hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: add additional flow steps to js/path-injection

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2020-01-31 22:52:30 +01:00
parent 7ca7bdfc46
commit bbd60f52ba
5 changed files with 1021 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change-notes/1.24/analysis-javascript.md
View File

@@ -39,6 +39,7 @@
| Expression has no effect (`js/useless-expression`) | Fewer false positive results | The query now recognizes block-level flow type annotations and ignores the first statement of a try block. |
| Use of call stack introspection in strict mode (`js/strict-mode-call-stack-introspection`) | Fewer false positive results | The query no longer flags expression statements. |
| Missing CSRF middleware (`js/missing-token-validation`) | Fewer false positive results | The query reports fewer duplicates and only flags handlers that explicitly access cookie data. |
| Uncontrolled data used in path expression (`js/path-injection`) | More results | This query now recognizes additional ways dangerous paths can be constructed. |
## Changes to libraries