codeql

hohn/codeql

Fork 0

mirror of https://github.com/github/codeql.git synced 2026-03-17 04:56:58 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	d3ae4c930e	JS: Model newer `yargs` command-line parsing pattern	2024-10-25 15:03:43 +02:00
Rasmus Wriedt Larsen	3448751b4c	JS: Consolidate command-line argument modeling Such that we can reuse the existing modeling, but have it globally applied as a threat-model as well. I Basically just moved the modeling. One important aspect is that this changes is that the previously query-specific `argsParseStep` is now a globally applied taint-step. This seems reasonable, if someone applied the argument parsing to any user-controlled string, it seems correct to propagate that taint for _any_ query.	2024-10-25 15:03:43 +02:00

Rasmus Wriedt Larsen

d3ae4c930e

JS: Model newer yargs command-line parsing pattern

2024-10-25 15:03:43 +02:00

Rasmus Wriedt Larsen

3448751b4c

JS: Consolidate command-line argument modeling

Such that we can reuse the existing modeling, but have it globally
applied as a threat-model as well.

I Basically just moved the modeling. One important aspect is that this
changes is that the previously query-specific `argsParseStep` is now a
globally applied taint-step. This seems reasonable, if someone applied
the argument parsing to any user-controlled string, it seems correct to
propagate that taint for _any_ query.

2024-10-25 15:03:43 +02:00

2 Commits