hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

11732 Commits

Author SHA1 Message Date
Napalys
e23ff9cf3e Add TypedArrays flow summaries for Uint8Array and buffer property 2025-04-07 15:15:24 +02:00
Napalys
93882263f9 Added test case for Uint8Array and TypedArray.prototype.buffer 2025-04-07 12:46:19 +02:00
Napalys
c4fa417680 Added change note 2025-04-07 12:11:33 +02:00
Napalys
6fb5376c5f Refactor ReceivedItemAsRemoteFlow to handle data from both client and server WebSocket sources 2025-04-07 11:44:40 +02:00
Napalys
6bcfd8c91d Updated getAServer with API graphs. 2025-04-04 12:31:29 +02:00
Napalys
c5860e92ec Updated WebSocketReceiveNode to match bind functions. 2025-04-04 12:28:53 +02:00
Napalys
4b7a9cd399 Added test case with bind. 2025-04-04 12:26:58 +02:00
Napalys
49194b0340 Updated WebSocketReceiveNode with API graphs. 2025-04-04 12:26:52 +02:00
Napalys
0dbf951291 Updated ClientSocket and SendNode with API graphs. 2025-04-04 09:14:54 +02:00
Napalys
455ce59583 Added test cases with export of an instance. 2025-04-04 08:59:19 +02:00
Napalys
e16a20e69f Updated SocketClass to use API Graphs. 2025-04-04 08:47:27 +02:00
Napalys
c7fad09664 Added test cases with custom exports/imports. 2025-04-04 08:33:26 +02:00
Napalys
a572ac60d2 Added inline test expectations for WebSocket 2025-04-04 08:22:48 +02:00
Asger F
14c5495b4c JS: Use in SensitiveActions test as an example 2025-04-03 13:24:18 +02:00
Asger F
6c33013788 JS: Enable association with headers without needing a route handler 
Previously it was not possible to associate a ResponseSendArgument with its header definitions if they did not have the same route handler.

But for calls like `new Response(body, { headers })` the headers are fairly obvious whereas the route handler is unnecessarily hard to find. So we use the direct and obvious association between 'body' and 'headers' in the call.
 2025-04-03 11:08:10 +02:00
Asger F
db2720ea5b JS: Initial model of Response 2025-04-03 11:08:05 +02:00
Napalys
0e7bff0f81 Added change note. 2025-04-03 10:45:17 +02:00
Napalys
04a39eb735 Removed old mkdirp modeling and replaced it with MaD. 2025-04-03 10:45:16 +02:00
Napalys
3fa24d6026 Add sink model for mkdirp and update tests for path injection alerts. 2025-04-03 10:45:14 +02:00
Napalys
533f1a93e2 JS: Added test cases for mkdirp. 2025-04-03 10:45:12 +02:00
Napalys Klicius
5c42c0ba4c Merge pull request #19196 from Napalys/js/rimraf 
JS: Modeling of `rimraf` functions
 2025-04-03 09:51:52 +02:00
Asger F
bb15f30ef6 Merge pull request #19192 from asgerf/js/name-resolution-independent-fixes 
JS: Some preliminary fixes from name resolution branch
 2025-04-03 09:36:02 +02:00
Jon Janego
d8ef4fc25d Update javascript/ql/src/Expressions/ExprHasNoEffect.ql 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-04-02 10:22:27 -05:00
Asger F
6c3bc941c5 Merge branch 'main' into js/name-resolution-independent-fixes 2025-04-02 14:15:44 +02:00
Asger F
2c40359143 JS: Change note 2025-04-02 14:12:07 +02:00
Asger F
30a9cd7c8a JS: Include document as a DOM value 2025-04-02 14:09:52 +02:00
Asger F
9ebaac82cf JS: Add tests for Response object sink 2025-04-02 13:47:18 +02:00
Napalys
390d9ffe66 Added change note 2025-04-02 12:50:53 +02:00
Napalys
b16b407f89 Add rimraf model and update tests for path injection vulnerabilities 2025-04-02 12:49:48 +02:00
Napalys
14999c19da Added test cases for rimraf library. 2025-04-02 12:46:48 +02:00
Asger F
78b25388ca JS: Protect against bad join in BadRandomness 
This code resulted in bad join orders in response to certain library
changes. The actual library changes have to be split into smaller pieces
but I'd like to ensure I don't run into the bad join again.
 2025-04-02 10:14:07 +02:00
Asger F
46f88e7ce7 JS: Updates to DOM model 2025-04-02 10:14:03 +02:00
Asger F
48db2b9315 JS: Add test 2025-04-02 10:12:36 +02:00
Jon Janego
74587f0d64 Update ExprHasNoEffect.ql 
adding quality tags per metadata styleguide
 2025-04-01 18:47:52 -05:00
Asger F
887942e3e9 Merge pull request #19108 from asgerf/js/api-graph-spread-rest 
JS: Handle spread/rest in API graphs
 2025-04-01 17:48:36 +02:00
Asger F
4746cfddf2 JS: Add clarifying comment 2025-04-01 16:26:07 +02:00
Asger F
e1784bb10c JS: Fix handling of spread args on a bound function 2025-04-01 16:20:57 +02:00
github-actions[bot]
10205cb990 Post-release preparation for codeql-cli-2.21.0 2025-04-01 11:30:43 +00:00
github-actions[bot]
84f6564cc0 Release preparation for version 2.21.0 2025-03-31 17:35:15 +00:00
Arthur Baars
cd9ccef8b2 Javascript, add missing * to changenote 2025-03-31 18:45:01 +02:00
Asger F
149ec20758 JS: Add comment about internal edge 2025-03-31 15:39:09 +02:00
Asger F
f64bdccd6d Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2025-03-31 15:30:59 +02:00
Napalys Klicius
4572376e9a Merge pull request #19143 from Napalys/js/fs-extra-missing 
JS: Modeling of `fs-extra` functions
 2025-03-31 10:35:45 +02:00
Napalys Klicius
de8a3289e2 Merge pull request #19118 from Napalys/js/hana_db_client 
JS: support `hana` db client
 2025-03-31 10:35:11 +02:00
Asger F
ee867e99c7 Merge pull request #19117 from lcartey/lcartey/support-sap-json-formats 
JavaScript: Add support for indexing additional SAP related JSON files
 2025-03-31 10:30:11 +02:00
Napalys
32d6ac8da7 Add test case to ensure exec calls without middleware injection into Express are not flagged. 2025-03-30 14:09:15 +02:00
Napalys
45c8ec96df Added test cases for hana db additional sources. 2025-03-28 15:02:03 +01:00
Napalys
d0e2aa8192 Added sources from hana db as MaD. 2025-03-28 14:55:17 +01:00
Napalys
f3af23e855 Refactored hana's DB client to use GuardedRouteHandler, improving precision. 2025-03-28 13:58:37 +01:00
Napalys Klicius
f7264d82d4 Merge branch 'main' into js/hana_db_client 2025-03-28 13:21:15 +01:00