hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Refine PasswordInConfigurationFile to avoid FPs.

Browse Source 
We now exclude passwords that look like they might be filled in via
templating or shell substitution.
This commit is contained in:
Max Schaefer
2019-04-15 12:00:54 +01:00
parent ae6c768db8
commit 1d5bb97121
3 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change-notes/1.21/analysis-javascript.md
View File

@@ -30,6 +30,7 @@
| Double escaping or unescaping | More results | This rule now considers the flow of regular expressions literals. |
| Expression has no effect | Fewer false-positive results | This rule now treats uses of `Object.defineProperty` more conservatively. |
| Incomplete string escaping or encoding | More results | This rule now considers the flow of regular expressions literals. |
| Password in configuration file | Fewer false positive results | This query now excludes passwords that are inserted into the configuration file using a templating mechanism. |
| Replacement of a substring with itself | More results | This rule now considers the flow of regular expressions literals. |
| Server-side URL redirect | Fewer false-positive results | This rule now treats URLs as safe in more cases where the hostname cannot be tampered with. |
| Type confusion through parameter tampering | Fewer false-positive results | This rule now recognizes additional emptiness checks. |