11808 Commits

Author	SHA1	Message	Date
Asger F	6e64a22579	Merge pull request #19393 from asgerf/js/json-extractor-trailing-commas2 ... JS: Tolerate trailing commas in JSON objects	2025-04-29 09:40:38 +02:00
Nick Rolfe	50f7ee1158	Merge pull request #19401 from github/post-release-prep/codeql-cli-2.21.2 ... Post-release preparation for codeql-cli-2.21.2	2025-04-28 16:16:21 +01:00
github-actions[bot]	2e0699ab2b	Post-release preparation for codeql-cli-2.21.2	2025-04-28 14:03:28 +00:00
Napalys Klicius	ee3a3bd9f5	Add support for prototype methods in class instance member resolution	2025-04-28 15:17:26 +02:00
Napalys Klicius	4705d30bac	Add call graph tests for prototype methods injected on class	2025-04-28 15:12:24 +02:00
Napalys Klicius	c57172121e	Update Nodes.qll ... Applied suggestions Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>	2025-04-28 14:58:51 +02:00
Napalys Klicius	8b53f8f2a6	Fix, prevent addHook return values from being treated as XSS sinks	2025-04-28 14:22:51 +02:00
Napalys Klicius	73309fb9dd	Updated modeling of aws-sdk with MaD	2025-04-28 14:00:12 +02:00
Napalys Klicius	654177daa7	Fixed naming acronyms to be PascalCase	2025-04-28 14:00:12 +02:00
Napalys Klicius	f7f9fb823a	Updated takesConfigurationObject with API graphs	2025-04-28 14:00:12 +02:00
Napalys Klicius	42d5b80e81	Added support for AWS.Credentials hardcoded credentials	2025-04-28 14:00:12 +02:00
Napalys Klicius	f69037c176	Added ability to detect direct write to global AWS.config	2025-04-28 14:00:12 +02:00
Napalys Klicius	05e4677fd1	Added ability to detect new AWS.ServiceName cases with hardcoded credentials	2025-04-28 14:00:12 +02:00
Napalys Klicius	e6450a17ec	Added test cases for individual AWS services, direct modification of global credentials and AWS.Credentials	2025-04-28 14:00:12 +02:00
github-actions[bot]	625354c46e	Release preparation for version 2.21.2	2025-04-28 10:55:22 +00:00
Asger F	152d6f3c29	JS: Tolerate trailing comma in JSON objects	2025-04-28 10:56:48 +02:00
Asger F	6dd8114f00	JS: Add test with trailing comma in JSON object	2025-04-28 10:56:34 +02:00
Tamas Vajk	a4a24470c8	Add query suite inclusion tests for actions, csharp, go, javascript, ruby, rust	2025-04-25 14:06:17 +02:00
Napalys Klicius	6a284eeecb	Merged ES6Class into FunctionStyleClass	2025-04-24 09:12:20 +02:00
Michael Nebel	2e0ce44fde	Javascript: Update test files.	2025-04-23 15:41:41 +02:00
Napalys	fdfdcc0d93	Undo unnecessary name tracking for request, response objects	2025-04-22 14:16:45 +02:00
Asger F	00661b62dc	JS: Add isMiddlewareSetup() hook to Routing model	2025-04-22 12:00:02 +02:00
Asger F	c2cab184ac	Merge pull request #19283 from asgerf/js/rest-pattern-fix ... JS: Fix missing flow into rest pattern lvalue	2025-04-22 10:37:36 +02:00
github-actions[bot]	d78736b1bf	Post-release preparation for codeql-cli-2.21.1	2025-04-15 16:33:15 +00:00
Napalys	5c3556da66	Add user-controlled property tracking and update code injection alerts in Fastify hooks	2025-04-15 09:41:52 +02:00
Napalys	9b194ea613	Added addHook to RouteSetup thus now it is recognized now as rouute handler	2025-04-15 09:37:13 +02:00
Napalys	c175081698	Added test cases for fastify.addHook	2025-04-15 09:33:41 +02:00
Napalys	f1a3293f4c	Added change note	2025-04-15 09:27:51 +02:00
github-actions[bot]	b961c5961d	Release preparation for version 2.21.1	2025-04-14 09:53:06 +00:00
Napalys Klicius	86313715a4	Merge pull request #19184 from Napalys/js/request_handlers ... JS: Support for `Request` and `NextRequest`	2025-04-14 08:07:24 +02:00
Asger F	6c01709048	JS: Update more test output	2025-04-11 15:15:22 +02:00
Napalys Klicius	3d7c0201d9	Merge pull request #19231 from Napalys/js/typed_array ... JS: Taint propagation from low-level `ArrayBuffer` to `Strings`	2025-04-11 11:29:01 +02:00
Napalys	11abbf8c4a	Now nextUrl is of type parameter and loosen the restriction for NextAppRouteHandler	2025-04-11 11:19:12 +02:00
Napalys Klicius	92e4f112c0	Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll ... Co-authored-by: Asger F <asgerf@github.com>	2025-04-11 11:08:40 +02:00
Napalys Klicius	d0dcf897cb	Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll ... Co-authored-by: Asger F <asgerf@github.com>	2025-04-11 11:04:08 +02:00
Napalys Klicius	d17d29a387	Merge pull request #19218 from Napalys/js/upgrade_websocket ... JS: Refactor `WebSocket` to use `API` graphs	2025-04-11 10:05:54 +02:00
Napalys	e3f1720f9c	RenamedDecodeLike to Decode and updated propagatesFlow	2025-04-11 10:04:09 +02:00
Napalys	2c4b3527b4	Added change note	2025-04-11 09:42:12 +02:00
Napalys	678eccb417	Added searchParams.get as potential source for SSRF	2025-04-11 09:42:07 +02:00
Napalys	8674b61e5a	Added SSRF test case with searchParams for NextRequest	2025-04-11 09:26:16 +02:00
Napalys	6e09a65da0	Added support for NextRequest middleware SSRF.	2025-04-11 08:43:36 +02:00
Napalys	734ad2d767	Removed legacy Consistency check as it is redundant now with inline test expectations.	2025-04-11 08:43:08 +02:00
Napalys	208487f236	Added middleware test	2025-04-11 08:39:47 +02:00
Asger F	719456e27d	JS: Fix missing flow into rest pattern lvalue	2025-04-11 08:37:09 +02:00
Asger F	7703b1fab5	JS: Add test for missing getALocalSource flow for rest pattern	2025-04-11 08:37:07 +02:00
Napalys Klicius	43bf0beae9	Merge pull request #19263 from Napalys/js/make-dir-lib ... JS: Add support for `make-dir` package	2025-04-10 15:09:43 +02:00
Napalys	86b64afa13	Added NextResponse to the ResponseCall class it models similar near idential behaviour.	2025-04-10 15:06:44 +02:00
Napalys	8acb0243ad	Added test cases for NextResponse and Response	2025-04-10 14:57:40 +02:00
Napalys	63a3953b0c	Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures.	2025-04-10 14:48:17 +02:00
Napalys	81cba7fa2f	Added test cases with missing alerts for Request and NextRequest.	2025-04-10 14:43:48 +02:00