Napalys Klicius
|
5c42c0ba4c
|
Merge pull request #19196 from Napalys/js/rimraf
JS: Modeling of `rimraf` functions
|
2025-04-03 09:51:52 +02:00 |
|
Asger F
|
6c3bc941c5
|
Merge branch 'main' into js/name-resolution-independent-fixes
|
2025-04-02 14:15:44 +02:00 |
|
Asger F
|
30a9cd7c8a
|
JS: Include document as a DOM value
|
2025-04-02 14:09:52 +02:00 |
|
Asger F
|
9ebaac82cf
|
JS: Add tests for Response object sink
|
2025-04-02 13:47:18 +02:00 |
|
Napalys
|
b16b407f89
|
Add rimraf model and update tests for path injection vulnerabilities
|
2025-04-02 12:49:48 +02:00 |
|
Napalys
|
14999c19da
|
Added test cases for rimraf library.
|
2025-04-02 12:46:48 +02:00 |
|
Asger F
|
46f88e7ce7
|
JS: Updates to DOM model
|
2025-04-02 10:14:03 +02:00 |
|
Asger F
|
48db2b9315
|
JS: Add test
|
2025-04-02 10:12:36 +02:00 |
|
Asger F
|
887942e3e9
|
Merge pull request #19108 from asgerf/js/api-graph-spread-rest
JS: Handle spread/rest in API graphs
|
2025-04-01 17:48:36 +02:00 |
|
Asger F
|
e1784bb10c
|
JS: Fix handling of spread args on a bound function
|
2025-04-01 16:20:57 +02:00 |
|
Napalys Klicius
|
4572376e9a
|
Merge pull request #19143 from Napalys/js/fs-extra-missing
JS: Modeling of `fs-extra` functions
|
2025-03-31 10:35:45 +02:00 |
|
Napalys
|
32d6ac8da7
|
Add test case to ensure exec calls without middleware injection into Express are not flagged.
|
2025-03-30 14:09:15 +02:00 |
|
Napalys
|
45c8ec96df
|
Added test cases for hana db additional sources.
|
2025-03-28 15:02:03 +01:00 |
|
Napalys Klicius
|
f7264d82d4
|
Merge branch 'main' into js/hana_db_client
|
2025-03-28 13:21:15 +01:00 |
|
Napalys
|
75b4d1b771
|
Applied copilot suggestions.
|
2025-03-28 13:19:11 +01:00 |
|
Napalys
|
495af56ab5
|
Added NodeJSFileSystemVectorWrite class for vectored write.
|
2025-03-28 13:07:23 +01:00 |
|
Napalys
|
e0c6cbb1b7
|
Added test cases for writev and writevSync.
|
2025-03-28 13:07:21 +01:00 |
|
Napalys
|
e63e170ac2
|
Added support for readv and readvSync functions in NodeJSFileSystemAccessRead class .
|
2025-03-28 13:07:20 +01:00 |
|
Napalys
|
6e7214747c
|
Added test cases for readv and readvSync
|
2025-03-28 13:07:14 +01:00 |
|
Asger F
|
7904db0f9a
|
Merge pull request #19132 from asgerf/js/guarded-route-handler-token
JS: Add GuardedRouteHandler access path component
|
2025-03-28 10:47:10 +01:00 |
|
Asger F
|
1ad471cb32
|
JS: Track through spread/rest params in API graphs
|
2025-03-28 09:14:36 +01:00 |
|
Asger F
|
ff99d5c688
|
JS: Add test for API graph through spread args
|
2025-03-28 09:13:06 +01:00 |
|
Napalys
|
e1bf054056
|
Added support for lutimes, opendir, and statfs functions from fs-extra.
|
2025-03-28 08:37:30 +01:00 |
|
Napalys
|
55c74b2bac
|
Added support for emptydir functions from fs-extra.
|
2025-03-28 08:37:28 +01:00 |
|
Napalys
|
e386448f60
|
Added support for missing rm functions from fs-extra
|
2025-03-28 08:37:22 +01:00 |
|
Napalys
|
7a08f32e16
|
Added support for cp functions from fs-extra.
|
2025-03-28 08:36:26 +01:00 |
|
Napalys
|
96a550582b
|
Added test cases for fs-extra missing features.
|
2025-03-28 08:26:31 +01:00 |
|
Napalys Klicius
|
32369dab7d
|
Merge pull request #19124 from Napalys/js/hapi_upgrade
JS: Support for newer version of `Hapi` - `@hapi/hapi`
|
2025-03-27 16:42:51 +01:00 |
|
Asger F
|
ed50343cc2
|
Merge pull request #19077 from asgerf/js/jsdoc-name-tokens
JS: Separate JSDoc qualified names into individual identifiers
|
2025-03-27 14:22:11 +01:00 |
|
Asger F
|
13d2453a45
|
JS: Add GuardedRouteHandler access path component
|
2025-03-27 13:59:41 +01:00 |
|
Napalys Klicius
|
fdea22fbc3
|
Merge pull request #19129 from Napalys/js/readfile_async
JS: Add support for `async` `readFile`
|
2025-03-27 12:34:39 +01:00 |
|
Asger F
|
da269c6fb1
|
JS: More test updates
|
2025-03-27 11:51:25 +01:00 |
|
Asger F
|
c8817d9667
|
JS: Parse with proper locations
|
2025-03-27 11:51:23 +01:00 |
|
Asger F
|
6868f66108
|
JS: Restrict size of hasNameParts
Test updates look OK. Some intermediate results are omitted but the
qualified name of the final type names are still present.
|
2025-03-27 11:51:20 +01:00 |
|
Asger F
|
328bf753b4
|
JS: Benign test updates
|
2025-03-27 11:51:17 +01:00 |
|
Napalys
|
200bf391ce
|
Enhance NodeJSLib data flow handling through await.
|
2025-03-26 14:24:52 +01:00 |
|
Napalys
|
762ca2f8f5
|
Added test case with async readFile, currently not flagged.
|
2025-03-26 14:21:44 +01:00 |
|
Napalys
|
ae645e49ba
|
Added support for @hapi/hapi server.
|
2025-03-26 11:41:11 +01:00 |
|
Napalys
|
649b4e07e2
|
Added test cases for @hapi/hapi
|
2025-03-26 11:35:58 +01:00 |
|
Napalys
|
4cdc40d115
|
Added SQL injection detection for exec method embeded Express client from hdbext.
|
2025-03-25 18:39:54 +01:00 |
|
Napalys
|
7cc0634f57
|
Added createProcStatement as potential sql sink.
|
2025-03-25 14:50:38 +01:00 |
|
Napalys
|
0285cb6c7a
|
Added @sap/hdbext.loadProccedure as sql sink.
|
2025-03-25 14:48:40 +01:00 |
|
Napalys
|
e595def8b0
|
Modeled execute as potential hana's sink.
|
2025-03-25 14:44:37 +01:00 |
|
Napalys
|
d28af9508a
|
Added sink models for hana's client prepare function.
|
2025-03-25 14:42:27 +01:00 |
|
Napalys
|
9229962096
|
Add sink model for SQL injection detection in exec clients.
|
2025-03-25 14:36:13 +01:00 |
|
Napalys
|
032cfc134f
|
Added test cases for hana clients.
|
2025-03-25 14:29:06 +01:00 |
|
Napalys Klicius
|
0689cf7f5e
|
Update javascript/ql/lib/ext/axios.model.yml
Co-authored-by: Asger F <asgerf@github.com>
|
2025-03-25 10:56:01 +01:00 |
|
Napalys
|
1ee3fde214
|
Added support for axios.interceptors.response.
|
2025-03-25 10:55:34 +01:00 |
|
Napalys
|
20bb831ce9
|
Added test case for axios.interceptors.response with missing alert.
|
2025-03-25 10:55:14 +01:00 |
|
Napalys
|
10498bbaa4
|
Added support for axios.interceptors.request.
|
2025-03-25 10:54:56 +01:00 |
|