hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: avoid flagging early returns in js/user-controlled-bypass

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2018-10-12 09:37:30 +02:00
parent 6a03bd8f5c
commit ffbbb807f4
4 changed files with 60 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change-notes/1.19/analysis-javascript.md
View File

@@ -33,6 +33,7 @@
| Remote property injection | Fewer results | The precision of this rule has been revised to "medium". Results are no longer shown on LGTM by default. |
| Missing CSRF middleware | Fewer false-positive results | This rule now recognizes additional CSRF protection middlewares. |
| Server-side URL redirect | More results | This rule now recognizes redirection calls in more cases. |
| User-controlled bypass of security check | Fewer results | This rule no longer flags conditions that guard early returns. The precision of this rule has been revised to "medium". Results are no longer shown on LGTM by default. |
| Whitespace contradicts operator precedence | Fewer false-positive results | This rule no longer flags operators with asymmetric whitespace. |
## Changes to QL libraries