5020 Commits

Author	SHA1	Message	Date
Asger F	10c9b747a5	Merge pull request #20586 from asgerf/js/api-graphs-block-this ... JS: Restrict receiver-flow in API graphs	2025-10-08 08:41:56 +02:00
Asger F	587ad5c600	JS: Refine criteria so that explicit this-passing is not affected	2025-10-06 11:43:18 +02:00
Asger F	4d33190241	JS: Restrict this-argument passing in API graphs	2025-10-06 11:42:36 +02:00
Asger F	84c788a027	JS: Add API graph test for explicit 'this' passing	2025-10-06 11:40:40 +02:00
Asger F	2e8091f0fb	Merge pull request #20419 from asgerf/js/express-json-send ... JS: Model Express json and jsonp methods	2025-09-24 09:25:32 +02:00
Napalys Klicius	6cfc950159	JS: Model GraphQLObjectType resolve params as sources	2025-09-19 14:39:36 +02:00
Napalys Klicius	d88bc8e408	JS: Add test case for GraphQLObjectType	2025-09-19 14:23:40 +02:00
Napalys Klicius	4f8166a661	Merge pull request #20450 from Napalys/js/graph-ql-ench ... JS: Improve graphql flow	2025-09-17 16:32:01 +02:00
Napalys Klicius	7affcf40c2	JS: Add variableValues to the previous summaryModel to enchance the flow.	2025-09-17 12:24:14 +02:00
Napalys Klicius	6c18b4de40	JS: Add test case for graph ql variableValues injection	2025-09-17 12:21:21 +02:00
Napalys Klicius	4282005e32	JS: Add summary model for graphql's rootValue	2025-09-17 11:48:44 +02:00
Napalys Klicius	a6d728a66d	JS: Add test case with missing alert using graphql	2025-09-17 11:23:49 +02:00
Napalys Klicius	ca667b5131	JS: fix test expectations from rebasing	2025-09-17 10:24:45 +02:00
Napalys Klicius	9ca4773227	Added modeling for CreatePreparedStatementCommand	2025-09-17 10:21:10 +02:00
Napalys Klicius	872b6d8bee	Added test case for CreatePreparedStatementCommand	2025-09-17 10:21:01 +02:00
Napalys Klicius	b89e70b5a0	Added test cases for aws sources	2025-09-17 10:20:52 +02:00
Napalys Klicius	5b31350e83	Added tests and modeling of database-access-result	2025-09-17 10:20:01 +02:00
Napalys Klicius	e5f02852e1	Added modeling of rds v2 and v3 for sql injections	2025-09-17 10:19:22 +02:00
Napalys Klicius	5b5c17100c	Added test cases for client-rds-data for sql injections	2025-09-17 10:19:10 +02:00
Napalys Klicius	0e6bac73a7	Added modeling of athena v2 and v3 for sql injections	2025-09-17 10:18:58 +02:00
Napalys Klicius	af97b0edc2	Added test cases for athena v2 and v3 for sql injections	2025-09-17 10:16:38 +02:00
Napalys Klicius	ee1af432fe	Added modeling of client-s3 v2 and v3	2025-09-17 10:16:25 +02:00
Napalys Klicius	5e6118ef3f	Added test cases for client-s v2 and v3 sql injection	2025-09-17 10:15:43 +02:00
Napalys Klicius	06ab918985	Added modeling for V2 of dynamoDB	2025-09-17 10:15:19 +02:00
Napalys Klicius	ae2e8b1292	Added modeling of dynamodb v3 for sql injections	2025-09-17 10:13:24 +02:00
Napalys Klicius	0a3343a07d	Added test cases for v2 and v3 sql injection of dynamodb	2025-09-17 10:11:31 +02:00
Asger F	7670a2bd77	Merge pull request #20375 from asgerf/js/promise-try ... JS: Support Promise.try and Array.prototype.with	2025-09-16 14:44:07 +02:00
Napalys Klicius	97a11de1e3	Merge pull request #20435 from Napalys/js/promisification_modeling ... JS: Promisification library modeling and enhance flow	2025-09-16 14:07:53 +02:00
Asger F	429c4eac96	JS: Add support for Array.prototype.with ... Note: This was authored by Copilot	2025-09-16 13:06:59 +02:00
Asger F	ee78b7dc96	JS: Add support for Promise.try	2025-09-16 13:06:57 +02:00
Asger F	45eff3dac8	Merge pull request #20399 from asgerf/js/default-interop2 ... JS: Refactor handling of ambiguous default imports	2025-09-16 13:02:22 +02:00
Asger F	78bfdfd931	Merge pull request #20390 from asgerf/post-update-consistency ... DataFlow: Permit local flow between post-update nodes	2025-09-16 13:00:29 +02:00
Asger F	65102a073a	Merge pull request #19770 from trailofbits/VF/async-package-improvements ... Improve data flow in the `async` package	2025-09-16 08:55:52 +02:00
Napalys Klicius	3a75500f54	JS: Add modeling for call-me-maybe	2025-09-15 17:15:31 +02:00
Napalys Klicius	0d23ab07db	JS: Add data flow modeling for promisified user-defined functions	2025-09-15 17:13:13 +02:00
Napalys Klicius	2c6db00cbc	JS: Add modeling for util promisify*	2025-09-15 17:09:28 +02:00
Napalys Klicius	e002f2088f	JS: Add modeling for es6-promisify	2025-09-15 17:04:34 +02:00
Napalys Klicius	35c75c00ba	JS: Add modeling for @gar/promisify	2025-09-15 16:58:11 +02:00
Napalys Klicius	312471e9db	JS: Add modeling for @google-cloud/promisify	2025-09-15 16:55:27 +02:00
Napalys Klicius	d37425ae3e	JS: Treat promisify(obj).member as obj.member	2025-09-15 16:51:19 +02:00
Napalys Klicius	d6a14e63ba	JS: Add test cases for promisification libraries.	2025-09-15 16:21:12 +02:00
Chris Smowton	4fb133a43d	Recognise that a less-than test is as good as a non-equal test for mitigating off-by-one array access	2025-09-12 14:32:07 +01:00
Asger F	132a8b8b53	JS: Model json and jsonp methods	2025-09-12 08:51:23 +02:00
Asger F	d729ab501b	JS: Add test that calls .json or .jsonp	2025-09-12 08:51:21 +02:00
Asger F	ae4cf302f2	Remove failures from dataflow-consistency expectations	2025-09-11 14:49:58 +02:00
Asger F	7a2391f848	JS: Deprecate Portals and delete tests ... This is a super old attempt at model generation, from before MaD even existed. It's obsolete and just have to be removed.	2025-09-11 11:05:36 +02:00
Asger F	d39263dcac	Merge pull request #20317 from asgerf/js/xunit ... JS: Avoid overriding Expr predicates in xUnit.qll	2025-09-10 13:41:21 +02:00
Asger F	d575d3c9e4	Merge pull request #20374 from asgerf/js/typescript-5.9 ... JS: Support TypeScript 5.9 and support 'import defer' syntax	2025-09-09 20:50:04 +02:00
Asger F	0752dbea9b	Merge pull request #20360 from asgerf/js/remove-angularjs-string-special-case ... JS: Remove special treatment of strings in AngularJS code	2025-09-08 22:48:23 +02:00
Napalys Klicius	8c34b7eaea	Merge pull request #20146 from Napalys/js/move-cors-query-from-experimental ... JS: Move cors-misconfiguration query from experimental to Security	2025-09-08 09:32:38 +02:00