hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,276 Commits 1,671 Branches 157 Tags
adityasharad/context-experiments
Commit Graph

11276 Commits

Author SHA1 Message Date
Napalys
4b7a9cd399 Added test case with bind. 2025-04-04 12:26:58 +02:00
Napalys
49194b0340 Updated WebSocketReceiveNode with API graphs. 2025-04-04 12:26:52 +02:00
Napalys
0dbf951291 Updated ClientSocket and SendNode with API graphs. 2025-04-04 09:14:54 +02:00
Napalys
455ce59583 Added test cases with export of an instance. 2025-04-04 08:59:19 +02:00
Napalys
e16a20e69f Updated SocketClass to use API Graphs. 2025-04-04 08:47:27 +02:00
Napalys
c7fad09664 Added test cases with custom exports/imports. 2025-04-04 08:33:26 +02:00
Napalys
a572ac60d2 Added inline test expectations for WebSocket 2025-04-04 08:22:48 +02:00
Asger F
14c5495b4c JS: Use in SensitiveActions test as an example 2025-04-03 13:24:18 +02:00
Asger F
6c33013788 JS: Enable association with headers without needing a route handler 
Previously it was not possible to associate a ResponseSendArgument with its header definitions if they did not have the same route handler.

But for calls like `new Response(body, { headers })` the headers are fairly obvious whereas the route handler is unnecessarily hard to find. So we use the direct and obvious association between 'body' and 'headers' in the call.
 2025-04-03 11:08:10 +02:00
Asger F
db2720ea5b JS: Initial model of Response 2025-04-03 11:08:05 +02:00
Napalys
0e7bff0f81 Added change note. 2025-04-03 10:45:17 +02:00
Napalys
04a39eb735 Removed old mkdirp modeling and replaced it with MaD. 2025-04-03 10:45:16 +02:00
Napalys
3fa24d6026 Add sink model for mkdirp and update tests for path injection alerts. 2025-04-03 10:45:14 +02:00
Napalys
533f1a93e2 JS: Added test cases for mkdirp. 2025-04-03 10:45:12 +02:00
Napalys Klicius
5c42c0ba4c Merge pull request #19196 from Napalys/js/rimraf 
JS: Modeling of `rimraf` functions
 2025-04-03 09:51:52 +02:00
Asger F
bb15f30ef6 Merge pull request #19192 from asgerf/js/name-resolution-independent-fixes 
JS: Some preliminary fixes from name resolution branch
 2025-04-03 09:36:02 +02:00
Jon Janego
d8ef4fc25d Update javascript/ql/src/Expressions/ExprHasNoEffect.ql 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-04-02 10:22:27 -05:00
Asger F
6c3bc941c5 Merge branch 'main' into js/name-resolution-independent-fixes 2025-04-02 14:15:44 +02:00
Asger F
2c40359143 JS: Change note 2025-04-02 14:12:07 +02:00
Asger F
30a9cd7c8a JS: Include document as a DOM value 2025-04-02 14:09:52 +02:00
Asger F
9ebaac82cf JS: Add tests for Response object sink 2025-04-02 13:47:18 +02:00
Napalys
390d9ffe66 Added change note 2025-04-02 12:50:53 +02:00
Napalys
b16b407f89 Add rimraf model and update tests for path injection vulnerabilities 2025-04-02 12:49:48 +02:00
Napalys
14999c19da Added test cases for rimraf library. 2025-04-02 12:46:48 +02:00
Asger F
78b25388ca JS: Protect against bad join in BadRandomness 
This code resulted in bad join orders in response to certain library
changes. The actual library changes have to be split into smaller pieces
but I'd like to ensure I don't run into the bad join again.
 2025-04-02 10:14:07 +02:00
Asger F
46f88e7ce7 JS: Updates to DOM model 2025-04-02 10:14:03 +02:00
Asger F
48db2b9315 JS: Add test 2025-04-02 10:12:36 +02:00
Jon Janego
74587f0d64 Update ExprHasNoEffect.ql 
adding quality tags per metadata styleguide
 2025-04-01 18:47:52 -05:00
Asger F
887942e3e9 Merge pull request #19108 from asgerf/js/api-graph-spread-rest 
JS: Handle spread/rest in API graphs
 2025-04-01 17:48:36 +02:00
Asger F
4746cfddf2 JS: Add clarifying comment 2025-04-01 16:26:07 +02:00
Asger F
e1784bb10c JS: Fix handling of spread args on a bound function 2025-04-01 16:20:57 +02:00
github-actions[bot]
10205cb990 Post-release preparation for codeql-cli-2.21.0 2025-04-01 11:30:43 +00:00
github-actions[bot]
84f6564cc0 Release preparation for version 2.21.0 2025-03-31 17:35:15 +00:00
Arthur Baars
cd9ccef8b2 Javascript, add missing * to changenote 2025-03-31 18:45:01 +02:00
Asger F
149ec20758 JS: Add comment about internal edge 2025-03-31 15:39:09 +02:00
Asger F
f64bdccd6d Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-03-31 15:30:59 +02:00
Napalys Klicius
4572376e9a Merge pull request #19143 from Napalys/js/fs-extra-missing 
JS: Modeling of `fs-extra` functions
 2025-03-31 10:35:45 +02:00
Napalys Klicius
de8a3289e2 Merge pull request #19118 from Napalys/js/hana_db_client 
JS: support `hana` db client
 2025-03-31 10:35:11 +02:00
Asger F
ee867e99c7 Merge pull request #19117 from lcartey/lcartey/support-sap-json-formats 
JavaScript: Add support for indexing additional SAP related JSON files
 2025-03-31 10:30:11 +02:00
Napalys
32d6ac8da7 Add test case to ensure exec calls without middleware injection into Express are not flagged. 2025-03-30 14:09:15 +02:00
Napalys
45c8ec96df Added test cases for hana db additional sources. 2025-03-28 15:02:03 +01:00
Napalys
d0e2aa8192 Added sources from hana db as MaD. 2025-03-28 14:55:17 +01:00
Napalys
f3af23e855 Refactored hana's DB client to use GuardedRouteHandler, improving precision. 2025-03-28 13:58:37 +01:00
Napalys Klicius
f7264d82d4 Merge branch 'main' into js/hana_db_client 2025-03-28 13:21:15 +01:00
Napalys
75b4d1b771 Applied copilot suggestions. 2025-03-28 13:19:11 +01:00
Napalys
769fe75d82 Added change note. 2025-03-28 13:07:24 +01:00
Napalys
495af56ab5 Added NodeJSFileSystemVectorWrite class for vectored write. 2025-03-28 13:07:23 +01:00
Napalys
e0c6cbb1b7 Added test cases for writev and writevSync. 2025-03-28 13:07:21 +01:00
Napalys
e63e170ac2 Added support for readv and readvSync functions in NodeJSFileSystemAccessRead class . 2025-03-28 13:07:20 +01:00
Napalys
6e7214747c Added test cases for readv and readvSync 2025-03-28 13:07:14 +01:00