Skip to content

JS: superagent modeling #19068

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Napalys merged 9 commits into from
Mar 21, 2025
Merged

JS: superagent modeling #19068

Napalys merged 9 commits into from
Mar 21, 2025

Conversation

@Napalys
Copy link
Contributor

@Napalys Napalys commented Mar 20, 2025
edited
Loading

This PR addresses missing modeling for superagent in specific use cases:

  • Adds support for the del method superagent.del(url).
  • Handles cases where the HTTP method (e.g., 'GET') is passed as an argument superagent('GET', url).
  • Adds modeling for calls made on superagent.agent().

@github-actions github-actions bot added the JS label Mar 20, 2025
@Napalys Napalys marked this pull request as ready for review March 20, 2025 12:23
Copilot AI review requested due to automatic review settings March 20, 2025 12:23
@Napalys Napalys requested a review from a team as a code owner March 20, 2025 12:23
Copilot AI reviewed Mar 20, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds missing modeling for superagent use cases in the code analysis framework.

  • Adds modeling for the del method (superagent.del(url)).
  • Models function call syntax for specifying HTTP method (superagent('GET', url)).
  • Introduces modeling for agent-based requests (superagent.agent().post(url).send(data)).

Reviewed Changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated 1 comment.

File Description
javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js Adds a new function with superagent API modeling
javascript/ql/lib/change-notes/2025-03-20-superagent.md Updates change notes for enhanced superagent support
Files not reviewed (2)
  • javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll: Language not supported
  • javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected: Language not supported

Tip: Copilot only keeps its highest confidence comments to reduce noise and keep you focused. Learn more

@github github deleted a comment from Copilot AI Mar 20, 2025
asgerf
asgerf reviewed Mar 20, 2025
View reviewed changes
javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll
agent = DataFlow::moduleMember(moduleName, "agent").getACall() and
this = agent.getAMethodCall(httpMethodName()) and
url = this.getArgument(0)
)
Copy link
Contributor

@asgerf asgerf Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you feel like going a step further you could switch to API:: here instead of DataFlow::, but I'll leave it up to you.

Copy link
Contributor Author

@Napalys Napalys Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have tried to remake it to use API graph d61d038, hopefully I didn't miss anything.

@Napalys @asgerf
Update javascript/ql/lib/change-notes/2025-03-20-superagent.md
13e90c1 
Co-authored-by: Asger F <asgerf@github.com>
asgerf
asgerf previously approved these changes Mar 20, 2025
View reviewed changes
@Napalys Napalys requested a review from asgerf March 20, 2025 17:18
@Napalys Napalys merged commit 803aacf into github:main Mar 21, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@asgerf asgerf asgerf approved these changes

Assignees

No one assigned

Labels

documentation JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Napalys @asgerf