hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Improve StackTraceExposure query.

Browse Source 
It now also flags exposure of the entire exception object (not just the `stack` property).
This commit is contained in:
Max Schaefer
2018-10-31 10:32:42 -04:00
parent a7290e5aeb
commit bdfe938d02
4 changed files with 38 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change-notes/1.19/analysis-javascript.md
View File

@@ -44,6 +44,7 @@
| Unused import | Fewer false-positive results | This rule no longer flags imports used by the `transform-react-jsx` Babel plugin. |
| Self assignment | Fewer false-positive results | This rule now ignores self-assignments preceded by a JSDoc comment with a `@type` tag. |
| Client side cross-site scripting | More results | This rule now also flags HTML injection in the body of an email. |
| Information exposure through a stack trace | More results | This rule now also flags cases where the entire exception object (including the stack trace) may be exposed. |
## Changes to QL libraries