hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

2621 Commits

Author SHA1 Message Date
Napalys Klicius
f02783a9c6 Merge pull request #19210 from Napalys/js/mkdirp 
JS: Modeling of `mkdirp` functions
 2025-04-09 13:43:37 +02:00
Napalys
b8802a29f4 Added open package model as data. 2025-04-08 08:12:30 +02:00
Napalys
df89739085 Added test cases for open package. 2025-04-08 08:10:10 +02:00
Napalys
e23ff9cf3e Add TypedArrays flow summaries for Uint8Array and buffer property 2025-04-07 15:15:24 +02:00
Asger F
6c33013788 JS: Enable association with headers without needing a route handler 
Previously it was not possible to associate a ResponseSendArgument with its header definitions if they did not have the same route handler.

But for calls like `new Response(body, { headers })` the headers are fairly obvious whereas the route handler is unnecessarily hard to find. So we use the direct and obvious association between 'body' and 'headers' in the call.
 2025-04-03 11:08:10 +02:00
Asger F
db2720ea5b JS: Initial model of Response 2025-04-03 11:08:05 +02:00
Napalys
3fa24d6026 Add sink model for mkdirp and update tests for path injection alerts. 2025-04-03 10:45:14 +02:00
Napalys
533f1a93e2 JS: Added test cases for mkdirp. 2025-04-03 10:45:12 +02:00
Napalys Klicius
5c42c0ba4c Merge pull request #19196 from Napalys/js/rimraf 
JS: Modeling of `rimraf` functions
 2025-04-03 09:51:52 +02:00
Asger F
6c3bc941c5 Merge branch 'main' into js/name-resolution-independent-fixes 2025-04-02 14:15:44 +02:00
Asger F
9ebaac82cf JS: Add tests for Response object sink 2025-04-02 13:47:18 +02:00
Napalys
b16b407f89 Add rimraf model and update tests for path injection vulnerabilities 2025-04-02 12:49:48 +02:00
Napalys
14999c19da Added test cases for rimraf library. 2025-04-02 12:46:48 +02:00
Asger F
46f88e7ce7 JS: Updates to DOM model 2025-04-02 10:14:03 +02:00
Asger F
48db2b9315 JS: Add test 2025-04-02 10:12:36 +02:00
Asger F
887942e3e9 Merge pull request #19108 from asgerf/js/api-graph-spread-rest 
JS: Handle spread/rest in API graphs
 2025-04-01 17:48:36 +02:00
Napalys Klicius
4572376e9a Merge pull request #19143 from Napalys/js/fs-extra-missing 
JS: Modeling of `fs-extra` functions
 2025-03-31 10:35:45 +02:00
Napalys
32d6ac8da7 Add test case to ensure exec calls without middleware injection into Express are not flagged. 2025-03-30 14:09:15 +02:00
Napalys
45c8ec96df Added test cases for hana db additional sources. 2025-03-28 15:02:03 +01:00
Napalys Klicius
f7264d82d4 Merge branch 'main' into js/hana_db_client 2025-03-28 13:21:15 +01:00
Napalys
75b4d1b771 Applied copilot suggestions. 2025-03-28 13:19:11 +01:00
Napalys
495af56ab5 Added NodeJSFileSystemVectorWrite class for vectored write. 2025-03-28 13:07:23 +01:00
Napalys
e0c6cbb1b7 Added test cases for writev and writevSync. 2025-03-28 13:07:21 +01:00
Napalys
e63e170ac2 Added support for readv and readvSync functions in NodeJSFileSystemAccessRead class . 2025-03-28 13:07:20 +01:00
Napalys
6e7214747c Added test cases for readv and readvSync 2025-03-28 13:07:14 +01:00
Asger F
1ad471cb32 JS: Track through spread/rest params in API graphs 2025-03-28 09:14:36 +01:00
Napalys
e1bf054056 Added support for lutimes, opendir, and statfs functions from fs-extra. 2025-03-28 08:37:30 +01:00
Napalys
55c74b2bac Added support for emptydir functions from fs-extra. 2025-03-28 08:37:28 +01:00
Napalys
e386448f60 Added support for missing rm functions from fs-extra 2025-03-28 08:37:22 +01:00
Napalys
7a08f32e16 Added support for cp functions from fs-extra. 2025-03-28 08:36:26 +01:00
Napalys
96a550582b Added test cases for fs-extra missing features. 2025-03-28 08:26:31 +01:00
Napalys Klicius
32369dab7d Merge pull request #19124 from Napalys/js/hapi_upgrade 
JS: Support for newer version of `Hapi` - `@hapi/hapi`
 2025-03-27 16:42:51 +01:00
Napalys Klicius
fdea22fbc3 Merge pull request #19129 from Napalys/js/readfile_async 
JS: Add support for `async` `readFile`
 2025-03-27 12:34:39 +01:00
Napalys
200bf391ce Enhance NodeJSLib data flow handling through await. 2025-03-26 14:24:52 +01:00
Napalys
762ca2f8f5 Added test case with async readFile, currently not flagged. 2025-03-26 14:21:44 +01:00
Napalys
ae645e49ba Added support for @hapi/hapi server. 2025-03-26 11:41:11 +01:00
Napalys
649b4e07e2 Added test cases for @hapi/hapi 2025-03-26 11:35:58 +01:00
Napalys
4cdc40d115 Added SQL injection detection for exec method embeded Express client from hdbext. 2025-03-25 18:39:54 +01:00
Napalys
7cc0634f57 Added createProcStatement as potential sql sink. 2025-03-25 14:50:38 +01:00
Napalys
0285cb6c7a Added @sap/hdbext.loadProccedure as sql sink. 2025-03-25 14:48:40 +01:00
Napalys
e595def8b0 Modeled execute as potential hana's sink. 2025-03-25 14:44:37 +01:00
Napalys
d28af9508a Added sink models for hana's client prepare function. 2025-03-25 14:42:27 +01:00
Napalys
9229962096 Add sink model for SQL injection detection in exec clients. 2025-03-25 14:36:13 +01:00
Napalys
032cfc134f Added test cases for hana clients. 2025-03-25 14:29:06 +01:00
Napalys Klicius
0689cf7f5e Update javascript/ql/lib/ext/axios.model.yml 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-25 10:56:01 +01:00
Napalys
1ee3fde214 Added support for axios.interceptors.response. 2025-03-25 10:55:34 +01:00
Napalys
20bb831ce9 Added test case for axios.interceptors.response with missing alert. 2025-03-25 10:55:14 +01:00
Napalys
10498bbaa4 Added support for axios.interceptors.request. 2025-03-25 10:54:56 +01:00
Napalys
ea181e4173 Added test case for axios.interceptors.request 2025-03-25 10:54:17 +01:00
Napalys
056bf4fde7 Added test case with inheretence. 2025-03-20 13:08:56 +01:00