hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
149ae5d7abd7fc98c8896cbf4b1e40352d495016
codeql/change-notes/1.23/analysis-javascript.md
Max Schaefer 149ae5d7ab JavaScript: Fix IllegalInvocation. 
This fixes false positives that arise when a call such as `f.apply` can either be interpreted as a reflective invocation of `f`, or a normal call to method `apply` of `f`.
2019-09-23 07:44:14 +01:00

3.4 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Support for the following frameworks and libraries has been improved:

  • The call graph has been improved to resolve method calls in more cases. This may produce more security alerts.

New queries

Query Tags Purpose
Unused index variable (js/unused-index-variable) correctness Highlights loops that iterate over an array, but do not use the index variable to access array elements, indicating a possible typo or logic error.

Changes to existing queries

Query Expected impact Change
Incomplete string escaping or encoding (js/incomplete-sanitization) Fewer false-positive results This rule now recognizes additional ways delimiters can be stripped away.
Client-side cross-site scripting (js/xss) More results More potential vulnerabilities involving functions that manipulate DOM attributes are now recognized.
Code injection (js/code-injection) More results More potential vulnerabilities involving functions that manipulate DOM event handler attributes are now recognized.
Hard-coded credentials (js/hardcoded-credentials) Fewer false-positive results This rule now flags fewer password examples.
Illegal invocation (js/illegal-invocation) Fewer false-positive results This rule now correctly handles methods named call and apply.
Incorrect suffix check (js/incorrect-suffix-check) Fewer false-positive results The query recognizes valid checks in more cases.
Network data written to file (js/http-to-file-access) Fewer false-positive results This query has been renamed to better match its intended purpose, and now only considers network data untrusted.
Password in configuration file (js/password-in-configuration-file) Fewer false-positive results This rule now flags fewer password examples.
Prototype pollution (js/prototype-pollution) More results The query now highlights vulnerable uses of jQuery and Angular, and the results are shown on LGTM by default.
Uncontrolled command line (js/command-line-injection) More results This query now treats responses from servers as untrusted.

Changes to QL libraries

  • Expr.getDocumentation() now handles chain assignments.