Merge branch 'master' into hhristov/update-igx-ts-legacy-templates

Author: damyanpetev

.github/codeql/custom-queries-javascript/ShellSanitizer.qll

@@ -0,0 +1,17 @@
+import javascript
+import semmle.javascript.security.dataflow.CommandInjectionCustomizations
+
+
+// General flow via config https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript/#sanitizers
+// Instead this follows https://github.com/github/codeql/blob/a3e9aed00ae5c1e70da8fbc4fc4a7cc803f177ca/javascript/documentation/library-customization.rst?plain=1#L244-L245
+// to modify the pre-defined javascript CommandInjection flow's Sanitizer
+
+/**
+ * Treat Util.sanitizeShellArg(x) as a sanitizer for shell‑command injection.
+ */
+class ShellArgSanitizer extends CommandInjection::Sanitizer {
+	ShellArgSanitizer() {
+		this.(DataFlow::MethodCallNode).getReceiver().toString() = "Util" and
+		this.(DataFlow::MethodCallNode).getMethodName() = "sanitizeShellArg"
+	}
+}

.github/codeql/custom-queries-javascript/qlpack.yml

@@ -0,0 +1,4 @@
+name: igniteui-cli-custom-javascript-queries
+version: 0.0.0
+dependencies:
+  codeql/javascript-queries: "*"

.github/workflows/codeql-analysis.yml

@@ -49,6 +49,7 @@ jobs:
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
+        queries: ./.github/codeql/custom-queries-javascript
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)