11807 Commits

Author	SHA1	Message	Date
Asger F	7670a2bd77	Merge pull request #20375 from asgerf/js/promise-try ... JS: Support Promise.try and Array.prototype.with	2025-09-16 14:44:07 +02:00
Napalys Klicius	97a11de1e3	Merge pull request #20435 from Napalys/js/promisification_modeling ... JS: Promisification library modeling and enhance flow	2025-09-16 14:07:53 +02:00
Asger F	edf79a3730	JS: Change note	2025-09-16 13:53:31 +02:00
Napalys Klicius	49ccb8ce2b	JS: Simplify exist clause to use Promisify::PromisifyAllCall instead of DataFlow::SourceNode	2025-09-16 13:13:15 +02:00
Asger F	429c4eac96	JS: Add support for Array.prototype.with ... Note: This was authored by Copilot	2025-09-16 13:06:59 +02:00
Asger F	ee78b7dc96	JS: Add support for Promise.try	2025-09-16 13:06:57 +02:00
Asger F	45eff3dac8	Merge pull request #20399 from asgerf/js/default-interop2 ... JS: Refactor handling of ambiguous default imports	2025-09-16 13:02:22 +02:00
Asger F	78bfdfd931	Merge pull request #20390 from asgerf/post-update-consistency ... DataFlow: Permit local flow between post-update nodes	2025-09-16 13:00:29 +02:00
Asger F	65102a073a	Merge pull request #19770 from trailofbits/VF/async-package-improvements ... Improve data flow in the `async` package	2025-09-16 08:55:52 +02:00
Asger F	f587273828	Merge pull request #19768 from trailofbits/VF/lodash-group-by ... Add lodash GroupBy as taint step	2025-09-16 08:55:13 +02:00
Chris Smowton	c375f24598	Merge pull request #20423 from smowton/smowton/fix/length-comparison-off-by-one-fp ... JS: Recognise that a less-than test is as good as a non-equal test for mitigating off-by-one array access	2025-09-15 18:24:45 +01:00
Napalys Klicius	278a1efb4b	JS: Add change note	2025-09-15 18:21:45 +02:00
Napalys Klicius	3a75500f54	JS: Add modeling for call-me-maybe	2025-09-15 17:15:31 +02:00
Napalys Klicius	0d23ab07db	JS: Add data flow modeling for promisified user-defined functions	2025-09-15 17:13:13 +02:00
Napalys Klicius	2c6db00cbc	JS: Add modeling for util promisify*	2025-09-15 17:09:28 +02:00
Napalys Klicius	e002f2088f	JS: Add modeling for es6-promisify	2025-09-15 17:04:34 +02:00
Napalys Klicius	35c75c00ba	JS: Add modeling for @gar/promisify	2025-09-15 16:58:11 +02:00
Napalys Klicius	312471e9db	JS: Add modeling for @google-cloud/promisify	2025-09-15 16:55:27 +02:00
Napalys Klicius	d37425ae3e	JS: Treat promisify(obj).member as obj.member	2025-09-15 16:51:19 +02:00
Napalys Klicius	22b61852a1	JS: Add modeling for thenify-all	2025-09-15 16:31:14 +02:00
Napalys Klicius	d6a14e63ba	JS: Add test cases for promisification libraries.	2025-09-15 16:21:12 +02:00
Ian Lynagh	d0091e1b3c	javascript: Fix spelling error in documentation ... Corrects the spelling of "occurrences" in the Incomplete Multi-Character Sanitization documentation to improve clarity.	2025-09-15 14:53:22 +01:00
Chris Smowton	db5c58180e	Change note	2025-09-12 14:32:12 +01:00
Chris Smowton	f5780ae369	Amend docstring	2025-09-12 14:32:10 +01:00
Chris Smowton	4fb133a43d	Recognise that a less-than test is as good as a non-equal test for mitigating off-by-one array access	2025-09-12 14:32:07 +01:00
Asger F	ae4cf302f2	Remove failures from dataflow-consistency expectations	2025-09-11 14:49:58 +02:00
Asger F	7a2391f848	JS: Deprecate Portals and delete tests ... This is a super old attempt at model generation, from before MaD even existed. It's obsolete and just have to be removed.	2025-09-11 11:05:36 +02:00
Asger F	d39263dcac	Merge pull request #20317 from asgerf/js/xunit ... JS: Avoid overriding Expr predicates in xUnit.qll	2025-09-10 13:41:21 +02:00
Asger F	dacc9e26e9	JS: Refactor 'default' import interop	2025-09-10 13:03:36 +02:00
Asger F	09edc29979	Merge pull request #20322 from asgerf/js/react-no-override ... JS: Do not override AST methods in React model	2025-09-10 10:42:59 +02:00
Asger F	d575d3c9e4	Merge pull request #20374 from asgerf/js/typescript-5.9 ... JS: Support TypeScript 5.9 and support 'import defer' syntax	2025-09-09 20:50:04 +02:00
Asger F	d8e943ea05	Update javascript/ql/lib/semmle/javascript/frameworks/React.qll ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-09-09 08:36:25 +02:00
Asger F	0752dbea9b	Merge pull request #20360 from asgerf/js/remove-angularjs-string-special-case ... JS: Remove special treatment of strings in AngularJS code	2025-09-08 22:48:23 +02:00
Asger F	b5045b3407	Merge pull request #20363 from asgerf/js/remove-fallback-type ... JS: Remove unused getFallbackTypeAnnotation()	2025-09-08 22:48:07 +02:00
Napalys Klicius	8c34b7eaea	Merge pull request #20146 from Napalys/js/move-cors-query-from-experimental ... JS: Move cors-misconfiguration query from experimental to Security	2025-09-08 09:32:38 +02:00
Napalys Klicius	b2feaaceea	Merge branch 'main' into js/move-cors-query-from-experimental	2025-09-05 12:11:09 +02:00
Asger F	ef114c4a07	JS: Add change note	2025-09-05 12:04:53 +02:00
Asger F	a08878f419	JS: Add upgrade and downgrade scripts	2025-09-05 12:03:56 +02:00
Asger F	bab2a79055	JS: Add parsing support in JS parser	2025-09-05 11:57:34 +02:00
Asger F	215602c963	JS: Preserve information about 'defer' keyword	2025-09-05 11:57:33 +02:00
Asger F	76ca1a576f	JS: Add basic test for 'import defer' syntax in TypeScript	2025-09-05 11:57:31 +02:00
Asger F	0d03c813d0	JS: Also update @types/node version	2025-09-05 11:57:30 +02:00
Asger F	b2b5199055	JS: Bump TypeScript dependency to 5.9	2025-09-05 11:57:29 +02:00
Napalys Klicius	d8c4d6deb4	Rename cors-misconfiguration to cors-origin.	2025-09-05 11:30:07 +02:00
Napalys Klicius	e6eacca50b	Update change note to reflect changes	2025-09-05 11:27:29 +02:00
Arthur Baars	5d3ec35e29	Remove non-breaking spaces from code	2025-09-05 09:41:15 +02:00
Napalys Klicius	c4c8dbcf7d	Merge remote-tracking branch 'origin/main' into js/move-cors-query-from-experimental	2025-09-04 15:24:44 +02:00
Napalys Klicius	d3d608fa33	Updated query description and added a sanitizer	2025-09-04 13:16:37 +00:00
Napalys Klicius	6c751ce934	Merged config classes	2025-09-04 12:31:24 +00:00
Napalys Klicius	4dac80a998	Replace complex wrapper classes with MaD	2025-09-04 12:19:22 +00:00