1976 Commits

Author	SHA1	Message	Date
Napalys Klicius	3d9e2f5438	Merge pull request #19858 from Napalys/js/execa ... JS: moved `execa` out of experimental	2025-06-25 10:34:52 +02:00
Asger F	d39b68cd41	Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries ... JS: Remove legacy actions queries	2025-06-25 09:18:33 +02:00
Asger F	853fc1a7cf	Merge pull request #19852 from asgerf/js/react-use-server ... JS: Model React 'use' and 'use server'	2025-06-25 09:13:56 +02:00
Napalys Klicius	0902ca0605	JS: address copilot suggestions	2025-06-24 11:37:07 +02:00
Napalys Klicius	d05de1ba4e	JS: moved execa test cases outside experimental	2025-06-24 09:08:13 +02:00
Napalys Klicius	ef51ab172f	JS: exclude sinon module from regexp match calls	2025-06-23 20:25:17 +02:00
Napalys Klicius	584b4f51aa	JS: add false positive test cases for hostname regex detection	2025-06-23 20:25:10 +02:00
Asger F	61887beae0	JS: Add test case for false positive	2025-06-23 16:03:41 +02:00
Asger F	76b7228160	JS: Remove js/actions/command-injection ... Superseded by actions/command-injection/{medium,critical}	2025-06-23 14:41:26 +02:00
Asger F	9dcb61e771	JS: Remove js/actions/actions-artifact-leak ... Superseded by actions/secrets-in-artifacts	2025-06-23 14:39:28 +02:00
Napalys Klicius	3fbe348f99	Merge pull request #19784 from Napalys/js/express_middleware ... JS: Improve Express middleware taint tracking	2025-06-20 15:36:26 +02:00
Napalys Klicius	f80651e78a	Merge pull request #19750 from Napalys/js/remove_encodeURI ... JS: remove `encodeURI` from sanitizer list of request forgery	2025-06-19 14:12:52 +02:00
Napalys Klicius	060b98d36c	JS: enchance middleware taint tracking via local source	2025-06-17 08:30:19 +02:00
Napalys Klicius	da21a064ac	JS: add _parsedUrl as remote input source	2025-06-16 16:28:30 +02:00
Napalys Klicius	67aac7abfa	JS: add test cases for middleware property assignment tracking	2025-06-16 16:26:08 +02:00
Napalys Klicius	bdbc49c63f	JS: Removed encodeURI from request forgery sanitizer list	2025-06-16 13:08:11 +02:00
Napalys Klicius	deb715a517	JS: Add test case with encodeURI for request forgery	2025-06-16 10:49:29 +02:00
Napalys Klicius	5a107ec33b	JS: track taint through serialize-javascript calls with object arguments	2025-06-16 10:38:20 +02:00
Napalys Klicius	a96ea182c7	JS: add test cases for serialize-javascript with tainted object properties	2025-06-16 09:30:52 +02:00
Asger F	423ffc78db	Merge pull request #19078 from asgerf/js/name-resolution ... JS: QL-side type/name resolution for TypeScript and JSDoc	2025-06-11 14:17:11 +02:00
Napalys Klicius	b9b62fa1c1	JS: Add URL from url package constructor taint step for request forgery detection	2025-05-30 18:32:02 +02:00
Napalys Klicius	19cc3e335f	JS: Add test case for RequestForgery with url wrapped via package URL	2025-05-30 18:26:47 +02:00
Asger F	9bcc62002d	JS: Fix regression from global declare vars	2025-05-20 13:20:35 +02:00
Asger F	27979c6a2f	JS: Add regression tests for declared globals	2025-05-20 13:20:34 +02:00
Asger F	57811edc44	JS: Some test updates	2025-05-20 13:20:16 +02:00
Asger F	aea676df3c	Merge pull request #19445 from asgerf/js/summaries-with-fallback ... JS: Generate flow summaries from summaryModels; only generate steps as a fallback	2025-05-13 14:49:38 +02:00
Napalys Klicius	d1e769ba54	Merge pull request #19422 from Napalys/js/shelljs ... JS: Modeling of `ShellJS` functions	2025-05-02 14:18:44 +02:00
Asger F	16fc8c3d9e	JS: Benign test updates	2025-05-02 11:09:19 +02:00
Napalys Klicius	d4b5ef6a66	Refactor process.env handling in CleartextLogging and IndirectCommandInjection modules to use ThreatModelSource	2025-05-01 11:14:15 +02:00
Napalys Klicius	33d8ffa83e	Added test cases for shelljs.env	2025-05-01 11:11:29 +02:00
Napalys Klicius	71f1b82a56	Added support for fastify.all	2025-04-30 14:54:09 +02:00
Napalys Klicius	6d61766366	Added test case for fastify.all	2025-04-30 14:50:35 +02:00
Napalys Klicius	6de38b1827	Merge pull request #19300 from Napalys/js/fastify ... JS: Added support for `fastify.addHook`	2025-04-29 18:32:25 +02:00
Napalys Klicius	73309fb9dd	Updated modeling of aws-sdk with MaD	2025-04-28 14:00:12 +02:00
Napalys Klicius	42d5b80e81	Added support for AWS.Credentials hardcoded credentials	2025-04-28 14:00:12 +02:00
Napalys Klicius	f69037c176	Added ability to detect direct write to global AWS.config	2025-04-28 14:00:12 +02:00
Napalys Klicius	05e4677fd1	Added ability to detect new AWS.ServiceName cases with hardcoded credentials	2025-04-28 14:00:12 +02:00
Napalys Klicius	e6450a17ec	Added test cases for individual AWS services, direct modification of global credentials and AWS.Credentials	2025-04-28 14:00:12 +02:00
Michael Nebel	2e0ce44fde	Javascript: Update test files.	2025-04-23 15:41:41 +02:00
Napalys	fdfdcc0d93	Undo unnecessary name tracking for request, response objects	2025-04-22 14:16:45 +02:00
Asger F	00661b62dc	JS: Add isMiddlewareSetup() hook to Routing model	2025-04-22 12:00:02 +02:00
Napalys	5c3556da66	Add user-controlled property tracking and update code injection alerts in Fastify hooks	2025-04-15 09:41:52 +02:00
Napalys	9b194ea613	Added addHook to RouteSetup thus now it is recognized now as rouute handler	2025-04-15 09:37:13 +02:00
Napalys	c175081698	Added test cases for fastify.addHook	2025-04-15 09:33:41 +02:00
Napalys Klicius	86313715a4	Merge pull request #19184 from Napalys/js/request_handlers ... JS: Support for `Request` and `NextRequest`	2025-04-14 08:07:24 +02:00
Napalys Klicius	3d7c0201d9	Merge pull request #19231 from Napalys/js/typed_array ... JS: Taint propagation from low-level `ArrayBuffer` to `Strings`	2025-04-11 11:29:01 +02:00
Napalys	678eccb417	Added searchParams.get as potential source for SSRF	2025-04-11 09:42:07 +02:00
Napalys	8674b61e5a	Added SSRF test case with searchParams for NextRequest	2025-04-11 09:26:16 +02:00
Napalys	6e09a65da0	Added support for NextRequest middleware SSRF.	2025-04-11 08:43:36 +02:00
Napalys	734ad2d767	Removed legacy Consistency check as it is redundant now with inline test expectations.	2025-04-11 08:43:08 +02:00