hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20148 from Napalys/js/reg-exp-env-variable-threat-model

Browse Source 
JS: Exclude environment variables from `js/regex-injection` query by default
This commit is contained in:
Napalys Klicius
2025-08-18 09:32:15 +02:00
committed by GitHub
parent bb9daa00c3 3f9061abdb
commit b2346183d6
16 changed files with 89 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/change-notes/2025-07-31-regexp-injection-threat-model.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `js/regex-injection` query no longer considers environment variables as sources by default. Environment variables can be re-enabled as sources by setting the threat model to include the "environment" category.