hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
30921d5ee737fccec9fbae87ee62bb58c546e539
codeql/change-notes/1.22/analysis-javascript.md
Asger F 28d0e890a8 JS: Add change note about CHA
2019-08-24 13:23:34 +01:00

3.6 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Automatic classification of test files has been improved, in particular __tests__ and __mocks__ folders (as used by Jest) are now recognized.

  • Support for the following frameworks and libraries has been improved:

  • Support for tracking data flow and taint through getter functions (that is, functions that return a property of one of their arguments) and through the receiver object of method calls has been improved. This may produce more security alerts.

  • Taint tracking through object property names has been made more precise, resulting in fewer false positive results.

  • Method calls are now resolved in more cases, due to improved class hierarchy analysis. This may produce more security alerts.

New queries

Query Tags Purpose
Indirect uncontrolled command line (js/indirect-command-line-injection) correctness, security, external/cwe/cwe-078, external/cwe/cwe-088 Highlights command-line invocations that may indirectly introduce a command-line injection vulnerability elsewhere, indicating a possible violation of CWE-78. Results are not shown on LGTM by default.

Changes to existing queries

Query Expected impact Change
Conflicting HTML element attributes (js/conflicting-html-attribute) No changes to results Results are no longer shown on LGTM by default.
Shift out of range (js/shift-out-of-range Fewer false positive results This rule now correctly handles BigInt shift operands.
Superfluous trailing arguments (js/superfluous-trailing-arguments) Fewer false-positive results. This rule no longer flags calls to placeholder functions that trivially throw an exception.
Undocumented parameter (js/jsdoc/missing-parameter) No changes to results This rule is now run on LGTM, although its results are still not shown by default.

Changes to QL libraries

  • The getName() predicate on functions and classes now gets a name that is inferred from the context if the function or class was not declared with a name.
  • The two-argument and three-argument variants of DataFlow::Configuration::isBarrier and TaintTracking::Configuration::isSanitizer have been deprecated. Overriding them no longer has any effect. Use isBarrierEdge and isSanitizerEdge instead.