hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

5020 Commits

Author SHA1 Message Date
Napalys Klicius
3d7c0201d9 Merge pull request #19231 from Napalys/js/typed_array 
JS: Taint propagation from low-level `ArrayBuffer` to `Strings`
 2025-04-11 11:29:01 +02:00
Napalys Klicius
d17d29a387 Merge pull request #19218 from Napalys/js/upgrade_websocket 
JS: Refactor `WebSocket` to use `API` graphs
 2025-04-11 10:05:54 +02:00
Napalys
678eccb417 Added searchParams.get as potential source for SSRF 2025-04-11 09:42:07 +02:00
Napalys
8674b61e5a Added SSRF test case with searchParams for NextRequest 2025-04-11 09:26:16 +02:00
Napalys
6e09a65da0 Added support for NextRequest middleware SSRF. 2025-04-11 08:43:36 +02:00
Napalys
734ad2d767 Removed legacy Consistency check as it is redundant now with inline test expectations. 2025-04-11 08:43:08 +02:00
Napalys
208487f236 Added middleware test 2025-04-11 08:39:47 +02:00
Asger F
719456e27d JS: Fix missing flow into rest pattern lvalue 2025-04-11 08:37:09 +02:00
Asger F
7703b1fab5 JS: Add test for missing getALocalSource flow for rest pattern 2025-04-11 08:37:07 +02:00
Napalys Klicius
43bf0beae9 Merge pull request #19263 from Napalys/js/make-dir-lib 
JS: Add support for `make-dir` package
 2025-04-10 15:09:43 +02:00
Napalys
86b64afa13 Added NextResponse to the ResponseCall class it models similar near idential behaviour. 2025-04-10 15:06:44 +02:00
Napalys
8acb0243ad Added test cases for NextResponse and Response 2025-04-10 14:57:40 +02:00
Napalys
63a3953b0c Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures. 2025-04-10 14:48:17 +02:00
Napalys
81cba7fa2f Added test cases with missing alerts for Request and NextRequest. 2025-04-10 14:43:48 +02:00
Asger F
eac14b9837 Merge pull request #19200 from asgerf/js/web-response 
JS: Add sinks for calls to 'new Response()'
 2025-04-10 14:41:32 +02:00
Napalys
171a84609e Applied copilot suggestion. 2025-04-10 14:13:48 +02:00
Napalys
ce2fc25cdb Added make-dir model as data 2025-04-09 14:42:29 +02:00
Napalys
674f40b35f Added test cases for make-dir package. 2025-04-09 14:41:12 +02:00
Napalys
0c52b5ad95 Added summary flow for StringFromCharCode 2025-04-09 14:24:43 +02:00
Napalys Klicius
f02783a9c6 Merge pull request #19210 from Napalys/js/mkdirp 
JS: Modeling of `mkdirp` functions
 2025-04-09 13:43:37 +02:00
Napalys
a3e4e62eac Removed taint from ArrayBuffer constructor as it accepts length 2025-04-09 13:27:13 +02:00
Napalys
b8802a29f4 Added open package model as data. 2025-04-08 08:12:30 +02:00
Napalys
df89739085 Added test cases for open package. 2025-04-08 08:10:10 +02:00
Napalys
b97c61864e Add flow summaries and entry points for TextDecoder 2025-04-07 18:15:19 +02:00
Napalys
f28478e876 Add test cases from TypedArrays to strings. 2025-04-07 18:13:52 +02:00
Napalys
f4277204b7 Add flow summaries and entry points for ArrayBuffer and SharedArrayBuffer 2025-04-07 18:12:35 +02:00
Napalys
0e099474c5 Added test cases for ArrayBuffer and SharedArrayBuffer 2025-04-07 18:07:54 +02:00
Napalys
ff07ec8d8c Add flow summaries for TypedArray methods set and subarray 2025-04-07 18:06:40 +02:00
Napalys
d689a55229 Added test cases for TypedArray methods 2025-04-07 15:15:29 +02:00
Napalys
e23ff9cf3e Add TypedArrays flow summaries for Uint8Array and buffer property 2025-04-07 15:15:24 +02:00
Napalys
93882263f9 Added test case for Uint8Array and TypedArray.prototype.buffer 2025-04-07 12:46:19 +02:00
Napalys
6fb5376c5f Refactor ReceivedItemAsRemoteFlow to handle data from both client and server WebSocket sources 2025-04-07 11:44:40 +02:00
Napalys
6bcfd8c91d Updated getAServer with API graphs. 2025-04-04 12:31:29 +02:00
Napalys
c5860e92ec Updated WebSocketReceiveNode to match bind functions. 2025-04-04 12:28:53 +02:00
Napalys
4b7a9cd399 Added test case with bind. 2025-04-04 12:26:58 +02:00
Napalys
49194b0340 Updated WebSocketReceiveNode with API graphs. 2025-04-04 12:26:52 +02:00
Napalys
0dbf951291 Updated ClientSocket and SendNode with API graphs. 2025-04-04 09:14:54 +02:00
Napalys
455ce59583 Added test cases with export of an instance. 2025-04-04 08:59:19 +02:00
Napalys
e16a20e69f Updated SocketClass to use API Graphs. 2025-04-04 08:47:27 +02:00
Napalys
c7fad09664 Added test cases with custom exports/imports. 2025-04-04 08:33:26 +02:00
Napalys
a572ac60d2 Added inline test expectations for WebSocket 2025-04-04 08:22:48 +02:00
Asger F
14c5495b4c JS: Use in SensitiveActions test as an example 2025-04-03 13:24:18 +02:00
Asger F
6c33013788 JS: Enable association with headers without needing a route handler 
Previously it was not possible to associate a ResponseSendArgument with its header definitions if they did not have the same route handler.

But for calls like `new Response(body, { headers })` the headers are fairly obvious whereas the route handler is unnecessarily hard to find. So we use the direct and obvious association between 'body' and 'headers' in the call.
 2025-04-03 11:08:10 +02:00
Asger F
db2720ea5b JS: Initial model of Response 2025-04-03 11:08:05 +02:00
Napalys
3fa24d6026 Add sink model for mkdirp and update tests for path injection alerts. 2025-04-03 10:45:14 +02:00
Napalys
533f1a93e2 JS: Added test cases for mkdirp. 2025-04-03 10:45:12 +02:00
Napalys Klicius
5c42c0ba4c Merge pull request #19196 from Napalys/js/rimraf 
JS: Modeling of `rimraf` functions
 2025-04-03 09:51:52 +02:00
Asger F
6c3bc941c5 Merge branch 'main' into js/name-resolution-independent-fixes 2025-04-02 14:15:44 +02:00
Asger F
30a9cd7c8a JS: Include document as a DOM value 2025-04-02 14:09:52 +02:00
Asger F
9ebaac82cf JS: Add tests for Response object sink 2025-04-02 13:47:18 +02:00