codeql/0.4.3.md at 39d44adbc5df82603b5764e0d69bf7b2190d0b21 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2026-02-10 04:01:11 +01:00

Files

Dave Bartolomeo 013b7eff1c Apply suggestions from code review

Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>

2022-11-04 18:46:32 -04:00

532 B

Raw Blame History

0.4.3

New Queries

Added a new query, js/second-order-command-line-injection, to detect shell commands that may execute arbitrary code when the user has control over the arguments to a command-line program. This currently flags up unsafe invocations of git and hg.

Minor Analysis Improvements

Added sources for user defined path and query parameters in Next.js.
The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.