hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
34e44e89fda0863ea9d33e33f79864ef5b67a10f
codeql/change-notes/1.24/analysis-javascript.md
Erik Krogh Kristensen 34e44e89fd Merge remote-tracking branch 'upstream/master' into typeAheadSink
2019-11-27 15:19:06 +01:00

2.0 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Imports with the .js extension can now be resolved to a TypeScript file, when the import refers to a file generated by TypeScript.

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change
Clear-text logging of sensitive information (js/clear-text-logging) More results More results involving process.env and indirect calls to logging methods are recognized.
Incomplete string escaping or encoding (js/incomplete-sanitization) Fewer false positive results This query now recognizes additional cases where a single replacement is likely to be intentional.
Unbound event handler receiver (js/unbound-event-handler-receiver) Fewer false positive results This query now recognizes additional ways event handler receivers can be bound.

Changes to libraries