Conversation
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR improves GraphQL data flow analysis by adding support for tracking taint flow from GraphQL query sources and variables to resolver function parameters in the CodeQL JavaScript library.
- Adds taint flow modeling for the graphql library to track data from query sources to resolver parameters
- Includes test case demonstrating code injection vulnerability through GraphQL resolver
- Updates expected test results to reflect the new taint flow tracking
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| graph-ql.js | Test case showing GraphQL code injection vulnerability with eval in resolver |
| graph-ql.model.yml | Taint flow model for graphql library tracking source to resolver parameters |
| *.expected | Updated test expectations reflecting new taint flow detection |
| 2025-09-17-graphql-enhance.md | Release notes documenting the GraphQL analysis improvement |
| @@ -0,0 +1,36 @@ | |||
| const express = require('express'); | |||
There was a problem hiding this comment.
[nitpick] The filename 'graph-ql.js' uses a hyphen, but GraphQL is typically written as one word. Consider renaming to 'graphql.js' for consistency with the library name.
Napalys
force-pushed
the
js/graph-ql-ench
branch
from
6113fa3 to
6d461d6
Compare
asgerf
reviewed
Sep 17, 2025
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/graph-ql.js
Show resolved
Hide resolved
asgerf
approved these changes
Sep 17, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.