JS: Detect property injection via object enumeration patterns

[Napalys]

This PR enhances the js/remote-property-injection query to catch vulnerabilities where user-controlled data flows through object enumeration methods like Object.keys().

[Copilot]

Pull Request Overview

This PR enhances the JavaScript remote property injection query to detect vulnerabilities through object enumeration patterns like Object.keys(). The enhancement catches cases where user-controlled data flows through object enumeration methods before being used as property names.

• Adds additional flow step to track property names derived from object enumeration
• Updates test cases to include Object.keys() enumeration patterns
• Creates change notes documenting the analysis improvement

Reviewed Changes

Copilot reviewed 4 out of 6 changed files in this pull request and generated no comments.

File	Description
RemotePropertyInjectionQuery.qll	Adds flow step to track enumerated property names from source objects
tst.js	Adds test case demonstrating Object.keys() vulnerability pattern
RemotePropertyInjection.expected	Updates expected query results with new test case findings
2025-08-27-remote-property-injection-update.md	Documents the query enhancement in change notes

[owen-mc]

Looks good but it now has a merge conflict. I see there are new results in DCA - do they look like TPs to you?

[Napalys]

Looks good but it now has a merge conflict. I see there are new results in DCA - do they look like TPs to you?

They indeed look to me as true positives. Ah yes, I will fix the conflicts.

[owen-mc]

The CI failure seems totally unrelated, and doesn't need to be fixed in this PR.