hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add change note

Browse Source
This commit is contained in:
Asger Feldthaus
2022-02-16 14:46:02 +01:00
parent 3496ae131b
commit 51442ddf47
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/change-notes/2022-02-16-split-request-forgery.md Normal file
View File

@@ -0,0 +1,10 @@
---
category: queryMetadata
---
* The `js/request-forgery` query previously flagged both server-side and client-side request forgery,
but these are now handled by two different queries:
* `js/request-forgery` is now specific to server-side request forgery. Its precision has been raised to
`high` and is now shown by default (it was previously in the `security-extended` suite).
* `js/client-side-request-forgery` is specific to client-side request forgery. This is technically a new query
but simply flags a subset of what the old query did.
This has precision `medium` and is part of the `security-extended` suite.