hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-26 03:43:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,951 Commits 1,692 Branches 161 Tags
fc1fd263dfedd3376bd3afaabcb9066908eae2d9
Commit Graph

2099 Commits

Author SHA1 Message Date
Asger F
aea676df3c Merge pull request #19445 from asgerf/js/summaries-with-fallback 
JS: Generate flow summaries from summaryModels; only generate steps as a fallback
 2025-05-13 14:49:38 +02:00
Napalys Klicius
d1e769ba54 Merge pull request #19422 from Napalys/js/shelljs 
JS: Modeling of `ShellJS` functions
 2025-05-02 14:18:44 +02:00
Napalys Klicius
871e93d9fe Update javascript/ql/lib/semmle/javascript/frameworks/ShellJS.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-05-02 13:39:46 +02:00
Asger F
a44bdf3be2 JS: Generate summaries from summaryModel, and only generate steps as a fallback 2025-05-01 15:22:47 +02:00
Asger F
ca5f8b0c1d JS: Move some code into ModelsAsData.qll 2025-05-01 15:17:07 +02:00
Napalys Klicius
68a9dd9f9e Address comments 2025-05-01 11:19:41 +02:00
Napalys Klicius
d4b5ef6a66 Refactor process.env handling in CleartextLogging and IndirectCommandInjection modules to use ThreatModelSource 2025-05-01 11:14:15 +02:00
Napalys Klicius
71f1b82a56 Added support for fastify.all 2025-04-30 14:54:09 +02:00
Asger F
8ebbfb198e Merge pull request #19412 from asgerf/js/promise-all 
JS: Better type-tracking through Promise.all()
 2025-04-30 14:19:12 +02:00
Napalys Klicius
18cea2d6a5 Added support for shelljs.cmd and async-shelljs.asyncExec 2025-04-30 13:37:02 +02:00
Napalys Klicius
25d04f1cdd Added support for shelljs.which 2025-04-30 13:35:17 +02:00
Napalys Klicius
6de38b1827 Merge pull request #19300 from Napalys/js/fastify 
JS: Added support for `fastify.addHook`
 2025-04-29 18:32:25 +02:00
Asger F
eae1e1cb02 JS: Make API graphs rely on type-tracking steps in general 2025-04-29 15:08:19 +02:00
Asger F
e40b93b8a3 JS: Add type-tracking step through simple Promise.all() calls 2025-04-29 15:08:18 +02:00
Napalys Klicius
8b53f8f2a6 Fix, prevent addHook return values from being treated as XSS sinks 2025-04-28 14:22:51 +02:00
Napalys
fdfdcc0d93 Undo unnecessary name tracking for request, response objects 2025-04-22 14:16:45 +02:00
Asger F
00661b62dc JS: Add isMiddlewareSetup() hook to Routing model 2025-04-22 12:00:02 +02:00
Asger F
c2cab184ac Merge pull request #19283 from asgerf/js/rest-pattern-fix 
JS: Fix missing flow into rest pattern lvalue
 2025-04-22 10:37:36 +02:00
Napalys
5c3556da66 Add user-controlled property tracking and update code injection alerts in Fastify hooks 2025-04-15 09:41:52 +02:00
Napalys
9b194ea613 Added addHook to RouteSetup thus now it is recognized now as rouute handler 2025-04-15 09:37:13 +02:00
Napalys Klicius
86313715a4 Merge pull request #19184 from Napalys/js/request_handlers 
JS: Support for `Request` and `NextRequest`
 2025-04-14 08:07:24 +02:00
Napalys Klicius
3d7c0201d9 Merge pull request #19231 from Napalys/js/typed_array 
JS: Taint propagation from low-level `ArrayBuffer` to `Strings`
 2025-04-11 11:29:01 +02:00
Napalys
11abbf8c4a Now nextUrl is of type parameter and loosen the restriction for NextAppRouteHandler 2025-04-11 11:19:12 +02:00
Napalys Klicius
92e4f112c0 Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:08:40 +02:00
Napalys Klicius
d0dcf897cb Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2025-04-11 11:04:08 +02:00
Napalys Klicius
d17d29a387 Merge pull request #19218 from Napalys/js/upgrade_websocket 
JS: Refactor `WebSocket` to use `API` graphs
 2025-04-11 10:05:54 +02:00
Napalys
e3f1720f9c RenamedDecodeLike to Decode and updated propagatesFlow 2025-04-11 10:04:09 +02:00
Napalys
678eccb417 Added searchParams.get as potential source for SSRF 2025-04-11 09:42:07 +02:00
Napalys
6e09a65da0 Added support for NextRequest middleware SSRF. 2025-04-11 08:43:36 +02:00
Asger F
719456e27d JS: Fix missing flow into rest pattern lvalue 2025-04-11 08:37:09 +02:00
Napalys
86b64afa13 Added NextResponse to the ResponseCall class it models similar near idential behaviour. 2025-04-10 15:06:44 +02:00
Napalys
63a3953b0c Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures. 2025-04-10 14:48:17 +02:00
Asger F
eac14b9837 Merge pull request #19200 from asgerf/js/web-response 
JS: Add sinks for calls to 'new Response()'
 2025-04-10 14:41:32 +02:00
Napalys
5243f90c90 Brought back old methods and marked them as deprecated 2025-04-09 14:56:24 +02:00
Napalys
0c52b5ad95 Added summary flow for StringFromCharCode 2025-04-09 14:24:43 +02:00
Napalys
a3e4e62eac Removed taint from ArrayBuffer constructor as it accepts length 2025-04-09 13:27:13 +02:00
Napalys
4bc3e9e736 Addressed comments 
Co-authored-by: Asgerf <asgerf@github.com>
 2025-04-09 12:31:45 +02:00
Napalys
b97c61864e Add flow summaries and entry points for TextDecoder 2025-04-07 18:15:19 +02:00
Napalys
f4277204b7 Add flow summaries and entry points for ArrayBuffer and SharedArrayBuffer 2025-04-07 18:12:35 +02:00
Napalys
ff07ec8d8c Add flow summaries for TypedArray methods set and subarray 2025-04-07 18:06:40 +02:00
Napalys
e23ff9cf3e Add TypedArrays flow summaries for Uint8Array and buffer property 2025-04-07 15:15:24 +02:00
Napalys
6fb5376c5f Refactor ReceivedItemAsRemoteFlow to handle data from both client and server WebSocket sources 2025-04-07 11:44:40 +02:00
Napalys
6bcfd8c91d Updated getAServer with API graphs. 2025-04-04 12:31:29 +02:00
Napalys
c5860e92ec Updated WebSocketReceiveNode to match bind functions. 2025-04-04 12:28:53 +02:00
Napalys
49194b0340 Updated WebSocketReceiveNode with API graphs. 2025-04-04 12:26:52 +02:00
Napalys
0dbf951291 Updated ClientSocket and SendNode with API graphs. 2025-04-04 09:14:54 +02:00
Napalys
e16a20e69f Updated SocketClass to use API Graphs. 2025-04-04 08:47:27 +02:00
Asger F
6c33013788 JS: Enable association with headers without needing a route handler 
Previously it was not possible to associate a ResponseSendArgument with its header definitions if they did not have the same route handler.

But for calls like `new Response(body, { headers })` the headers are fairly obvious whereas the route handler is unnecessarily hard to find. So we use the direct and obvious association between 'body' and 'headers' in the call.
 2025-04-03 11:08:10 +02:00
Asger F
db2720ea5b JS: Initial model of Response 2025-04-03 11:08:05 +02:00
Napalys
04a39eb735 Removed old mkdirp modeling and replaced it with MaD. 2025-04-03 10:45:16 +02:00