mirror of
https://github.com/github/codeql.git
synced 2025-12-16 08:43:11 +01:00
fa40d59332
Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there. I'm working on a document to describe how and when to create change notes for packs separately.
1.3 KiB
1.3 KiB
lgtm,codescanning
- We've improved the detection of prototype pollution, and the queries involved have been reorganized:
- A new query "Prototype-polluting assignment" (
js/prototype-polluting-assignment) has been added. This query highlights direct modifications of an object obtained via a user-controlled property name, which may accidentally alterObject.prototype. - The query previously named "Prototype pollution" (
js/prototype-pollution) has been renamed to "Prototype-polluting merge call". This highlights indirect modification ofObject.prototypevia an unsafemergecall taking a user-controlled object as argument. - The query previously named "Prototype pollution in utility function" (
js/prototype-pollution-utility) has been renamed to "Prototype-polluting function". This query highlights the implementation of an unsafemergefunction, to ensure a robust API is exposed downstream. - The above queries have been moved to the Security/CWE-915 folder, and assigned the following tags: CWE-078, CWE-079, CWE-094, CWE-400, and CWE-915.
- The query "Type confusion through parameter tampering" (
js/type-confusion-through-parameter-tampering) now highlights ineffective prototype pollution checks that can be bypassed by type confusion.
- A new query "Prototype-polluting assignment" (