Remco Vermeulen
133a243298
Add support for XML attributes in the data flow graph
2023-12-14 11:33:53 -08:00
Tom Hvitved
a46964dfe8
Address review comments
2023-12-12 13:55:52 +01:00
Tom Hvitved
28373e0fdf
JS: Adapt to changes in shared code
2023-12-10 11:25:43 +01:00
erik-krogh
e8f9e366d5
remove redundant imports for JS
2023-12-08 16:56:54 +01:00
erik-krogh
abb8d65483
Merge branch 'main' into amammad-js-SQLI
2023-11-23 21:17:58 +01:00
amammad
60b422a35c
fix second round of code review. improve documents, fix better-sqlite3 method
2023-11-23 14:01:38 +01:00
amammad
0328a2986d
move TypeORM library file and tests to experimental
...
add inline tests :)
Fix TypeORM fuzzy method according to Review
2023-11-21 19:59:06 +01:00
amammad
999ec7053e
fix Query class docstring
2023-11-21 18:56:05 +01:00
Rasmus Wriedt Larsen
43d9d2ceb7
Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link
...
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
2023-11-08 14:29:24 +01:00
Geoffrey White
e8a466a02c
Update dead link.
2023-11-07 09:26:07 +00:00
amammad
c858e4974d
fix Sqlite and BetterSqlite3 issues according to Review
2023-11-06 14:57:40 +01:00
Arthur Baars
5cc94e1105
Express.js: add req.path as remote input source
2023-10-31 12:44:26 +01:00
Harry Maclean
083be305e1
Shared: Add neutralModel extensible predicate
...
The neutralModel extensible predicate already exists in Java and C#, so
this change brings the dynamic languages more in line with static
languages. The Model Editor uses this predicate to mark endpoints as
"not interesting" from a data flow perspective.
2023-10-30 11:31:57 +00:00
Max Schaefer
08cc8b8e80
Autoformat.
2023-10-26 15:36:06 +01:00
Max Schaefer
abef8483bd
Merge pull request #14600 from github/max-schaefer/express-rate-limit
...
JavaScript: Add support for importing `express-rate-limit` using a named import.
2023-10-26 15:15:22 +01:00
Max Schaefer
741735cc83
Port changes to JavaScript.
2023-10-26 14:47:24 +01:00
Max Schaefer
aff848b038
Update javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll
...
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com >
2023-10-26 13:06:52 +01:00
Max Schaefer
bb146a1758
JavaScript: Add support for rateLimit export from express-rate-limit package.
2023-10-26 12:14:57 +01:00
amammad
e3dbdc3887
add custom query builder and active record querybuilder support
2023-10-22 21:39:59 +02:00
flyboss
ee813c1e61
Update UnsafeHtmlConstructionQuery.qll
...
add a deprecated alias in case anyone depends on the misspelled name.
2023-10-20 17:57:23 +08:00
flyboss
86336565eb
fix typo
2023-10-19 02:34:31 +00:00
Arthur Baars
0e3369f93f
Merge pull request #14484 from aibaars/ts53-js
...
JS: Support import attributes
2023-10-16 10:47:49 +02:00
Arthur Baars
a9a21aa313
Rename DynamicImportExpr::getImport{Attributes => Options}
2023-10-12 13:00:39 +02:00
Arthur Baars
c28004f2a6
Rename 'getImportAssertion()' to 'getImportAttributes()' in QL library
2023-10-12 13:00:39 +02:00
Erik Krogh Kristensen
85bb14f04f
Merge pull request #14405 from erik-krogh/tagCall
...
JS: recognize tagged template literals as `DataFlow::CallNode`
2023-10-11 11:25:34 +02:00
Erik Krogh Kristensen
6377e92067
Update javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
...
Co-authored-by: Asger F <asgerf@github.com >
2023-10-11 09:52:48 +02:00
amammad
242f7e1c53
update pg :)
2023-10-10 11:42:32 +02:00
amammad
bbeb7b39d7
add better-sqlite3
2023-10-10 11:17:04 +02:00
erik-krogh
f48b47c656
JavaScript: add import that populate the shared abstract classes
2023-10-09 09:14:55 +02:00
erik-krogh
c2942b37a7
JS: delete various outdated deprecations
2023-10-09 09:14:55 +02:00
erik-krogh
0d992a3d1f
delete old deprecated aliases of various regex libraries
2023-10-09 09:14:54 +02:00
erik-krogh
56e9eda2b9
fix performance by caching getArgument
2023-10-07 13:06:45 +02:00
erik-krogh
18e6a5491c
recognize tagged templates as DataFlow::CallNode
2023-10-06 21:14:00 +02:00
Asger F
162c477236
JS: Add AmdModuleDefinition::Range
2023-10-04 20:38:37 +02:00
amammad
97c27ac11b
revert SqlInjection.ql changes
2023-09-29 01:36:00 +10:00
amammad
58f4cd77dc
add TypeORM to javascript.qll file
...
add tests
improvement on comments
2023-09-29 01:23:22 +10:00
Anders Schack-Mulligen
855c89667d
JavaScript: Use shared FileSystem library.
2023-09-28 08:58:55 +02:00
amammad
0eb0c238f3
stash
2023-09-23 20:28:34 +10:00
amammad
bafe357500
V3
2023-09-23 18:22:43 +10:00
amammad
0c40223192
v1
2023-09-23 18:17:49 +10:00
amammad
a8aeb1d03e
add active record and data mapper patterns support
2023-09-22 22:50:55 +10:00
amammad
522a2e2594
v2
2023-09-22 18:56:47 +10:00
amammad
54a44777b7
v1
2023-09-13 19:14:15 +10:00
erik-krogh
a7d92b3473
add JS support the using keyword
2023-08-24 20:30:26 +02:00
Asger F
dec6039469
JS: Follow immediate predecessors in path resolution
2023-08-23 09:53:51 +02:00
yoff
7f2f6f14e7
Merge pull request #13729 from yoff/python/model-aws-lambdas
...
Python/JavaScript: Shared module for serverless functions
2023-08-16 15:14:08 +02:00
Asger F
c38cbe859d
Merge pull request #13737 from asgerf/dynamic/fuzzy-models
...
Dynamic: add Fuzzy token
2023-08-03 09:58:24 +02:00
Jeongsoo Lee
4529d8b75a
Add support for log injection in MaD
2023-07-28 22:37:56 +00:00
Asger F
d57276ca35
Merge pull request #13719 from asgerf/js/barrier-inout
...
JS: Replace barrier edges with barrier nodes
2023-07-13 16:36:52 +02:00
Asger F
f3fab587a9
JS: Add Fuzzy token in identifying access path
2023-07-13 14:01:06 +02:00
