hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
13e04f459d97d055bae5c775d6849e4e77ccc116
codeql/change-notes/1.21/analysis-javascript.md

4.0 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Support for the following frameworks and libraries has been improved:

  • The security queries now track data flow through Base64 decoders such as the Node.js Buffer class, the DOM function atob, and a number of npm packages intcluding abab, atob, btoa, base-64, js-base64, Base64.js and base64-js.

  • The security queries now treat comparisons with symbolic constants as sanitizers, resulting in fewer false positives.

  • TypeScript 3.4 features are now supported.

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change
Arbitrary file write during zip extraction ("Zip Slip") More results This rule now considers more libraries, including tar as well as zip.
Client-side URL redirect More results and fewer false-positive results This rule now recognizes additional uses of the document URL. This rule now treats URLs as safe in more cases where the hostname cannot be tampered with.
Double escaping or unescaping More results This rule now considers the flow of regular expressions literals.
Expression has no effect Fewer false-positive results This rule now treats uses of Object.defineProperty more conservatively.
Incomplete regular expression for hostnames More results This rule now tracks regular expressions for host names further.
Incomplete string escaping or encoding More results This rule now considers the flow of regular expressions literals, and it no longer flags the removal of trailing newlines.
Password in configuration file Fewer false positive results This query now excludes passwords that are inserted into the configuration file using a templating mechanism or read from environment variables.
Replacement of a substring with itself More results This rule now considers the flow of regular expressions literals.
Server-side URL redirect Fewer false-positive results This rule now treats URLs as safe in more cases where the hostname cannot be tampered with.
Type confusion through parameter tampering Fewer false-positive results This rule now recognizes additional emptiness checks.
Useless assignment to property Fewer false-positive results This rule now ignore reads of additional getters.

Changes to QL libraries

  • RegExpLiteral is now a DataFlow::SourceNode.
  • JSDocTypeExpr now has source locations and is a subclass of Locatable and TypeAnnotation.
  • Various predicates named getTypeAnnotation() now return TypeAnnotation instead of TypeExpr. In rare cases, this may cause compilation errors. Cast the result to TypeExpr if this happens.