Asger F
d724874969
JS: Implement babel-plugin-root-import as a PathMapping
2025-04-29 13:23:40 +02:00
Asger F
e4420f63fb
JS: Move babel-root-import test
...
This moves the test for the babel `root-import` plugin into the new
unit test for import resolution, so we only have one set of tests to
maintain.
The actual implementation is added in the next commit.
2025-04-29 13:23:38 +02:00
Asger F
6725cb5b8c
JS: Implement import resolution
2025-04-29 13:23:37 +02:00
Asger F
ed4864edf7
JS: Add two more helpers to FilePath class
2025-04-29 13:07:21 +02:00
Asger F
f542956f66
JS: Add internal extension of PackageJson class
2025-04-29 13:07:19 +02:00
Asger F
bb91df8145
JS: Add helper for doing path resolution with JS rules
2025-04-29 13:07:18 +02:00
Asger F
59e1cbcc7b
JS: Add tsconfig class
2025-04-29 13:07:16 +02:00
Asger F
ef32a036b1
JS: Extract from methods from PathString into a non-abstract base class
...
The new class 'FilePath' has bindingset[this] so one just has to cast a string to that type and you can use its methods.
2025-04-29 13:07:15 +02:00
Asger F
17aa5220a6
JS: Add some helpers
2025-04-29 13:07:14 +02:00
Asger F
565cb434fc
JS: Add test
2025-04-29 13:07:10 +02:00
Napalys Klicius
c8ee8dce98
Add test cases to verify correct call graph resolution with various JavaScript inheritance patterns
2025-04-29 13:04:07 +02:00
Asger F
8c0b0c4800
JS: Ensure json files are extracted properly in tests
2025-04-29 12:46:20 +02:00
Napalys Klicius
0a9a7911c2
Fixed issue where method calls weren't properly resolved when inheritance was implemented via prototype manipulation instead of ES6 class syntax.
2025-04-29 12:39:44 +02:00
Napalys Klicius
a015003bda
Updated test case to resolve reflected calls
2025-04-29 12:37:03 +02:00
Napalys Klicius
4fbf8ca5cf
Added test cases with inheritance
2025-04-29 12:36:30 +02:00
Asger F
ec9d15bb79
JS: Make shared Folder module visible
2025-04-29 09:42:25 +02:00
Nick Rolfe
50f7ee1158
Merge pull request #19401 from github/post-release-prep/codeql-cli-2.21.2
...
Post-release preparation for codeql-cli-2.21.2
2025-04-28 16:16:21 +01:00
github-actions[bot]
2e0699ab2b
Post-release preparation for codeql-cli-2.21.2
2025-04-28 14:03:28 +00:00
Napalys Klicius
ee3a3bd9f5
Add support for prototype methods in class instance member resolution
2025-04-28 15:17:26 +02:00
Napalys Klicius
4705d30bac
Add call graph tests for prototype methods injected on class
2025-04-28 15:12:24 +02:00
Napalys Klicius
c57172121e
Update Nodes.qll
...
Applied suggestions
Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com >
2025-04-28 14:58:51 +02:00
Napalys Klicius
8b53f8f2a6
Fix, prevent addHook return values from being treated as XSS sinks
2025-04-28 14:22:51 +02:00
Napalys Klicius
73309fb9dd
Updated modeling of aws-sdk with MaD
2025-04-28 14:00:12 +02:00
Napalys Klicius
654177daa7
Fixed naming acronyms to be PascalCase
2025-04-28 14:00:12 +02:00
Napalys Klicius
f7f9fb823a
Updated takesConfigurationObject with API graphs
2025-04-28 14:00:12 +02:00
Napalys Klicius
42d5b80e81
Added support for AWS.Credentials hardcoded credentials
2025-04-28 14:00:12 +02:00
Napalys Klicius
f69037c176
Added ability to detect direct write to global AWS.config
2025-04-28 14:00:12 +02:00
Napalys Klicius
05e4677fd1
Added ability to detect new AWS.ServiceName cases with hardcoded credentials
2025-04-28 14:00:12 +02:00
Napalys Klicius
e6450a17ec
Added test cases for individual AWS services, direct modification of global credentials and AWS.Credentials
2025-04-28 14:00:12 +02:00
github-actions[bot]
625354c46e
Release preparation for version 2.21.2
2025-04-28 10:55:22 +00:00
Tamas Vajk
a4a24470c8
Add query suite inclusion tests for actions, csharp, go, javascript, ruby, rust
2025-04-25 14:06:17 +02:00
Napalys Klicius
6a284eeecb
Merged ES6Class into FunctionStyleClass
2025-04-24 09:12:20 +02:00
Michael Nebel
2e0ce44fde
Javascript: Update test files.
2025-04-23 15:41:41 +02:00
Napalys
fdfdcc0d93
Undo unnecessary name tracking for request, response objects
2025-04-22 14:16:45 +02:00
Asger F
00661b62dc
JS: Add isMiddlewareSetup() hook to Routing model
2025-04-22 12:00:02 +02:00
Asger F
c2cab184ac
Merge pull request #19283 from asgerf/js/rest-pattern-fix
...
JS: Fix missing flow into rest pattern lvalue
2025-04-22 10:37:36 +02:00
github-actions[bot]
d78736b1bf
Post-release preparation for codeql-cli-2.21.1
2025-04-15 16:33:15 +00:00
Napalys
5c3556da66
Add user-controlled property tracking and update code injection alerts in Fastify hooks
2025-04-15 09:41:52 +02:00
Napalys
9b194ea613
Added addHook to RouteSetup thus now it is recognized now as rouute handler
2025-04-15 09:37:13 +02:00
Napalys
c175081698
Added test cases for fastify.addHook
2025-04-15 09:33:41 +02:00
Napalys
f1a3293f4c
Added change note
2025-04-15 09:27:51 +02:00
github-actions[bot]
b961c5961d
Release preparation for version 2.21.1
2025-04-14 09:53:06 +00:00
Napalys Klicius
86313715a4
Merge pull request #19184 from Napalys/js/request_handlers
...
JS: Support for `Request` and `NextRequest`
2025-04-14 08:07:24 +02:00
Asger F
6c01709048
JS: Update more test output
2025-04-11 15:15:22 +02:00
Napalys Klicius
3d7c0201d9
Merge pull request #19231 from Napalys/js/typed_array
...
JS: Taint propagation from low-level `ArrayBuffer` to `Strings`
2025-04-11 11:29:01 +02:00
Napalys
11abbf8c4a
Now nextUrl is of type parameter and loosen the restriction for NextAppRouteHandler
2025-04-11 11:19:12 +02:00
Napalys Klicius
92e4f112c0
Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll
...
Co-authored-by: Asger F <asgerf@github.com >
2025-04-11 11:08:40 +02:00
Napalys Klicius
d0dcf897cb
Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll
...
Co-authored-by: Asger F <asgerf@github.com >
2025-04-11 11:04:08 +02:00
Napalys Klicius
d17d29a387
Merge pull request #19218 from Napalys/js/upgrade_websocket
...
JS: Refactor `WebSocket` to use `API` graphs
2025-04-11 10:05:54 +02:00
Napalys
e3f1720f9c
RenamedDecodeLike to Decode and updated propagatesFlow
2025-04-11 10:04:09 +02:00
