mirror of
https://github.com/github/codeql.git
synced 2026-07-07 20:45:28 +02:00
1.3 KiB
1.3 KiB
0.0.9
New Queries
- A new query
js/samesite-none-cookiehas been added. The query detects when the SameSite attribute is set to None on a sensitive cookie. - A new query
js/empty-password-in-configuration-filehas been added. The query detects empty passwords in configuration files. The query is not run by default.
0.0.8
0.0.7
Minor Analysis Improvements
- Support for handlebars templates has improved. Raw interpolation tags of the form
{{& ... }}are now recognized, as well as whitespace-trimming tags like{{~ ... }}. - Data flow is now tracked across middleware functions in more cases, leading to more security results in general. Affected packages are
expressandfastify. js/missing-token-validationhas been made more precise, yielding both fewer false positives and more true positives.
0.0.6
Major Analysis Improvements
- TypeScript 4.5 is now supported.
0.0.5
New Queries
- The
js/sensitive-get-queryquery has been added. It highlights GET requests that read sensitive information from the query string. - The
js/insufficient-key-sizequery has been added. It highlights the creation of cryptographic keys with a short key size. - The
js/session-fixationquery has been added. It highlights servers that reuse a session after a user has logged in.