hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-19 13:48:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,316 Commits 1,760 Branches 167 Tags
yoff/python-use-shared-control-flow
Commit Graph

40 Commits

Author SHA1 Message Date
murderteeth
dfe05599d3 JS: Add support for @vercel/node serverless functions 
This adds a framework model for Vercel serverless functions so that
CodeQL's existing JavaScript security queries can detect vulnerabilities
in handlers of the form

    export default function handler(req: VercelRequest, res: VercelResponse) { ... }

Handlers are identified as the default export of a module whose first
two parameters are typed as `VercelRequest`/`VercelResponse` from
`@vercel/node`. The default-export constraint excludes private helpers
that share the same signature. Type-based detection follows the same
pattern already used by `NextReqResHandler` in `Next.qll`.

The framework model covers:
- Route handler recognition (default-exported typed handlers only)
- Request input sources: `query`, `body`, `cookies`, and `url`
  (the last inherited from Node's `IncomingMessage`)
- Named header accesses like `req.headers.host` and `req.headers.referer`,
  modelled as `Http::RequestHeaderAccess` so header-specific queries fire
- Response sinks: `res.send`, `res.status(...).send`, `res.redirect`
- Header definitions via `res.setHeader`

Includes a library test exercising each model predicate (including a
negative case for private helpers) and query consistency fixtures
demonstrating end-to-end detection for js/reflected-xss,
js/request-forgery, js/sql-injection, and js/command-line-injection.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-12 19:17:18 +00:00
Asger F
4a001f960f JS: Add tests in request forgery queries 2026-03-11 13:53:25 +01:00
Owen Mansel-Chan
99a4fe4828 Update expected test output column numbers 2026-03-04 15:02:53 +00:00
Asger F
cc8fe10801 JS: Update locations in expected files 2025-08-29 12:03:11 +02:00
Napalys Klicius
3fbe348f99 Merge pull request #19784 from Napalys/js/express_middleware 
JS: Improve Express middleware taint tracking
 2025-06-20 15:36:26 +02:00
Napalys Klicius
060b98d36c JS: enchance middleware taint tracking via local source 2025-06-17 08:30:19 +02:00
Napalys Klicius
da21a064ac JS: add _parsedUrl as remote input source 2025-06-16 16:28:30 +02:00
Napalys Klicius
67aac7abfa JS: add test cases for middleware property assignment tracking 2025-06-16 16:26:08 +02:00
Napalys Klicius
bdbc49c63f JS: Removed encodeURI from request forgery sanitizer list 2025-06-16 13:08:11 +02:00
Napalys Klicius
b9b62fa1c1 JS: Add URL from url package constructor taint step for request forgery detection 2025-05-30 18:32:02 +02:00
Napalys
678eccb417 Added searchParams.get as potential source for SSRF 2025-04-11 09:42:07 +02:00
Napalys
8674b61e5a Added SSRF test case with searchParams for NextRequest 2025-04-11 09:26:16 +02:00
Napalys
6e09a65da0 Added support for NextRequest middleware SSRF. 2025-04-11 08:43:36 +02:00
Napalys
63a3953b0c Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures. 2025-04-10 14:48:17 +02:00
Asger F
1ad471cb32 JS: Track through spread/rest params in API graphs 2025-03-28 09:14:36 +01:00
Napalys
10498bbaa4 Added support for axios.interceptors.request. 2025-03-25 10:54:56 +01:00
Napalys
cb18408502 Added data as model for ApolloServer. 2025-03-19 13:36:06 +01:00
Asger F
2a194a53af raw test output 2025-02-28 13:29:39 +01:00
Asger F
f5911c9e5a JS: Accept raw test output 2025-02-28 13:27:38 +01:00
Asger F
53efb5837b JS: Update some tests with provenance columns 
Only includes the changes that purely contain the new provenance columns
 2024-06-26 13:51:44 +02:00
Asger F
b2216627be JS: Port RequestForgery 2023-10-13 13:15:03 +02:00
erik-krogh
3cece50f78 add encodeURIComponent as a sanitizer for request-forgery 2023-01-23 13:53:53 +01:00
erik-krogh
be8ef1b324 add failing test 2023-01-23 13:52:36 +01:00
erik-krogh
368f84785b fix some more style-guide violations in the alert-messages 2022-10-07 11:22:22 +02:00
Asger Feldthaus
3103cfd925 JS: Rename to tests to clientSide.js and serverSide.js 2022-02-16 13:35:01 +01:00
Erik Krogh Kristensen
99dd5330c2 add taint-step for URL construction in js/request-forgery 2021-04-08 11:10:33 +02:00
Erik Krogh Kristensen
c194598d37 recognize headers/url from the HTTP request to a server WebSocket. 2021-04-06 10:11:27 +02:00
Erik Krogh Kristensen
84e9229386 Merge branch 'main' into koa 2021-03-19 16:56:15 +01:00
Erik Krogh Kristensen
58617c5c59 recognize client websockets as ClientRequests 2021-03-18 19:08:39 +01:00
Erik Krogh Kristensen
3995ff322d add models for koa-route and koa-router 2021-03-17 19:17:20 +01:00
Erik Krogh Kristensen
e6e4a485c8 add JSDOM.fromUrl() as a request forgery sink 2020-11-02 17:05:56 +01:00
Erik Krogh Kristensen
6110f85748 refactor chrome-remote-interface to use type-tracking promise steps 2020-03-10 12:27:21 +01:00
Erik Krogh Kristensen
897bb4d801 add test for chrome-remote-interface 2020-02-13 15:12:45 +01:00
Max Schaefer
b42026a90a JavaScript: Update expected output. 2019-10-29 15:36:24 +00:00
Asger F
3bc7371fd6 JS: be less conservative about incomplete nodes in prefix sanitizers 2019-04-03 15:20:03 +01:00
Asger F
f6e0ccfcf0 JS: model URI and XHR methods from closure library 2019-02-08 15:18:27 +00:00
Asger F
fd2e9f1fcb JS: shift line numbers in RequestForgery test 2019-02-08 15:13:33 +00:00
Esben Sparre Andreasen
c6b4e29b93 JS: add "host" as a sink for js/request-forgery 2018-12-17 10:32:30 +01:00
Max Schaefer
9221b62ded JavaScript: Update expectd test output for security path queries to include nodes and edges query predicates. 2018-11-14 09:32:31 +00:00
Esben Sparre Andreasen
f5a6af54e6 JS: add security query: js/request-forgery 2018-09-04 09:25:42 +02:00