JS: Modeling of `rimraf` functions #19196

Napalys · 2025-04-02T10:52:11Z

Added MaD for rimraf functions which were not covered.

Copilot

Pull Request Overview

This PR enhances the modeling of rimraf functions to improve path-injection analysis by adding support for additional methods.

Updated tests to include calls to various rimraf methods as sinks.
Extended the sink model in the YAML configuration to cover both synchronous and asynchronous rimraf methods.
Added change notes documenting the support for additional rimraf methods.

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js	Added tests invoking multiple rimraf methods to simulate potential path-injection sinks.
javascript/ql/lib/ext/rimraf.model.yml	Extended modeling definitions to cover new rimraf method variations.
javascript/ql/lib/change-notes/2025-04-02-rimraf.md	Added change note highlighting the new support for additional rimraf methods.

Files not reviewed (1)

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected: Language not supported

Tip: If you use Visual Studio Code, you can request a review from Copilot before you push from the "Source Control" tab. Learn more

Napalys added 3 commits April 2, 2025 12:46

Added test cases for rimraf library.

14999c1

Add rimraf model and update tests for path injection vulnerabilities

b16b407

Added change note

390d9ff

github-actions bot added JS documentation labels Apr 2, 2025

Napalys marked this pull request as ready for review April 2, 2025 12:26

Copilot bot review requested due to automatic review settings April 2, 2025 12:26

Napalys requested a review from a team as a code owner April 2, 2025 12:26

Copilot AI reviewed Apr 2, 2025

View reviewed changes

asgerf approved these changes Apr 3, 2025

View reviewed changes

Napalys merged commit 5c42c0b into github:main Apr 3, 2025
14 checks passed