4928 Commits

Author	SHA1	Message	Date
Asger F	7c38c48fd7	Merge pull request #19769 from trailofbits/VF/Nest-improvements ... Improve NestJS sources and dependency injection	2025-06-30 10:42:18 +02:00
Asger F	3247babfa5	Merge pull request #19762 from trailofbits/VF/type-orm-model-improvements ... Improve TypeORM model	2025-06-30 10:40:38 +02:00
Napalys Klicius	3d9e2f5438	Merge pull request #19858 from Napalys/js/execa ... JS: moved `execa` out of experimental	2025-06-25 10:34:52 +02:00
Asger F	d39b68cd41	Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries ... JS: Remove legacy actions queries	2025-06-25 09:18:33 +02:00
Asger F	853fc1a7cf	Merge pull request #19852 from asgerf/js/react-use-server ... JS: Model React 'use' and 'use server'	2025-06-25 09:13:56 +02:00
Napalys Klicius	0902ca0605	JS: address copilot suggestions	2025-06-24 11:37:07 +02:00
Asger F	d428eaeef8	Merge pull request #19655 from GeekMasher/js-clientrests-axios ... JS: ClientRequests Axios Instance support	2025-06-24 10:35:51 +02:00
Napalys Klicius	d05de1ba4e	JS: moved execa test cases outside experimental	2025-06-24 09:08:13 +02:00
Napalys Klicius	ef51ab172f	JS: exclude sinon module from regexp match calls	2025-06-23 20:25:17 +02:00
Napalys Klicius	584b4f51aa	JS: add false positive test cases for hostname regex detection	2025-06-23 20:25:10 +02:00
Asger F	61887beae0	JS: Add test case for false positive	2025-06-23 16:03:41 +02:00
Asger F	cc1a28ac7e	JS: Add parameters of server functions as remote flow sources	2025-06-23 16:03:39 +02:00
Asger F	d9f4e4a90d	JS: Add tests for functions with "use server" directive	2025-06-23 16:03:38 +02:00
Asger F	7dd7246cd4	JS: Update tests.expected ... Mostly noise due to renamed predicates and reordered result sets	2025-06-23 16:03:35 +02:00
Asger F	180b023c7c	JS: Add inline expectations to React test	2025-06-23 16:03:33 +02:00
Asger F	1787d4dce8	JS: Enable inline expectations in test ... Will update files in next commit	2025-06-23 16:03:32 +02:00
Asger F	1a18e68364	JS: Remove reactLibraryRef ... This is not testing anything interesting, and is noisy when adding inline expectations	2025-06-23 16:03:30 +02:00
Asger F	99fb6b62ad	JS: Remove test_ prefix from query predicates	2025-06-23 16:03:29 +02:00
Asger F	8ff7182f3a	JS: Move React test predicates into one file	2025-06-23 15:37:15 +02:00
Asger F	980d0f46fa	JS: Add model for react 'use'	2025-06-23 15:27:21 +02:00
Asger F	768ccc6a54	JS: Add test for react 'use' function	2025-06-23 15:26:08 +02:00
Asger F	76b7228160	JS: Remove js/actions/command-injection ... Superseded by actions/command-injection/{medium,critical}	2025-06-23 14:41:26 +02:00
Asger F	9dcb61e771	JS: Remove js/actions/actions-artifact-leak ... Superseded by actions/secrets-in-artifacts	2025-06-23 14:39:28 +02:00
Asger F	3a00e8d1c5	JS: Remove js/actions/pull-request-target ... Superseded by actions/untrusted-checkout/{medium,high,critical}	2025-06-23 14:37:21 +02:00
Napalys Klicius	3fbe348f99	Merge pull request #19784 from Napalys/js/express_middleware ... JS: Improve Express middleware taint tracking	2025-06-20 15:36:26 +02:00
Napalys Klicius	bca536c5b6	Merge remote-tracking branch 'origin/main' into js/quality/loop_shift	2025-06-20 11:30:20 +02:00
Napalys Klicius	f80651e78a	Merge pull request #19750 from Napalys/js/remove_encodeURI ... JS: remove `encodeURI` from sanitizer list of request forgery	2025-06-19 14:12:52 +02:00
Napalys Klicius	53cae4fa97	Merge remote-tracking branch 'origin/main' into js/quality/loop_shift	2025-06-19 10:21:52 +02:00
Napalys Klicius	060b98d36c	JS: enchance middleware taint tracking via local source	2025-06-17 08:30:19 +02:00
Napalys Klicius	da21a064ac	JS: add _parsedUrl as remote input source	2025-06-16 16:28:30 +02:00
Napalys Klicius	67aac7abfa	JS: add test cases for middleware property assignment tracking	2025-06-16 16:26:08 +02:00
Napalys Klicius	bdbc49c63f	JS: Removed encodeURI from request forgery sanitizer list	2025-06-16 13:08:11 +02:00
Napalys Klicius	deb715a517	JS: Add test case with encodeURI for request forgery	2025-06-16 10:49:29 +02:00
Napalys Klicius	5a107ec33b	JS: track taint through serialize-javascript calls with object arguments	2025-06-16 10:38:20 +02:00
Napalys Klicius	a96ea182c7	JS: add test cases for serialize-javascript with tainted object properties	2025-06-16 09:30:52 +02:00
Vasco-jofra	e2eca5bbff	Update test.expected	2025-06-15 12:12:12 +02:00
Vasco-jofra	6920430073	Improve dependency injection through import function calls	2025-06-15 00:47:34 +02:00
Vasco-jofra	477f32c7ff	NestJS dependency injection support useValue provider	2025-06-15 00:21:38 +02:00
Vasco-jofra	2b143c86ac	NestJS dependency Injection support useFactory provider	2025-06-15 00:09:07 +02:00
Vasco-jofra	baf0d3ef22	Model NestJS middlewares as sources	2025-06-14 23:27:49 +02:00
Vasco-jofra	ddf77a0b72	Remove unnecessary spaces	2025-06-13 15:37:27 +02:00
Vasco-jofra	4ea53773b9	Model the TypeORM Repository API	2025-06-13 15:35:46 +02:00
Napalys Klicius	0906d85b39	Merge pull request #19726 from Napalys/js/quality/string_interpolation ... JS: Promote `js/template-syntax-in-string-literal` to the Code Quality suite.	2025-06-13 13:36:53 +02:00
Napalys Klicius	28ae39694f	Merge pull request #19741 from Napalys/js/quality/suspicious_method_names ... JS: Promote `js/suspicious-method-name-declaration` to the Code Quality suite.	2025-06-12 15:30:13 +02:00
Napalys Klicius	66d66fe87d	JS: fix false positives for splice with conditional index decrement	2025-06-12 14:51:10 +02:00
Napalys Klicius	7292a76ee4	JS: add test cases for false positives in loop-iteration-skipped-due-to-shifting	2025-06-12 14:39:47 +02:00
Napalys Klicius	923aff2439	JS: Fixed false positive on manual string interpolation.	2025-06-12 11:35:33 +02:00
Napalys Klicius	bafe7e66ad	JS: Fix template literal detection in string concatination	2025-06-12 11:18:20 +02:00
Napalys Klicius	861e4ee11e	JS: Added test cases including manual interpolation and string concatination.	2025-06-12 11:15:36 +02:00
Napalys Klicius	41f4236b86	JS: expanded suspicious-method-name-declaration test suite	2025-06-12 09:29:30 +02:00