Merge branch 'main' into new-atm-features-rebased

2026-05-04 21:25:44 +02:00 · 2022-09-23 09:55:29 +02:00
parent 81d02cc963 cee0e8e137
commit 1bb781ad94
2423 changed files with 121541 additions and 45343 deletions
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/CoreKnowledge.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/CoreKnowledge.qll
@@ -175,7 +175,7 @@ predicate isOtherModeledArgument(DataFlow::Node n, FilteringReason reason) {
  or
  n instanceof CryptographicKey and reason instanceof CryptographicKeyReason
  or
-  any(CryptographicOperation op).getInput().flow() = n and
+  any(CryptographicOperation op).getInput() = n and
  reason instanceof CryptographicOperationFlowReason
  or
  exists(DataFlow::CallNode call | n = call.getAnArgument() |
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll
@@ -42,10 +42,10 @@ module SinkEndpointFilter {
      result = "modeled database access"
      or
      // Remove calls to APIs that aren't relevant to NoSQL injection
-      call.getReceiver().asExpr() instanceof HTTP::RequestExpr and
+      call.getReceiver() instanceof Http::RequestNode and
      result = "receiver is a HTTP request expression"
      or
-      call.getReceiver().asExpr() instanceof HTTP::ResponseExpr and
+      call.getReceiver() instanceof Http::ResponseNode and
      result = "receiver is a HTTP response expression"
    )
    or
@@ -115,7 +115,7 @@ predicate isBaseAdditionalFlowStep(
  inlbl = TaintedObject::label() and
  outlbl = TaintedObject::label() and
  exists(NoSql::Query query, DataFlow::SourceNode queryObj |
-    queryObj.flowsToExpr(query) and
+    queryObj.flowsTo(query) and
    queryObj.flowsTo(trg) and
    src = queryObj.getAPropertyWrite().getRhs()
  )
--- a/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-experimental-atm-lib
-version: 0.3.3
+version: 0.3.4
 extractor: javascript
 library: true
 groups:
--- a/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml
+++ b/javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml
@@ -1,6 +1,6 @@
 name: codeql/javascript-experimental-atm-queries
 language: javascript
-version: 0.3.3
+version: 0.3.4
 suites: codeql-suites
 defaultSuiteFile: codeql-suites/javascript-atm-code-scanning.qls
 groups: