commits

Author	SHA1	Message	Date
Chris Smowton	f552a15aae	Mass-rename MethodAccess -> MethodCall	2023-10-24 10:30:26 +01:00
erik-krogh	45c39e6072	limit field flow when tracking regex strings in Java	2023-08-08 09:01:23 +02:00
Ed Minnix	b4130e650d	Refactor RegexFlowConfigs.qll	2023-03-29 22:33:08 -04:00
Michael Nebel	b3a3b676ba	Java: Remove manual models from QL code.	2022-11-28 12:30:34 +01:00
Joe Farebrother	b854a2185e	Fix use of sinkModel	2022-05-04 15:41:41 +01:00
Joe Farebrother	b08f22c24d	Remove unnecassary import	2022-05-04 15:41:41 +01:00
Joe Farebrother	eec57d4f25	Simplify dataflow logic by using only one configuration, and expessing more sinks with models-as-data	2022-05-04 15:41:41 +01:00
Joe Farebrother	e5ca924240	Allow quantifiers invoving {}; add comments	2022-05-04 15:41:40 +01:00
Chris Smowton	0d13864bc8	Restrict polynomial ReDoS' strings-parsed-as-regexes search to those that could possibly be interesting ... In practice for polynomial ReDoS this means those regexes containing at least one potentially-infinite quantifier (* or +).	2022-05-04 15:41:39 +01:00
Joe Farebrother	375ded4ede	Move check to exlude test cases so that it also covers exponential redos	2022-05-04 15:41:39 +01:00
Joe Farebrother	04edc10f1e	Exclude regexes from test code	2022-05-04 15:41:38 +01:00
Joe Farebrother	5555985ad6	Distingush between whether or not a regex is matched against a full string ... Also some fixes and additional tests	2022-05-04 15:41:38 +01:00
Joe Farebrother	3ce0c2c23b	Add more regex use functions in String	2022-05-04 15:41:36 +01:00
Joe Farebrother	e23162d91b	Add test cases for PolynomialRedos dataflow logic; make fixes	2022-05-04 15:41:35 +01:00
Joe Farebrother	5b61de67de	Implement style/doc suggestions from code review	2022-05-04 15:41:33 +01:00
Joe Farebrother	59945cd8b3	Add dataflow logic to PolynomialRedDoS	2022-05-04 15:41:30 +01:00