JS: Add change note and fix cwe tags

2025-12-21 19:26:31 +01:00 · 2020-01-14 10:49:48 +00:00
parent d76859b7df
commit 2245882441
2 changed files with 3 additions and 2 deletions
--- a/change-notes/1.24/analysis-javascript.md
+++ b/change-notes/1.24/analysis-javascript.md
@@ -21,6 +21,7 @@
 | Cross-site scripting through exception (`js/xss-through-exception`) | security, external/cwe/cwe-079, external/cwe/cwe-116              | Highlights potential XSS vulnerabilities where an exception is written to the DOM. Results are not shown on LGTM by default. |
 | Regular expression always matches (`js/regex/always-matches`) | correctness, regular-expressions | Highlights regular expression checks that trivially succeed by matching an empty substring. Results are shown on LGTM by default. |
 | Missing await (`js/missing-await`) | correctness | Highlights expressions that operate directly on a promise object in a nonsensical way, instead of awaiting its result. Results are shown on LGTM by default. |
 | Prototype pollution in utility function (`js/prototype-pollution-utility`) | security, external/cwe/cwe-400, external/cwe/cwe-471 | Highlights recursive copying operations that are susceptible to prototype pollution. Results are shown on LGTM by default. |
 ## Changes to existing queries
--- a/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql
+++ b/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql
@@ -7,8 +7,8 @@
 * @precision high
 * @id js/prototype-pollution-utility
 * @tags security
- *       external/cwe/cwe-079
+ *       external/cwe/cwe-400
- *       external/cwe/cwe-116
+ *       external/cwe/cwe-471
 */
 import javascript