hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19060 from Napalys/js/apollo-server

Browse Source 
JS: model `ApolloServer`
This commit is contained in:
Napalys Klicius
2025-03-21 10:00:31 +01:00
committed by GitHub
parent 803aacf9f0 57f6225140
commit 7bd1c4d2ae
4 changed files with 58 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/lib/change-notes/2025-03-20-apollo-server.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added support for the `ApolloServer` class from `@apollo/server` and similar packages. In particular, the incoming data in a GraphQL resolver is now seen as a source of untrusted user input.

15
javascript/ql/lib/ext/apollo-server.model.yml Normal file
View File

@@ -0,0 +1,15 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: sourceModel
data:
- ["@apollo/server", "Member[ApolloServer,ApolloServerBase].Argument[0].AnyMember.AnyMember.AnyMember.Parameter[1]", "remote"]
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ["@apollo/server", "@apollo/server/standalone", ""]
- ["@apollo/server", "apollo-server-express", ""]
- ["@apollo/server", "apollo-server-core", ""]
- ["@apollo/server", "apollo-server", ""]