hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
500cde68c3122d7e5005b5502862ca3831971d64
codeql/change-notes/1.23/analysis-javascript.md
Max Schaefer 500cde68c3 JavaScript: Add new query UnusedIndexVariable.
2019-09-11 11:36:50 +01:00

1.9 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Support for the following frameworks and libraries has been improved:

  • The call graph has been improved to resolve method calls in more cases. This may produce more security alerts.

New queries

Query Tags Purpose
Unused index variable (js/unused-index-variable) correctness Highlights loops that iterate over an array, but do not use the index variable to access array elements, indicating a possible typo or logic error.

Changes to existing queries

Query Expected impact Change
Client-side cross-site scripting (js/xss) More results More potential vulnerabilities involving functions that manipulate DOM attributes are now recognized.
Prototype pollution (js/prototype-pollution) Same results The results are now shown on LGTM by default.

Changes to QL libraries

  • Expr.getDocumentation() now handles chain assignments.