codeql/0.0.11.md at 77a321ee9afcf5c9611704a50bebb3456fc0a5d4 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00

Files

github-actions[bot] 20fe22c8c8 Release preparation for version 2.8.2

2022-02-24 14:57:08 +00:00

1.0 KiB

Raw Blame History

0.0.11

New Queries

A new query, js/functionality-from-untrusted-source, has been added to the query suite. It finds DOM elements that load functionality from untrusted sources, like script or iframe elements using http links. The query is run by default.

Query Metadata Changes

The js/request-forgery query previously flagged both server-side and client-side request forgery, but these are now handled by two different queries:
- js/request-forgery is now specific to server-side request forgery. Its precision has been raised to high and is now shown by default (it was previously in the security-extended suite).
- js/client-side-request-forgery is specific to client-side request forgery. This is technically a new query but simply flags a subset of what the old query did. This has precision medium and is part of the security-extended suite.

Minor Analysis Improvements

Added dataflow through the snapdragon library.