hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 08:06:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,777 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.4
Commit Graph

19777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Krogh Kristensen
34fd0d89f5 finding the minimum that is not an FP - instead of finding the minimum and then checking if it was an FP. And detecting more FPs by finding when a witness pass through the accept state 2020-11-08 23:24:27 +01:00
Erik Krogh Kristensen
ac514b1739 remove false positives where the analysis would wrongly conclude that the accept state could not be reached 2020-11-08 23:24:03 +01:00
Erik Krogh Kristensen
5f199e8b1a improve performance by removing bindingset[char] 2020-11-08 23:24:03 +01:00
Erik Krogh Kristensen
d038e9c658 small performance improvements 2020-11-08 23:24:03 +01:00
Erik Krogh Kristensen
a5e75f53ff add support for escape char classes inside char classes 2020-11-08 23:22:49 +01:00
Erik Krogh Kristensen
0063cb140c add support for \W, \S, \D 2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen
2dd8b6ffef support \f and \v in the \s class 2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen
68fe03060d support \d \s and \w in ReDoS.ql 2020-11-08 23:16:56 +01:00
Erik Krogh Kristensen
fa54ad1a5e refactor character class implementation in ReDoS.ql - preparing support for RegExpCharacterClassEscape 2020-11-08 23:16:55 +01:00
Erik Krogh Kristensen
a09ffd5cda expand getAOverlapBetweenCharacterClasses to support overlap between more char classes 2020-11-08 23:16:37 +01:00
Erik Krogh Kristensen
4ede04f4d1 improve performance by pruning based on shared root 2020-11-08 23:16:37 +01:00
Erik Krogh Kristensen
82252c0f1c detect redos between charclass and inverted charclass 2020-11-08 23:16:34 +01:00
Aditya Sharad
e75082a249 Merge pull request #4620 from github/codeql-docs-reorg-1 
[docs] Rename source files to match article titles
 2020-11-06 12:18:14 -08:00
Taus
a9149b7e47 Python: Update python/ql/src/semmle/python/dataflow/new/internal/DataFlowPrivate.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-11-06 17:15:58 +01:00
Taus Brock-Nannestad
5a9cc0861c Merge branch 'main' into python-add-source-nodes 2020-11-06 17:12:41 +01:00
Geoffrey White
62a8427d37 C++: Change note. 2020-11-06 15:55:31 +00:00
Geoffrey White
74a4f5887b C++: Remove implementation import from printf.qll. 2020-11-06 15:44:11 +00:00
Geoffrey White
e065466180 C++: Give Snprintf a proper interface. 2020-11-06 15:38:57 +00:00
luchua-bc
d568eb635f Update qldoc 2020-11-06 15:33:26 +00:00
Geoffrey White
0790fb6324 Update cpp/change-notes/2020-11-02-unused-local-variable.md 
Co-authored-by: Jonas Jensen <jbj@github.com>
 2020-11-06 14:42:48 +00:00
yoff
45317bcec9 Update python/ql/test/library-tests/PointsTo/new/code/w_function_values.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-11-06 15:03:20 +01:00
Rasmus Wriedt Larsen
9ebe59d393 Python: Move UnsafeDeserialization configuration to own file 2020-11-06 14:27:37 +01:00
luchua-bc
450ff26694 Convert the query to a library 2020-11-06 13:25:00 +00:00
Rasmus Wriedt Larsen
d38c48d2c8 Python: Move ReflectedXSS configuration to own file 2020-11-06 14:24:31 +01:00
Rasmus Wriedt Larsen
1897a0d59a Python: Move PathInjection configuration to own file 
This one required a bit more thought, but ended up pretty nicely. Had to write
some QLDoc, but I think it turned out OK.
 2020-11-06 14:21:23 +01:00
Rasmus Wriedt Larsen
0c6bd8401a Python: Move SqlInjection configuration to own file 2020-11-06 14:09:46 +01:00
Rasmus Wriedt Larsen
6299b73a46 Python: Move CommandInjection configuration to own file 2020-11-06 14:07:06 +01:00
Rasmus Wriedt Larsen
7c04c59456 Python: Move CodeInjection configuration to own file 
This makes it easy to extend the sources/sinks of the configuration and re-run
the query from the query console on LGTM.com.

File location in `semmle.<lang>.security.dataflow.<QueryName>.qll` is matching
what we currently do in other languages (JS and C# sampled).

I did not follow the pattern in other languages for wrapping all the code in a
`module CodeInjection`, since I didn't understand the value in doing so -- I
would like confirmation from the other teams if we _should_ actually do that,
before merging.
 2020-11-06 13:58:06 +01:00
Rasmus Lerchedahl Petersen
fe186bf854 Python: Add test 2020-11-06 13:30:11 +01:00
Alvaro Muñoz
9db340c9ca add some improvements to the bean validation query 2020-11-06 13:08:45 +01:00
Asger Feldthaus
acb30e73bc JS: More precise handling of default import fallback 2020-11-06 12:04:41 +00:00
Rasmus Lerchedahl Petersen
64b9e9150e Python: only show results in extracted files 2020-11-06 12:01:16 +01:00
Erik Krogh Kristensen
16473fc2a4 matching a inverted char class with a char 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
804aaf36f0 support inverted char class and dot 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
64d680e2d3 support that an inverted char class can intersect with itself 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
321cf09bd8 add redos support for the simplest possible inverted char class 2020-11-06 10:18:57 +01:00
Erik Krogh Kristensen
d04f3df1cd remove rendundant check 2020-11-06 10:18:57 +01:00
Asger Feldthaus
1e45bc75c4 JS: Add change note in new format 2020-11-06 09:14:03 +00:00
Asger Feldthaus
24714c41be JS: Update test output after rebase 2020-11-06 09:14:03 +00:00
Asger Feldthaus
9e25bbc4ed JS: Add support for moment-timezone as well 2020-11-06 09:13:52 +00:00
Asger Feldthaus
7bf21d80b2 JS: Shift line numbers in test file 2020-11-06 09:13:52 +00:00
Asger Feldthaus
9418c6c8fe JS: Add support for dateformat package 2020-11-06 09:13:52 +00:00
CodeQL CI
9f2eb84f2b Merge pull request #4624 from erik-krogh/concatFix 
Approved by asgerf
 2020-11-06 09:11:41 +00:00
Asger Feldthaus
39c8226fba JS: Autoformat 2020-11-06 09:06:20 +00:00
Asger Feldthaus
790526b529 JS: Some fixes and address review comments 2020-11-06 09:06:20 +00:00
Asger Feldthaus
8a3fba05e9 JS: Add steps through date-formatting functions 2020-11-06 09:06:18 +00:00
Anders Schack-Mulligen
cb77e460ae Merge pull request #4600 from porcupineyhairs/urirefactor 
Java : Refactor all instances of `java.net.URI` into TypeUri
 2020-11-06 09:35:09 +01:00
Asger Feldthaus
d07e69e529 JS: Improve handling of destructuring export declaration 2020-11-05 23:51:44 +00:00
CodeQL CI
a908e5938e Merge pull request #4574 from erik-krogh/jsdom 
Approved by asgerf
 2020-11-05 22:13:39 +00:00
Erik Krogh Kristensen
9137759d7c calculate the size of the concatenation before doing the actual concatenation in Expr.qll 2020-11-05 22:55:52 +01:00