hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into js/improve-createServer

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2019-04-03 12:37:33 +02:00
committed by GitHub
parent 0b733b4f23 1da828fa80
commit 3c608fe11e
54 changed files with 452 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change-notes/1.21/analysis-cpp.md
View File

@@ -11,6 +11,7 @@
| **Query** | **Expected impact** | **Change** |
|----------------------------|------------------------|------------------------------------------------------------------|
| Dead code due to goto or break statement (`cpp/dead-code-goto`) | Fewer false positive results | Functions containing preprocessor logic are now excluded from this analysis. |
| Mismatching new/free or malloc/delete (`cpp/new-free-mismatch`) | Fewer false positive results | Fixed an issue where functions were being identified as allocation functions inappropriately. Also affects `cpp/new-array-delete-mismatch` and `cpp/new-delete-array-mismatch`. |
| Overflow in uncontrolled allocation size (`cpp/uncontrolled-allocation-size`) | More correct results | This query has been reworked so that it can find a wider variety of results. |
| Memory may not be freed (`cpp/memory-may-not-be-freed`) | More correct results | Support added for more Microsoft-specific allocation functions, including `LocalAlloc`, `GlobalAlloc`, `HeapAlloc` and `CoTaskMemAlloc`. |

2
change-notes/1.21/analysis-javascript.md
View File

@@ -3,8 +3,10 @@
## General improvements
* Support for the following frameworks and libraries has been improved:
- [koa](https://github.com/koajs/koa)
- [socket.io](http://socket.io)
- [Node.js](http://nodejs.org)
- [Firebase](https://firebase.google.com/)
* The security queries now track data flow through Base64 decoders such as the Node.js `Buffer` class, the DOM function `atob`, and a number of npm packages intcluding [`abab`](https://www.npmjs.com/package/abab), [`atob`](https://www.npmjs.com/package/atob), [`btoa`](https://www.npmjs.com/package/btoa), [`base-64`](https://www.npmjs.com/package/base-64), [`js-base64`](https://www.npmjs.com/package/js-base64), [`Base64.js`](https://www.npmjs.com/package/Base64) and [`base64-js`](https://www.npmjs.com/package/base64-js).