hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2617 from asger-semmle/prototype-pollution-utility

Browse Source 
Approved by esbena, mchammer01
This commit is contained in:
semmle-qlci
2020-01-16 13:02:07 +00:00
committed by GitHub
parent 8128d23b6e 7a1d068f1c
commit 4efc418e2c
14 changed files with 3254 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change-notes/1.24/analysis-javascript.md
View File

@@ -21,6 +21,7 @@
| Cross-site scripting through exception (`js/xss-through-exception`) | security, external/cwe/cwe-079, external/cwe/cwe-116 | Highlights potential XSS vulnerabilities where an exception is written to the DOM. Results are not shown on LGTM by default. |
| Regular expression always matches (`js/regex/always-matches`) | correctness, regular-expressions | Highlights regular expression checks that trivially succeed by matching an empty substring. Results are shown on LGTM by default. |
| Missing await (`js/missing-await`) | correctness | Highlights expressions that operate directly on a promise object in a nonsensical way, instead of awaiting its result. Results are shown on LGTM by default. |
| Prototype pollution in utility function (`js/prototype-pollution-utility`) | security, external/cwe/cwe-400, external/cwe/cwe-471 | Highlights recursive copying operations that are susceptible to prototype pollution. Results are shown on LGTM by default. |
## Changes to existing queries