hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
90862fea99e68210afb1642a39fd08d1e0622cf1
codeql/change-notes/1.22/analysis-javascript.md
Esben Sparre Andreasen 90862fea99 JS: whitelist trivial throwers in js/superfluous-trailing-arguments
2019-08-01 11:49:43 +02:00

2.0 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Support for the following frameworks and libraries has been improved:

  • Support for tracking data flow and taint through getter functions (that is, functions that return a property of one of their arguments) and through the receiver object of method calls has been improved. This may produce more security alerts.

  • Taint tracking through object property names has been made more precise, resulting in fewer false positive results.

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change
Shift out of range Fewer false positive results This rule now correctly handles BigInt shift operands.
Superfluous trailing arguments Fewer false-positive results. This rule no longer flags calls to placeholder functions that trivially throw an exception.

Changes to QL libraries

  • The getName() predicate on functions and classes now gets a name inferred from the context if the function or class was not declared with a name.
  • The two-argument and three-argument variants of DataFlow::Configuration::isBarrier and TaintTracking::Configuration::isSanitizer have been deprecated. Overriding them no longer has any effect. Use isBarrierEdge and isSanitizerEdge instead.