hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

70 Commits

Author SHA1 Message Date
Napalys Klicius
6cfc950159 JS: Model GraphQLObjectType resolve params as sources 2025-09-19 14:39:36 +02:00
Napalys Klicius
4f8166a661 Merge pull request #20450 from Napalys/js/graph-ql-ench 
JS: Improve graphql flow
 2025-09-17 16:32:01 +02:00
Napalys Klicius
7affcf40c2 JS: Add variableValues to the previous summaryModel to enchance the flow. 2025-09-17 12:24:14 +02:00
Napalys Klicius
4282005e32 JS: Add summary model for graphql's rootValue 2025-09-17 11:48:44 +02:00
Napalys Klicius
4df8db0d7e Renamed AWS-V3-Common to @aws-sdk/client.Client 2025-09-17 10:21:29 +02:00
Napalys Klicius
10f3a83fcb Fixed model type names 
Co-authored-by: asgerf <asgerf@users.noreply.github.com>
 2025-09-17 10:21:23 +02:00
Napalys Klicius
9ca4773227 Added modeling for CreatePreparedStatementCommand 2025-09-17 10:21:10 +02:00
Napalys Klicius
801a34f6a1 Moved typeModel at the start of the file 2025-09-17 10:20:24 +02:00
Napalys Klicius
9beac51586 Unified aws-db modeling into singular file 2025-09-17 10:20:10 +02:00
Napalys Klicius
5b31350e83 Added tests and modeling of database-access-result 2025-09-17 10:20:01 +02:00
Napalys Klicius
e5f02852e1 Added modeling of rds v2 and v3 for sql injections 2025-09-17 10:19:22 +02:00
Napalys Klicius
0e6bac73a7 Added modeling of athena v2 and v3 for sql injections 2025-09-17 10:18:58 +02:00
Napalys Klicius
ee1af432fe Added modeling of client-s3 v2 and v3 2025-09-17 10:16:25 +02:00
Napalys Klicius
06ab918985 Added modeling for V2 of dynamoDB 2025-09-17 10:15:19 +02:00
Napalys Klicius
ae2e8b1292 Added modeling of dynamodb v3 for sql injections 2025-09-17 10:13:24 +02:00
Napalys Klicius
3a75500f54 JS: Add modeling for call-me-maybe 2025-09-15 17:15:31 +02:00
Napalys Klicius
d8c4d6deb4 Rename cors-misconfiguration to cors-origin. 2025-09-05 11:30:07 +02:00
Napalys Klicius
4dac80a998 Replace complex wrapper classes with MaD 2025-09-04 12:19:22 +00:00
Napalys Klicius
fd4233e30e Moved apollo modeling to MaD 2025-07-31 10:58:38 +02:00
Asger F
980d0f46fa JS: Add model for react 'use' 2025-06-23 15:27:21 +02:00
Napalys Klicius
40d176a770 Added model for shelljs.env 2025-05-01 11:09:47 +02:00
Napalys Klicius
73309fb9dd Updated modeling of aws-sdk with MaD 2025-04-28 14:00:12 +02:00
Napalys
ce2fc25cdb Added make-dir model as data 2025-04-09 14:42:29 +02:00
Napalys Klicius
f02783a9c6 Merge pull request #19210 from Napalys/js/mkdirp 
JS: Modeling of `mkdirp` functions
 2025-04-09 13:43:37 +02:00
Napalys
b8802a29f4 Added open package model as data. 2025-04-08 08:12:30 +02:00
Napalys
04a39eb735 Removed old mkdirp modeling and replaced it with MaD. 2025-04-03 10:45:16 +02:00
Napalys
3fa24d6026 Add sink model for mkdirp and update tests for path injection alerts. 2025-04-03 10:45:14 +02:00
Napalys
b16b407f89 Add rimraf model and update tests for path injection vulnerabilities 2025-04-02 12:49:48 +02:00
Napalys
d0e2aa8192 Added sources from hana db as MaD. 2025-03-28 14:55:17 +01:00
Napalys
f3af23e855 Refactored hana's DB client to use GuardedRouteHandler, improving precision. 2025-03-28 13:58:37 +01:00
Napalys Klicius
f7264d82d4 Merge branch 'main' into js/hana_db_client 2025-03-28 13:21:15 +01:00
Napalys
4cdc40d115 Added SQL injection detection for exec method embeded Express client from hdbext. 2025-03-25 18:39:54 +01:00
Napalys
7cc0634f57 Added createProcStatement as potential sql sink. 2025-03-25 14:50:38 +01:00
Napalys
0285cb6c7a Added @sap/hdbext.loadProccedure as sql sink. 2025-03-25 14:48:40 +01:00
Napalys
e595def8b0 Modeled execute as potential hana's sink. 2025-03-25 14:44:37 +01:00
Napalys
d28af9508a Added sink models for hana's client prepare function. 2025-03-25 14:42:27 +01:00
Napalys
9229962096 Add sink model for SQL injection detection in exec clients. 2025-03-25 14:36:13 +01:00
Napalys Klicius
0689cf7f5e Update javascript/ql/lib/ext/axios.model.yml 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-25 10:56:01 +01:00
Napalys
1ee3fde214 Added support for axios.interceptors.response. 2025-03-25 10:55:34 +01:00
Napalys
10498bbaa4 Added support for axios.interceptors.request. 2025-03-25 10:54:56 +01:00
Napalys Klicius
7bd1c4d2ae Merge pull request #19060 from Napalys/js/apollo-server 
JS: model `ApolloServer`
 2025-03-21 10:00:31 +01:00
Napalys
3a243d221d Added aliases for @apollo/server. 2025-03-20 13:09:42 +01:00
Napalys
ca53e97de4 Adressed comments. 2025-03-20 12:37:06 +01:00
Napalys Klicius
221cc1977d Merge branch 'main' into js/underscore-string 2025-03-20 12:26:00 +01:00
Napalys
f4ca2dc1f3 Restricted taint to array elements. 2025-03-20 12:24:49 +01:00
Napalys
752f02f04d Fixed map modeling and added test cases. 2025-03-20 12:18:28 +01:00
Napalys
cb18408502 Added data as model for ApolloServer. 2025-03-19 13:36:06 +01:00
Asger F
53ba588993 JS: Use ArrayElement instead of AnyMember 
The use of AnyMember was a workaround until the bugfix in this PR landed.
 2025-03-18 09:26:02 +01:00
Napalys
2c7562d875 Removed value from modeling its return value as Wrapper class, since it return simple string. 2025-03-17 19:08:43 +01:00
Napalys
d8e6d76b0e Added modeling for tap function. 2025-03-17 19:07:02 +01:00