Initial support for partial queries for js

[felickz]

• TODO: implement filterByLocation / checkSource for JS

[Copilot]

Pull Request Overview

This PR adds initial support for partial queries in JavaScript, providing debugging tools to explore data flow paths from sources or to sinks with configurable exploration limits.

• Introduces two new partial path queries: one from sources and one from sinks
• Adds a remote sources exploration query with helper predicates for filtering by location
• Extends the utility library to support SQL injection sinks alongside existing sink types

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
javascript/src/debugging/PartialPathsFromSource.ql	New partial path query exploring flows from all sources with forward exploration
javascript/src/debugging/PartialPathsFromSink.ql	New partial path query exploring flows to all sinks with reverse exploration
javascript/src/audit/explore/RemoteSources.ql	New query to identify remote sources with location filtering capabilities
javascript/lib/ghsl/Utils.qll	Extended utility library with SQL injection sink support and centralized helper predicates

Comments suppressed due to low confidence (4)

javascript/lib/ghsl/Utils.qll:1

• Variable name should be 'threatmodel' not 'threadmodel' to correctly represent threat modeling concepts.

/**

javascript/lib/ghsl/Utils.qll:1

• Variable references should use 'threatmodel' not 'threadmodel' to match the intended threat modeling terminology.

/**

javascript/lib/ghsl/Utils.qll:1

• Variable references should use 'threatmodel' not 'threadmodel' to match the intended threat modeling terminology.

/**

javascript/lib/ghsl/Utils.qll:1

• Variable reference should use 'threatmodel' not 'threadmodel' to match the intended threat modeling terminology.

/**

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}