hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,868 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.4
Commit Graph

5024 Commits

Author SHA1 Message Date
Asger F
f06b9a9b2b JS: Add call graph test with types 2025-05-20 13:20:19 +02:00
Asger F
57811edc44 JS: Some test updates 2025-05-20 13:20:16 +02:00
Asger F
4e44fdaa7b JS: Use hasUnderlyingStringOrAnyType in Nest model 2025-05-20 13:20:12 +02:00
Asger F
cca48c09b9 JS: Use in TypeAnnotation.getClass and hasUnderlyingType predicates 2025-05-20 13:20:06 +02:00
Asger F
1051136c07 JS: Add test 2025-05-20 13:19:58 +02:00
Asger F
1e8a49f311 JS: More efficient nested package naming 2025-05-19 12:53:18 +02:00
Napalys Klicius
f6a8909bfe Merge pull request #19356 from Napalys/js/merge_classes 
JS: Merge `ES6Class` to `FunctionStyleClass`
 2025-05-16 10:31:33 +02:00
Asger F
169ae19015 Merge pull request #19391 from asgerf/js/typescript-path-resolution 
JS: Overhaul import resolution
 2025-05-13 15:46:38 +02:00
Asger F
aea676df3c Merge pull request #19445 from asgerf/js/summaries-with-fallback 
JS: Generate flow summaries from summaryModels; only generate steps as a fallback
 2025-05-13 14:49:38 +02:00
Napalys Klicius
d1e769ba54 Merge pull request #19422 from Napalys/js/shelljs 
JS: Modeling of `ShellJS` functions
 2025-05-02 14:18:44 +02:00
Asger F
b8be1bcee8 JS: Avoid duplication with constructor body 2025-05-02 13:44:03 +02:00
Asger F
16fc8c3d9e JS: Benign test updates 2025-05-02 11:09:19 +02:00
Asger F
a44bdf3be2 JS: Generate summaries from summaryModel, and only generate steps as a fallback 2025-05-01 15:22:47 +02:00
Napalys Klicius
d4b5ef6a66 Refactor process.env handling in CleartextLogging and IndirectCommandInjection modules to use ThreatModelSource 2025-05-01 11:14:15 +02:00
Napalys Klicius
33d8ffa83e Added test cases for shelljs.env 2025-05-01 11:11:29 +02:00
Napalys Klicius
9bab59363c Fix class instance method detection in constructor receiver 2025-05-01 09:14:39 +02:00
Napalys Klicius
7430d0e5e0 Added failing test with method as field 2025-05-01 09:14:37 +02:00
Napalys Klicius
e9ee7134ef Refactor prototype reference retrieval in ClassNode and update expected test output 2025-04-30 18:51:39 +02:00
Napalys Klicius
71f1b82a56 Added support for fastify.all 2025-04-30 14:54:09 +02:00
Napalys Klicius
6d61766366 Added test case for fastify.all 2025-04-30 14:50:35 +02:00
Napalys Klicius
18cea2d6a5 Added support for shelljs.cmd and async-shelljs.asyncExec 2025-04-30 13:37:02 +02:00
Napalys Klicius
25d04f1cdd Added support for shelljs.which 2025-04-30 13:35:17 +02:00
Napalys Klicius
f6fae7ad60 Added test cases for cmd, which and asyncExec 2025-04-30 13:33:31 +02:00
Napalys Klicius
6de38b1827 Merge pull request #19300 from Napalys/js/fastify 
JS: Added support for `fastify.addHook`
 2025-04-29 18:32:25 +02:00
Asger F
b0f73f1cbd JS: Update test output now that we import .d.ts files more liberally 2025-04-29 16:06:39 +02:00
Asger F
70a5ec5607 JS: Add package.json files in tests relying on node_modules 
We don't extract node_modules folders by default so these tests aren't
that relevant anymore, and we no longer follow node_modules resolution
rules directly.

Instead, these imports are resolved based on the monorepo support which
simply requires a package.json file to exist. There is not a good enough
reason to support node_modules directly, so we're accepting some
minor regression in these tests.
 2025-04-29 16:06:38 +02:00
Asger F
be5de9c080 JS: Update test output 
path.resolve() and template expressions are now working.

Previously they could not be resolved because Import.getImportedPath() returned a PathExpr,
and these were not instances of PathExpr.
 2025-04-29 16:06:35 +02:00
Asger F
ed2a832a55 JS: Deprecate PathExpr and related classes 2025-04-29 13:23:47 +02:00
Asger F
d724874969 JS: Implement babel-plugin-root-import as a PathMapping 2025-04-29 13:23:40 +02:00
Asger F
e4420f63fb JS: Move babel-root-import test 
This moves the test for the babel `root-import` plugin into the new
unit test for import resolution, so we only have one set of tests to
maintain.

The actual implementation is added in the next commit.
 2025-04-29 13:23:38 +02:00
Asger F
6725cb5b8c JS: Implement import resolution 2025-04-29 13:23:37 +02:00
Asger F
565cb434fc JS: Add test 2025-04-29 13:07:10 +02:00
Napalys Klicius
c8ee8dce98 Add test cases to verify correct call graph resolution with various JavaScript inheritance patterns 2025-04-29 13:04:07 +02:00
Asger F
8c0b0c4800 JS: Ensure json files are extracted properly in tests 2025-04-29 12:46:20 +02:00
Napalys Klicius
0a9a7911c2 Fixed issue where method calls weren't properly resolved when inheritance was implemented via prototype manipulation instead of ES6 class syntax. 2025-04-29 12:39:44 +02:00
Napalys Klicius
a015003bda Updated test case to resolve reflected calls 2025-04-29 12:37:03 +02:00
Napalys Klicius
4fbf8ca5cf Added test cases with inheritance 2025-04-29 12:36:30 +02:00
Napalys Klicius
ee3a3bd9f5 Add support for prototype methods in class instance member resolution 2025-04-28 15:17:26 +02:00
Napalys Klicius
4705d30bac Add call graph tests for prototype methods injected on class 2025-04-28 15:12:24 +02:00
Napalys Klicius
c57172121e Update Nodes.qll 
Applied suggestions

Co-Authored-By: Asger F <316427+asgerf@users.noreply.github.com>
 2025-04-28 14:58:51 +02:00
Napalys Klicius
73309fb9dd Updated modeling of aws-sdk with MaD 2025-04-28 14:00:12 +02:00
Napalys Klicius
42d5b80e81 Added support for AWS.Credentials hardcoded credentials 2025-04-28 14:00:12 +02:00
Napalys Klicius
f69037c176 Added ability to detect direct write to global AWS.config 2025-04-28 14:00:12 +02:00
Napalys Klicius
05e4677fd1 Added ability to detect new AWS.ServiceName cases with hardcoded credentials 2025-04-28 14:00:12 +02:00
Napalys Klicius
e6450a17ec Added test cases for individual AWS services, direct modification of global credentials and AWS.Credentials 2025-04-28 14:00:12 +02:00
Michael Nebel
2e0ce44fde Javascript: Update test files. 2025-04-23 15:41:41 +02:00
Napalys
fdfdcc0d93 Undo unnecessary name tracking for request, response objects 2025-04-22 14:16:45 +02:00
Asger F
00661b62dc JS: Add isMiddlewareSetup() hook to Routing model 2025-04-22 12:00:02 +02:00
Asger F
c2cab184ac Merge pull request #19283 from asgerf/js/rest-pattern-fix 
JS: Fix missing flow into rest pattern lvalue
 2025-04-22 10:37:36 +02:00
Napalys
5c3556da66 Add user-controlled property tracking and update code injection alerts in Fastify hooks 2025-04-15 09:41:52 +02:00