Skip to content

JS: React-relay support#18858

Merged
asgerf merged 7 commits intogithub:mainfrom
Napalys:js/react-relay
Mar 10, 2025
Merged

JS: React-relay support#18858
asgerf merged 7 commits intogithub:mainfrom
Napalys:js/react-relay

Conversation

@Napalys
Copy link
Contributor

@Napalys Napalys commented Feb 25, 2025
edited
Loading

This pull request introduces a library model for react-relay's, categorizing it's new sources as a response threat.
Closes #465

@Napalys Napalys force-pushed the js/react-relay branch 6 times, most recently from a107b89 to aea5fed Compare February 26, 2025 09:38
@Napalys Napalys marked this pull request as ready for review March 7, 2025 07:54
Copilot AI review requested due to automatic review settings March 7, 2025 07:54
@Napalys Napalys requested a review from a team as a code owner March 7, 2025 07:54
Copilot AI reviewed Mar 7, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This pull request adds support for the react-relay library by introducing a new model that classifies specific react-relay hook return values as a "response" threat and extends test coverage for DOM-based XSS scenarios.

  • Introduces a YAML file to model response threats for various react-relay hooks
  • Adds corresponding test cases in a React component to validate DOM-based XSS alerts
  • Updates change notes to document the new support for react-relay

Reviewed Changes

File Description
javascript/ql/lib/ext/react-relay-threat.model.yml Adds model definitions for marking react-relay hook return values as "response" threats
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/testReactRelay.tsx Provides test cases for new response threat scenarios using react-relay hooks
javascript/ql/lib/change-notes/2025-02-25-react-relay.md Notes the addition of react-relay support

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Tip: Leave feedback on Copilot's review comments with the 👎 and 👍 buttons to help improve review quality. Learn more

@github github deleted a comment from Copilot AI Mar 7, 2025
@Napalys Napalys changed the title JS: React-relay useFragment support JS: React-relay support Mar 10, 2025
asgerf
asgerf reviewed Mar 10, 2025
View reviewed changes
@Napalys @asgerf
Applied changes from comments
d077d68 
Co-authored-by: Asgerf <asgerf@github.com>
@Napalys Napalys requested a review from asgerf March 10, 2025 12:59
asgerf
asgerf approved these changes Mar 10, 2025
View reviewed changes
Copy link
Contributor

@asgerf asgerf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent work!

@asgerf asgerf merged commit d84368e into github:main Mar 10, 2025
36 checks passed
@Napalys Napalys deleted the js/react-relay branch March 12, 2025 16:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@asgerf asgerf asgerf approved these changes

Assignees

No one assigned

Labels

documentation JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Napalys @asgerf