JS: Modeling of mkdirp functions

[Napalys]

Added MaD for mkdirp functions which were not covered and converted old modeling of mkdirp to MaD.

[Copilot]

Pull Request Overview

This PR updates the CodeQL models to support additional mkdirp methods, adding a MaD for the previously uncovered functions and updating the test cases accordingly.

• Added a new test file for mkdirp functions with multiple sink calls.
• Extended the existing model to include a broader set of mkdirp method variants.
• Updated change notes to document the new functionality.

Reviewed Changes

Copilot reviewed 3 out of 5 changed files in this pull request and generated no comments.

File	Description
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js	Added test cases to verify taint propagation for various mkdirp methods
javascript/ql/lib/ext/mkdirp.model.yml	Extended the model with additional mkdirp method variants as sinks
javascript/ql/lib/change-notes/2025-04-02-mkdirp.md	Added a changelog entry documenting support for new mkdirp sinks

Files not reviewed (2)

• javascript/ql/lib/semmle/javascript/frameworks/Files.qll: Language not supported
• javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected: Language not supported

Comments suppressed due to low confidence (2)

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js:8

• Consider adding assertions following the mkdirp calls to verify that the expected taint propagation occurs, which would improve test coverage.

app.post('/foo', async (req, res) => {

javascript/ql/lib/ext/mkdirp.model.yml:6

• [nitpick] Consider reordering the method names alphabetically to enhance clarity and maintainability of the model entry.

- ["mkdirp", "Member[nativeSync,native,manual,manualSync,mkdirpNative,mkdirpManual,mkdirpManualSync,mkdirpNativeSync,mkdirpSync,sync].Argument[0]", "path-injection"]

Tip: Copilot only keeps its highest confidence comments to reduce noise and keep you focused. Learn more