Josh Brown
|
f39c1141d8
|
Revert "Merge pull request #257 from microsoft/jb1/reapply-22.1-tmp"
This reverts commit 6d496ee073, reversing
changes made to 866977b6c5.
|
2025-08-11 12:45:01 -07:00 |
|
Josh Brown
|
5fb45c89e9
|
Revert "Merge pull request #251 from microsoft/jb1/upstream-zipslip"
This reverts commit 4dfa5d2858, reversing
changes made to 8cd58aa6e8.
|
2025-07-10 14:57:38 -07:00 |
|
Asger F
|
980d0f46fa
|
JS: Add model for react 'use'
|
2025-06-23 15:27:21 +02:00 |
|
Napalys Klicius
|
40d176a770
|
Added model for shelljs.env
|
2025-05-01 11:09:47 +02:00 |
|
Napalys Klicius
|
73309fb9dd
|
Updated modeling of aws-sdk with MaD
|
2025-04-28 14:00:12 +02:00 |
|
Napalys
|
ce2fc25cdb
|
Added make-dir model as data
|
2025-04-09 14:42:29 +02:00 |
|
Napalys Klicius
|
f02783a9c6
|
Merge pull request #19210 from Napalys/js/mkdirp
JS: Modeling of `mkdirp` functions
|
2025-04-09 13:43:37 +02:00 |
|
Napalys
|
b8802a29f4
|
Added open package model as data.
|
2025-04-08 08:12:30 +02:00 |
|
Napalys
|
04a39eb735
|
Removed old mkdirp modeling and replaced it with MaD.
|
2025-04-03 10:45:16 +02:00 |
|
Napalys
|
3fa24d6026
|
Add sink model for mkdirp and update tests for path injection alerts.
|
2025-04-03 10:45:14 +02:00 |
|
Napalys
|
b16b407f89
|
Add rimraf model and update tests for path injection vulnerabilities
|
2025-04-02 12:49:48 +02:00 |
|
Napalys
|
d0e2aa8192
|
Added sources from hana db as MaD.
|
2025-03-28 14:55:17 +01:00 |
|
Napalys
|
f3af23e855
|
Refactored hana's DB client to use GuardedRouteHandler, improving precision.
|
2025-03-28 13:58:37 +01:00 |
|
Napalys Klicius
|
f7264d82d4
|
Merge branch 'main' into js/hana_db_client
|
2025-03-28 13:21:15 +01:00 |
|
Napalys
|
4cdc40d115
|
Added SQL injection detection for exec method embeded Express client from hdbext.
|
2025-03-25 18:39:54 +01:00 |
|
Napalys
|
7cc0634f57
|
Added createProcStatement as potential sql sink.
|
2025-03-25 14:50:38 +01:00 |
|
Napalys
|
0285cb6c7a
|
Added @sap/hdbext.loadProccedure as sql sink.
|
2025-03-25 14:48:40 +01:00 |
|
Napalys
|
e595def8b0
|
Modeled execute as potential hana's sink.
|
2025-03-25 14:44:37 +01:00 |
|
Napalys
|
d28af9508a
|
Added sink models for hana's client prepare function.
|
2025-03-25 14:42:27 +01:00 |
|
Napalys
|
9229962096
|
Add sink model for SQL injection detection in exec clients.
|
2025-03-25 14:36:13 +01:00 |
|
Napalys Klicius
|
0689cf7f5e
|
Update javascript/ql/lib/ext/axios.model.yml
Co-authored-by: Asger F <asgerf@github.com>
|
2025-03-25 10:56:01 +01:00 |
|
Napalys
|
1ee3fde214
|
Added support for axios.interceptors.response.
|
2025-03-25 10:55:34 +01:00 |
|
Napalys
|
10498bbaa4
|
Added support for axios.interceptors.request.
|
2025-03-25 10:54:56 +01:00 |
|
Napalys Klicius
|
7bd1c4d2ae
|
Merge pull request #19060 from Napalys/js/apollo-server
JS: model `ApolloServer`
|
2025-03-21 10:00:31 +01:00 |
|
Napalys
|
3a243d221d
|
Added aliases for @apollo/server.
|
2025-03-20 13:09:42 +01:00 |
|
Napalys
|
ca53e97de4
|
Adressed comments.
|
2025-03-20 12:37:06 +01:00 |
|
Napalys Klicius
|
221cc1977d
|
Merge branch 'main' into js/underscore-string
|
2025-03-20 12:26:00 +01:00 |
|
Napalys
|
f4ca2dc1f3
|
Restricted taint to array elements.
|
2025-03-20 12:24:49 +01:00 |
|
Napalys
|
752f02f04d
|
Fixed map modeling and added test cases.
|
2025-03-20 12:18:28 +01:00 |
|
Napalys
|
cb18408502
|
Added data as model for ApolloServer.
|
2025-03-19 13:36:06 +01:00 |
|
Asger F
|
53ba588993
|
JS: Use ArrayElement instead of AnyMember
The use of AnyMember was a workaround until the bugfix in this PR landed.
|
2025-03-18 09:26:02 +01:00 |
|
Napalys
|
2c7562d875
|
Removed value from modeling its return value as Wrapper class, since it return simple string.
|
2025-03-17 19:08:43 +01:00 |
|
Napalys
|
d8e6d76b0e
|
Added modeling for tap function.
|
2025-03-17 19:07:02 +01:00 |
|
Napalys
|
fc6b779a4b
|
Added modeling for aliases.
|
2025-03-17 18:33:14 +01:00 |
|
Napalys
|
3a83c8d1fd
|
Added modeling for extra chaining function from underscore.string.
|
2025-03-17 18:06:26 +01:00 |
|
Napalys
|
ca9ae8a58d
|
Added chaining modeling for underscore.string package.
|
2025-03-17 14:46:07 +01:00 |
|
Napalys
|
b59b9c86e4
|
Added modeling underscore.string of function which contain multiple sources points.
|
2025-03-17 14:46:01 +01:00 |
|
Napalys
|
6b105b2f49
|
Added modeling underscore.string array to string functions.
|
2025-03-17 12:55:53 +01:00 |
|
Napalys
|
30623cd953
|
Added modeling of underscore.string for str to array.
|
2025-03-17 12:52:56 +01:00 |
|
Napalys
|
9bca863e38
|
Added modeling of underscore.string string to string functions.
|
2025-03-17 12:50:41 +01:00 |
|
Napalys
|
933f3c6f77
|
Refactor Tanstack integration: remove Tanstack framework and added model as data for it instead.
|
2025-03-14 13:52:05 +01:00 |
|
Napalys
|
d40ef0ddae
|
Changed from taint to value steps.
Co-authored-by: Asgerf <asgerf@github.com>
|
2025-03-14 13:48:15 +01:00 |
|
Napalys
|
3640e5e425
|
Added model for tanstack-react useQueries
|
2025-03-13 12:45:26 +01:00 |
|
Napalys
|
6c9aa0e872
|
Added modeling of tanstack-vue useQueries.
|
2025-03-13 12:45:23 +01:00 |
|
Napalys
|
0c0158899e
|
Added tanstack-vue useQuery modeling
|
2025-03-13 12:25:07 +01:00 |
|
Napalys
|
f867e0fae8
|
Added angular-query so when it is released it would be still modeled.
|
2025-03-12 14:00:44 +01:00 |
|
Napalys
|
770920e738
|
Add new model configuration for @tanstack/angular-query-experimental.
|
2025-03-12 11:54:55 +01:00 |
|
Napalys Klicius
|
7c9edff33c
|
Merge pull request #18964 from Napalys/js/mark_down_table
JS: Refactor `markdown-table` library modeling
|
2025-03-11 09:02:56 +01:00 |
|
Napalys
|
13c701948a
|
Refactor Markdown taint steps and update expected results for reflected XSS tests
|
2025-03-10 19:27:36 +01:00 |
|
Napalys
|
d077d6807a
|
Applied changes from comments
Co-authored-by: Asgerf <asgerf@github.com>
|
2025-03-10 12:24:45 +01:00 |
|