hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-15 22:43:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.18.1

Browse Source
This commit is contained in:
github-actions[bot]
2024-07-22 21:30:50 +00:00
parent 09f5e19c71
commit 368bcb684a
154 changed files with 406 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/change-notes/2024-06-19-insecure-helmet-config.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query, `js/insecure-helmet-configuration`, to detect instances where Helmet middleware is configured with important security features disabled.

11
javascript/ql/src/change-notes/2024-07-08-functionality-from-untrusted-domain.md → javascript/ql/src/change-notes/released/1.1.0.md
View File

@@ -1,6 +1,11 @@
---
category: minorAnalysis
---
## 1.1.0
### New Queries
* Added a new query, `js/insecure-helmet-configuration`, to detect instances where Helmet middleware is configured with important security features disabled.
### Minor Analysis Improvements
* Added a new query, `js/functionality-from-untrusted-domain`, which detects uses in HTML and JavaScript scripts from untrusted domains, including the `polyfill.io` content delivery network
* it can be extended to detect other compromised scripts using user-provided data extensions of the `untrustedDomain` predicate, which takes one string argument with the domain to warn on (and will warn on any subdomains too).
* Modified existing query, `js/functionality-from-untrusted-source`, to allow adding this new query, but reusing the same logic