hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.8.2

Browse Source
This commit is contained in:
github-actions[bot]
2022-02-24 14:57:08 +00:00
parent 83aaeca751
commit 20fe22c8c8
62 changed files with 195 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
javascript/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,25 @@
## 0.0.11
### New Queries
* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements
that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links.
The query is run by default.
### Query Metadata Changes
* The `js/request-forgery` query previously flagged both server-side and client-side request forgery,
but these are now handled by two different queries:
* `js/request-forgery` is now specific to server-side request forgery. Its precision has been raised to
`high` and is now shown by default (it was previously in the `security-extended` suite).
* `js/client-side-request-forgery` is specific to client-side request forgery. This is technically a new query
but simply flags a subset of what the old query did.
This has precision `medium` and is part of the `security-extended` suite.
### Minor Analysis Improvements
* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library.
## 0.0.10
### New Queries