hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 23:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,744 Commits 1,693 Branches 160 Tags
3cbc4142f06f87c28fa93db0de2fd1f1604752d9
Commit Graph

78744 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Napalys Klicius
3cbc4142f0 Update javascript/ql/src/Quality/UnhandledStreamPipe.ql 
Co-authored-by: Asger F <asgerf@github.com>
 2025-06-02 17:40:06 +02:00
Napalys Klicius
298ef9ab12 Now able to track error handler registration via instance properties 2025-06-02 11:01:41 +02:00
Napalys Klicius
f843cc02f6 Fix false positives in stream pipe analysis by improving error handler tracking via property access. 2025-05-30 18:08:04 +02:00
Napalys Klicius
d3b2a57fbf Fixed ql warning Expression can be replaced with a cast 2025-05-28 17:34:16 +02:00
Napalys Klicius
2e2b9a9d63 Make predicates private and clarify stream reference naming. 2025-05-28 17:23:55 +02:00
Napalys Klicius
f8f5d8f561 Exclude .pipe detection which are in a test file. 2025-05-28 17:18:39 +02:00
Napalys Klicius
5bb29b6e33 Now flags only .pipe calls which have an error somewhere down the stream, but not on the source stream. 2025-05-28 17:17:43 +02:00
Napalys Klicius
5214cc0407 Excluded ngrx, datorama, angular, react and langchain from stream pipe query. 2025-05-27 09:45:37 +02:00
Napalys Klicius
e964b175e6 Added maintainability and error-handling tags 2025-05-26 14:23:20 +02:00
Napalys Klicius
000e69fd48 Replaced fuzzy NonNodeStream MaD to a ql predicate to deal easier with submodules 2025-05-23 13:55:40 +02:00
Napalys Klicius
248f83c4db Added qhelp for UnhandledStreamPipe query 2025-05-23 13:35:36 +02:00
Napalys Klicius
c6db32ed73 Add exceptions for arktype, execa, and highland to prevent them from being flagged by unhandled pipe error query 2025-05-23 12:34:11 +02:00
Napalys Klicius
15ff7cb41a Added more test cases which common js libraries uses .pipe() 2025-05-23 12:30:49 +02:00
Napalys Klicius
b10a9481f3 Fixed false positives from strapi and rxjs/testing as well as when one passes function as second arg to pipe 2025-05-22 18:50:02 +02:00
Napalys Klicius
e6ae8bbde4 Added test cases where second parameter passed to pipe is a function and some popular library ones 2025-05-22 18:50:01 +02:00
Napalys Klicius
ac24fdd348 Add predicate to detect non-stream-like usage in sources of pipe calls 2025-05-22 18:49:59 +02:00
Napalys Klicius
5b1af0c0bd Added detection of custom gulp-plumber sanitizer, thus one would not flag such instances. 2025-05-22 18:49:53 +02:00
Napalys Klicius
b1048719aa Added UnhandledStreamPipe to javascript-security-and-quality.qls and javascript-code-quality.qls 2025-05-22 12:42:56 +02:00
Napalys Klicius
09220fce84 Fixed issue where pipe calls from rxjs package would been identified as pipe calls on streams 2025-05-22 12:33:36 +02:00
Napalys Klicius
d7f86db76c Enhance PipeCall to exclude non-function and non-object arguments in pipe method detection 2025-05-22 12:31:27 +02:00
Napalys Klicius
4332de464a Eliminate false positives by detecting non-stream objects returned from pipe() calls based on accessed properties 2025-05-22 12:31:26 +02:00
Napalys Klicius
5710f0cf51 Add test cases for non-stream field accesses and methods before and after pipe operations 2025-05-22 12:31:19 +02:00
Napalys Klicius
03d1f9a7d3 Restrict pipe detection to calls with 1-2 arguments 2025-05-21 11:41:22 +02:00
Napalys Klicius
30f2815503 Fixed issue where a custom pipe method which returns non stream would be flagged by the query 2025-05-21 11:41:19 +02:00
Napalys Klicius
ef1bde554a Fixed issue where streams would not be tracked via chainable methods 2025-05-21 11:40:35 +02:00
Napalys Klicius
f39bf62fc6 test: Add edge cases for stream pipe error handling 
Add tests for chained stream methods and non-stream pipe objects
 2025-05-21 11:39:03 +02:00
Napalys Klicius
c27157f021 Add UnhandledStreamPipee Quality query and tests to detect missing error handlers in Node.js streams 2025-05-21 11:38:57 +02:00
Napalys Klicius
d1e769ba54 Merge pull request #19422 from Napalys/js/shelljs 
JS: Modeling of `ShellJS` functions
 2025-05-02 14:18:44 +02:00
Napalys Klicius
871e93d9fe Update javascript/ql/lib/semmle/javascript/frameworks/ShellJS.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-05-02 13:39:46 +02:00
Michael Nebel
74669cb0cb Merge pull request #19382 from michaelnebel/shared/modelgenrefactor 
Shared: Re-factor summary, source and sink model generators into separate modules.
 2025-05-02 09:38:24 +02:00
Tamás Vajk
cb1c3736fe Merge pull request #19413 from tamasvajk/quality/query-suite-selector 
Add code quality suite selector and use that in the code quality suites
 2025-05-02 08:18:48 +02:00
Napalys Klicius
f652686607 Merge pull request #19444 from Napalys/python/hdbcli 
Python: modeling of `hdbcli`
 2025-05-01 17:58:31 +02:00
Tom Hvitved
40f80ff4e7 Merge pull request #19442 from hvitved/rust/clone-modeling 
Rust: Strengthen modeling of the `Clone` trait
 2025-05-01 17:11:42 +02:00
Jeroen Ketema
8ad6938a82 Merge pull request #19434 from jketema/array-barrier 
C++: Limit flow through sinks and sources in `cpp/upcast-array-pointer-arithmetic`
 2025-05-01 16:42:53 +02:00
yoff
d7e6e1dd66 Merge pull request #19432 from yoff/python/model-http-server-header-write 
python: model `send_header` from `http.server`
 2025-05-01 15:34:05 +02:00
Taus
481adcea0a Merge pull request #18449 from github/tausbn/misc-add-script-for-calculating-mrva-totals 
Misc: Add script for calculating totals for a MRVA run
 2025-05-01 15:17:19 +02:00
Owen Mansel-Chan
e0549483fd Merge pull request #19429 from owen-mc/fix-cwe-tags-missing-leading-zero 
Fix cwe tags to include leading zero
 2025-05-01 14:09:54 +01:00
Napalys Klicius
da7c0931b8 Added hdbcli to be part of supported-framework as well as change note 2025-05-01 14:18:08 +02:00
Napalys Klicius
e1fc0ca051 Added implementation hdbcli as part of PEP249::PEP249ModuleApiNode 2025-05-01 14:18:02 +02:00
Napalys Klicius
0325f368fe Added test case for hdbcli 2025-05-01 13:57:14 +02:00
Nick Rolfe
817237ce54 Merge pull request #19441 from github/nickrolfe/mergeback-2.21.2 
Merge back 2.21.2 release branch
 2025-05-01 11:55:29 +01:00
Napalys Klicius
6ba0dc20a3 Merge pull request #19439 from Napalys/js/fastify-all 
JS: Modeling of `fastify`
 2025-05-01 12:11:52 +02:00
Owen Mansel-Chan
0863c87572 Add change notes 2025-05-01 10:33:24 +01:00
Napalys Klicius
68a9dd9f9e Address comments 2025-05-01 11:19:41 +02:00
Napalys Klicius
d4b5ef6a66 Refactor process.env handling in CleartextLogging and IndirectCommandInjection modules to use ThreatModelSource 2025-05-01 11:14:15 +02:00
Napalys Klicius
33d8ffa83e Added test cases for shelljs.env 2025-05-01 11:11:29 +02:00
Napalys Klicius
602500e280 Added change note 2025-05-01 11:09:56 +02:00
Napalys Klicius
40d176a770 Added model for shelljs.env 2025-05-01 11:09:47 +02:00
Tom Hvitved
423e2dac91 Rust: Strenghten the modeling of the Clone trait 2025-05-01 10:54:52 +02:00
Tom Hvitved
1770f568a2 Merge pull request #19367 from hvitved/rust/type-inference-try-expr 
Rust: Type inference for `?` expressions
 2025-05-01 10:27:49 +02:00