hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-09 00:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
77,223 Commits 1,732 Branches 164 Tags
b2acfbcf8722fddbf4fa447ae665dceb2e67e324
Commit Graph

2000 Commits

Author SHA1 Message Date
Asger F
1324c11044 Merge pull request #19012 from asgerf/js/api-graph-array-element 
JS: Make API graphs use steps from summaries
 2025-03-18 18:03:43 +01:00
Asger F
1516029cf5 JS: Avoid generating ArrayElement edges for extend-like patterns 2025-03-17 13:48:27 +01:00
Asger F
125e732c4c JS: Fix bad join order 2025-03-17 13:44:33 +01:00
Napalys Klicius
749a0560b4 Merge pull request #19027 from Napalys/js/escape 
JS: Add support for `escape`
 2025-03-17 10:48:44 +01:00
Napalys Klicius
478e32cbe5 Update javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-03-17 10:17:39 +01:00
Asger F
cd3909245d JS: Bugfix in Array constructor summary 2025-03-14 23:08:22 +01:00
Asger F
ab74898bbb JS: Deprecate getUnknownMember() and replace its uses with getArrayElement() 
Although they mean slightly different things, every single call site
of getUnknownMember() just used it as a way to get array elements.

Since there is no known use-case for the original meaning of
getUnknownMember() I am deprecating it for now.
 2025-03-14 23:08:19 +01:00
Asger F
4c1c0b79a6 JS: Make API-graphs use Content internally, and use steps from flow summaries 2025-03-14 23:08:16 +01:00
Napalys
4a691b778b Added escape as UriEncodingSanitizer 2025-03-14 14:53:21 +01:00
Napalys
37e02e4261 Added escape as StringManipulationTaintStep. 2025-03-14 14:49:45 +01:00
Napalys
933f3c6f77 Refactor Tanstack integration: remove Tanstack framework and added model as data for it instead. 2025-03-14 13:52:05 +01:00
Napalys
dc262236f4 Enhance taint tracking by including escape and unescape in TaintedPath customizations. 2025-03-14 11:43:22 +01:00
Asger F
9a8cb1a55b Merge pull request #19007 from asgerf/js/api-graph-awaited-return 
JS: Fix bug in API graphs getPromised() missing async function returns
 2025-03-14 10:36:16 +01:00
Napalys
de5c7efd63 Added test case for unescape. 2025-03-13 13:47:42 +01:00
Asger F
08ee51cbc4 JS: Move some promise-related store steps into PromiseFlow::storeStep 
API graphs calls PromiseFlow::storeStep to propagate promises, which means it missed a store steps added elsewhere in the old promise library model.

We want API graphs to rely on type-tracking steps in general, like in Ruby, but for now just fixing the bug.
 2025-03-13 12:53:04 +01:00
Napalys Klicius
40903a9643 Merge pull request #18975 from Napalys/js/tanstack_angular 
JS: Update Angular Client Request's with API graph and `Tanstack` Angular modeling
 2025-03-12 15:30:26 +01:00
Asger F
8599ab2503 JS: Fix attributes nodes missing an enclosing callable 2025-03-11 16:47:48 +01:00
Asger F
e8c5e4d006 Merge branch 'main' into js/test-suite 2025-03-11 13:17:08 +01:00
Napalys Klicius
a4f2264f17 Merge pull request #18899 from Napalys/js/ecma-2024-regex 
JS: Add ECMAScript 2024 `v` Flag Operators for Regex Parsing
 2025-03-11 12:50:44 +01:00
Napalys
c001435258 Refactor Angular2 API to use httpClientApiNode for HttpClient method calls 2025-03-11 12:32:24 +01:00
Napalys Klicius
7c9edff33c Merge pull request #18964 from Napalys/js/mark_down_table 
JS: Refactor `markdown-table` library modeling
 2025-03-11 09:02:56 +01:00
Asger F
b583e52a87 Merge pull request #18962 from asgerf/js/local-type-indirection 
JS: Unfold local type aliases in getAnUnderlyingType
 2025-03-11 08:54:03 +01:00
Erik Krogh Kristensen
e6884cf705 Merge pull request #18959 from erik-krogh/faster-routing 
JS: ensure the result from getPathFromFork is unique (to avoid a blowup)
 2025-03-10 21:45:14 +01:00
Napalys
13c701948a Refactor Markdown taint steps and update expected results for reflected XSS tests 2025-03-10 19:27:36 +01:00
Erik Krogh Kristensen
b945466b9f Merge pull request #18892 from asgerf/js/membership-regexp-test 
JS: Sharpen up EnumerationRegExp
 2025-03-10 16:21:54 +01:00
Asger F
f7d2abf3e3 JS: Unfold local type aliases in getAnUnderlyingType 2025-03-10 16:09:16 +01:00
Napalys
9c8e0a5537 Applied changes from comments. 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-03-10 13:29:05 +01:00
erik-krogh
b70643b1a1 ensure the result from getPathFromFork is unique (to avoid a blowup) 2025-03-10 12:53:51 +01:00
Napalys
f48eab903f Add RegExpSubtraction class to support subtraction terms in regex 2025-03-10 11:18:10 +01:00
Napalys
8cbc0aea05 Add RegExpQuotedString class to support quoted string escapes in regex 2025-03-10 11:18:03 +01:00
Napalys
e0f20b2bd1 Add RegExpIntersection class to support intersection terms in regex 2025-03-07 08:58:19 +01:00
Anders Schack-Mulligen
c6761db2fc SSA: Replace the Guards interface in the SSA data flow integration. 2025-03-05 13:29:31 +01:00
Asger F
c3ad805fe8 JS: Sharpen up EnumerationRegExp 2025-02-28 13:58:11 +01:00
Asger F
29659647ea JS: Fix barrier guards for ServerSideUrlRedirect 
The barrier guards for ServerSideUrlRedirect were lost when it was ported to ConfigSig, and the aforementioned spurious alert was a result of that.

The query had two guards: a proper barrier guard and a heuristic one for functions named 'isLocalURL'. We should move away from the heuristic name-based sanitiser guards, so I'm only reinstating the proper barrier guard.

Therefore updating the test to test the real barrier guard.
 2025-02-28 13:28:43 +01:00
Asger F
319ee2ccd5 JS: Track deep flow through qs.stringify 2025-02-28 13:28:04 +01:00
Asger F
cf33db78cc JS: Fix the spurious flow 2025-02-28 13:28:02 +01:00
Asger F
baa7e35589 Merge pull request #18834 from Napalys/js/tanstack 
JS: Support 'response' threat model and @tanstack/react-query
 2025-02-25 16:16:06 +01:00
Napalys
bf77ffef37 Applied comment 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-02-25 13:57:39 +01:00
Napalys
e2927b2fad Updated tanstack to use API graph. 2025-02-25 11:48:44 +01:00
Anders Schack-Mulligen
57c4fd6f25 JS: Combine phi reads and ssa input nodes into SynthReadNode class. 2025-02-25 09:23:53 +01:00
Anders Schack-Mulligen
1af753cd0c JS: Use shared barrier guard for falsy check. 2025-02-24 13:00:06 +01:00
Anders Schack-Mulligen
09b2aeb53a SSA: Replace use-use step implementation in data-flow integration. 2025-02-24 10:58:14 +01:00
Anders Schack-Mulligen
4e515bc2f5 JS: Remove reference to isInputInto 2025-02-21 14:48:24 +01:00
Napalys
ab0241c1de Added missing doc strings for Tanstack queries 2025-02-21 13:32:49 +01:00
Napalys
1227a7eedc Add Tanstack framework support and enhance data flow tracking for fetch responses 2025-02-21 13:24:00 +01:00
Asger F
a1b7096125 Merge pull request #18783 from asgerf/js/downward-calls 
JS: Resolve calls downward in class hierarchy
 2025-02-20 09:01:58 +01:00
Asger F
58c8b5fa2b Merge pull request #18790 from asgerf/js/no-implicit-array-taint 
JS: Do not taint whole array when storing into ArrayElement
 2025-02-19 13:23:31 +01:00
Asger F
e1c280500e Merge pull request #18749 from Kwstubbs/express 
JS: Add result.download to Express as Path Traversal Sink
 2025-02-19 09:08:36 +01:00
Asger F
804a1a6cb0 JS: Handle array of sorting criteria 2025-02-18 16:58:04 +01:00
Asger F
7486742c37 JS: Fix model of _.sortBy 2025-02-18 16:53:40 +01:00