hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

2033 Commits

Author SHA1 Message Date
Asger F
8d49f26f3d Merge pull request #20397 from asgerf/js/build-artifact-leak-fp 
JS: Fix FP in js/build-artifact-leak when keys come from an array of constants
 2025-10-28 06:40:13 +01:00
Napalys Klicius
6cfc950159 JS: Model GraphQLObjectType resolve params as sources 2025-09-19 14:39:36 +02:00
Napalys Klicius
d88bc8e408 JS: Add test case for GraphQLObjectType 2025-09-19 14:23:40 +02:00
Napalys Klicius
4f8166a661 Merge pull request #20450 from Napalys/js/graph-ql-ench 
JS: Improve graphql flow
 2025-09-17 16:32:01 +02:00
Napalys Klicius
7affcf40c2 JS: Add variableValues to the previous summaryModel to enchance the flow. 2025-09-17 12:24:14 +02:00
Napalys Klicius
6c18b4de40 JS: Add test case for graph ql variableValues injection 2025-09-17 12:21:21 +02:00
Napalys Klicius
4282005e32 JS: Add summary model for graphql's rootValue 2025-09-17 11:48:44 +02:00
Napalys Klicius
a6d728a66d JS: Add test case with missing alert using graphql 2025-09-17 11:23:49 +02:00
Napalys Klicius
ca667b5131 JS: fix test expectations from rebasing 2025-09-17 10:24:45 +02:00
Napalys Klicius
9ca4773227 Added modeling for CreatePreparedStatementCommand 2025-09-17 10:21:10 +02:00
Napalys Klicius
872b6d8bee Added test case for CreatePreparedStatementCommand 2025-09-17 10:21:01 +02:00
Napalys Klicius
b89e70b5a0 Added test cases for aws sources 2025-09-17 10:20:52 +02:00
Napalys Klicius
5b31350e83 Added tests and modeling of database-access-result 2025-09-17 10:20:01 +02:00
Napalys Klicius
e5f02852e1 Added modeling of rds v2 and v3 for sql injections 2025-09-17 10:19:22 +02:00
Napalys Klicius
5b5c17100c Added test cases for client-rds-data for sql injections 2025-09-17 10:19:10 +02:00
Napalys Klicius
0e6bac73a7 Added modeling of athena v2 and v3 for sql injections 2025-09-17 10:18:58 +02:00
Napalys Klicius
af97b0edc2 Added test cases for athena v2 and v3 for sql injections 2025-09-17 10:16:38 +02:00
Napalys Klicius
ee1af432fe Added modeling of client-s3 v2 and v3 2025-09-17 10:16:25 +02:00
Napalys Klicius
5e6118ef3f Added test cases for client-s v2 and v3 sql injection 2025-09-17 10:15:43 +02:00
Napalys Klicius
06ab918985 Added modeling for V2 of dynamoDB 2025-09-17 10:15:19 +02:00
Napalys Klicius
ae2e8b1292 Added modeling of dynamodb v3 for sql injections 2025-09-17 10:13:24 +02:00
Napalys Klicius
0a3343a07d Added test cases for v2 and v3 sql injection of dynamodb 2025-09-17 10:11:31 +02:00
Napalys Klicius
3a75500f54 JS: Add modeling for call-me-maybe 2025-09-15 17:15:31 +02:00
Napalys Klicius
0d23ab07db JS: Add data flow modeling for promisified user-defined functions 2025-09-15 17:13:13 +02:00
Napalys Klicius
2c6db00cbc JS: Add modeling for util promisify* 2025-09-15 17:09:28 +02:00
Napalys Klicius
e002f2088f JS: Add modeling for es6-promisify 2025-09-15 17:04:34 +02:00
Napalys Klicius
35c75c00ba JS: Add modeling for @gar/promisify 2025-09-15 16:58:11 +02:00
Napalys Klicius
312471e9db JS: Add modeling for @google-cloud/promisify 2025-09-15 16:55:27 +02:00
Napalys Klicius
d37425ae3e JS: Treat promisify(obj).member as obj.member 2025-09-15 16:51:19 +02:00
Napalys Klicius
d6a14e63ba JS: Add test cases for promisification libraries. 2025-09-15 16:21:12 +02:00
Asger F
2a4d6830ec JS: An array of constants should be considered "filtered" 2025-09-10 11:07:32 +02:00
Asger F
602dae0592 JS: Add test showing FP 2025-09-10 10:58:34 +02:00
Asger F
36e18c2a89 JS: Enable inline expectations in BuildArtifactLeak 
The tests already have the annotations, it just seems to have been disable by accident
 2025-09-10 10:56:34 +02:00
Napalys Klicius
b2feaaceea Merge branch 'main' into js/move-cors-query-from-experimental 2025-09-05 12:11:09 +02:00
Napalys Klicius
c4c8dbcf7d Merge remote-tracking branch 'origin/main' into js/move-cors-query-from-experimental 2025-09-04 15:24:44 +02:00
Napalys Klicius
d3d608fa33 Updated query description and added a sanitizer 2025-09-04 13:16:37 +00:00
Napalys Klicius
4dac80a998 Replace complex wrapper classes with MaD 2025-09-04 12:19:22 +00:00
Napalys Klicius
8fc81f4263 Merge branch 'main' into js/remote-property-injection-update 2025-09-03 14:02:19 +02:00
Asger F
0d0eaa21a1 Merge pull request #20302 from asgerf/js/simpler-locations 
JS: Remove synthetic locations
 2025-09-01 09:46:13 +02:00
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Napalys Klicius
bafe22c50c Merge pull request #20048 from Napalys/js/xml_bomb_sinks 
JS: Exclude patched libraries from `xml-bomb` sink
 2025-08-29 08:10:55 +02:00
Napalys Klicius
32606584ea JS: add enumeration taint flow to Remote Property Injection query 2025-08-27 10:23:03 +00:00
Napalys Klicius
c39c04cb86 JS: added new test case for remote prop injection via Object.keys 2025-08-27 10:20:57 +00:00
Napalys Klicius
10c10c7d30 JS: fixed typo in folder name 2025-08-27 10:17:39 +00:00
Napalys Klicius
b19d1e0f57 Merge pull request #20151 from Napalys/js/command-line-libs 
JS: Enhance command injection detection for CLI argument parsing libraries
 2025-08-18 09:32:29 +02:00
Napalys Klicius
ae4077db72 add taint flow for arg/command-line-args with custom argv option 2025-08-01 13:34:08 +02:00
Napalys Klicius
d6508f34b6 Add taint flow for Commander.js direct property access and action callbacks 2025-08-01 13:24:19 +02:00
Napalys Klicius
39170f327c Added couple more test cases for commander js 2025-08-01 13:14:39 +02:00
Napalys Klicius
6b4e34dd39 Added a step from parse to opts for commander js 2025-08-01 13:12:43 +02:00
Napalys Klicius
e980798ede Added step through yargs/yargs constructor and chained methods. 2025-08-01 12:01:30 +02:00