hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-16 12:36:55 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,392 Commits 1,713 Branches 162 Tags
8749bdb979c054e937c350a53e429687584df992
Commit Graph

590 Commits

Author SHA1 Message Date
Napalys
2d6f5d1da4 Refactor ClientRequest to introduce GotInstance classes for improved handling of got instances and options retrieval. 2025-03-24 13:20:09 +01:00
Napalys
f43510c9aa Added support for paginate. 2025-03-21 15:03:23 +01:00
Napalys
63193fa91c Improve URL handling in ClientRequest for extend() and Options 2025-03-21 15:02:34 +01:00
Napalys
99efb610d4 Enhance URL handling in ClientRequest for got Options 2025-03-21 15:01:43 +01:00
Napalys
b33f760765 Manage chain calls of extend. 2025-03-21 15:00:39 +01:00
Napalys Klicius
803aacf9f0 Merge pull request #19068 from Napalys/js/superagent 
JS: `superagent` modeling
 2025-03-21 09:15:31 +01:00
Napalys
d61d038b9b Refactored SuperAgentUrlRequest to use API graph. 2025-03-20 18:17:28 +01:00
Napalys
ca53e97de4 Adressed comments. 2025-03-20 12:37:06 +01:00
Napalys Klicius
221cc1977d Merge branch 'main' into js/underscore-string 2025-03-20 12:26:00 +01:00
Napalys
af567b49fb Simplified SuperAgentUrlRequest. 2025-03-20 12:10:37 +01:00
Napalys
539e2ef558 Added support for superagent.agent(). 2025-03-20 12:09:31 +01:00
Napalys
cdf4f5395f Enhance SuperAgent URL request handling for both method calls and direct calls 2025-03-20 12:09:26 +01:00
Napalys
2e1734eeba Added support for del function in superagent 2025-03-20 12:01:18 +01:00
Napalys
922a07d01e Added underscore.string clearsContent. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-18 12:58:19 +01:00
Asger F
ab74898bbb JS: Deprecate getUnknownMember() and replace its uses with getArrayElement() 
Although they mean slightly different things, every single call site
of getUnknownMember() just used it as a way to get array elements.

Since there is no known use-case for the original meaning of
getUnknownMember() I am deprecating it for now.
 2025-03-14 23:08:19 +01:00
Asger F
4c1c0b79a6 JS: Make API-graphs use Content internally, and use steps from flow summaries 2025-03-14 23:08:16 +01:00
Napalys
933f3c6f77 Refactor Tanstack integration: remove Tanstack framework and added model as data for it instead. 2025-03-14 13:52:05 +01:00
Napalys Klicius
40903a9643 Merge pull request #18975 from Napalys/js/tanstack_angular 
JS: Update Angular Client Request's with API graph and `Tanstack` Angular modeling
 2025-03-12 15:30:26 +01:00
Asger F
e8c5e4d006 Merge branch 'main' into js/test-suite 2025-03-11 13:17:08 +01:00
Napalys
c001435258 Refactor Angular2 API to use httpClientApiNode for HttpClient method calls 2025-03-11 12:32:24 +01:00
Napalys
13c701948a Refactor Markdown taint steps and update expected results for reflected XSS tests 2025-03-10 19:27:36 +01:00
Asger F
319ee2ccd5 JS: Track deep flow through qs.stringify 2025-02-28 13:28:04 +01:00
Asger F
cf33db78cc JS: Fix the spurious flow 2025-02-28 13:28:02 +01:00
Napalys
bf77ffef37 Applied comment 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 13:57:39 +01:00
Napalys
e2927b2fad Updated tanstack to use API graph. 2025-02-25 11:48:44 +01:00
Napalys
ab0241c1de Added missing doc strings for Tanstack queries 2025-02-21 13:32:49 +01:00
Napalys
1227a7eedc Add Tanstack framework support and enhance data flow tracking for fetch responses 2025-02-21 13:24:00 +01:00
Asger F
58c8b5fa2b Merge pull request #18790 from asgerf/js/no-implicit-array-taint 
JS: Do not taint whole array when storing into ArrayElement
 2025-02-19 13:23:31 +01:00
Asger F
804a1a6cb0 JS: Handle array of sorting criteria 2025-02-18 16:58:04 +01:00
Asger F
7486742c37 JS: Fix model of _.sortBy 2025-02-18 16:53:40 +01:00
Asger F
e610683377 JS: Linter fix 2025-02-18 09:25:23 +01:00
Asger F
6e074c301f JS: Port lodash callback steps to flow summaries 
Not all of lodash, just the callbacks we already modeled plus a few easy ones
 2025-02-17 14:54:45 +01:00
Asger F
4e325d9f1c JS: Convert some exception steps to legacy 2025-02-17 11:53:50 +01:00
Kevin Stubbings
f5521ca1b8 Formatting 2025-02-12 00:15:27 -08:00
Kevin Stubbings
d0ed0fdeb3 Add download to Express 2025-02-12 00:10:09 -08:00
Asger F
16f7373712 JS: Model dependency injection in Nest 2025-01-29 13:49:46 +01:00
Paul Hodgkinson
f033f179f7 Merge branch 'main' into angular-sources-sinks 2025-01-24 15:46:48 +00:00
aegilops
522f3d1337 Merge 2025-01-23 17:00:56 +00:00
Asger F
b015c88c79 JS: Add view-component-input threat model 2025-01-22 10:45:46 +01:00
Asger F
d4daa21318 JS: Add DOM event sources in Angular2 model 2025-01-17 10:20:22 +01:00
aegilops
e7881a8c7f Fix typo 2025-01-09 17:11:06 +00:00
aegilops
62599b2a12 Formatted 2025-01-09 17:02:37 +00:00
aegilops
98b4c35844 Set doc string on getElementNode predicate 2025-01-09 17:00:01 +00:00
aegilops
2dc9e7bab7 Moved def from AngularJSCore to Angular2 2025-01-08 16:36:10 +00:00
aegilops
820fe6cd04 Formatting 2025-01-06 16:59:04 +00:00
aegilops
322c731ac3 Attempt at AttributeDefinition to generalise Angular Renderer2 support 2025-01-06 16:52:38 +00:00
Asger F
d52bc971b8 Merge branch 'main' into js/shared-dataflow-merge-main 2024-11-20 14:05:03 +01:00
Rasmus Wriedt Larsen
19fae76a94 JS: Remove dummy comment 
Co-authored-by: Asger F <asgerf@github.com>
 2024-11-01 10:24:22 +01:00
Rasmus Wriedt Larsen
61e60de969 JS: Model readline as a stdin threat-model source 
Technically not always true, but my assumption is that +90% of the time
that's what it will be used for, so while we could be more precise by
adding a taint-step from the `input` part of the construction, I'm not
sure it's worth it in this case.

Furthermore, doing so would break with the current way we model
threat-model sources, and how sources are generally modeled in JS... so
for a very pretty setup it would require changing all the other `file`
threat-model sources to start at the constructors such as
`fs.createReadStream()` and have taint-propagation steps towards the
actual use (like we do in Python)...

I couldn't see an easy path forwards for doing this while keeping the
Concepts integration, so I opted for the simpler solution here.
 2024-10-31 14:29:30 +01:00
Rasmus Wriedt Larsen
eca8bf5a35 JS: Do simple modeling of process.stdin as threat-model source 2024-10-31 14:26:45 +01:00