hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
97c0c97b2811f035dd66b430cea49a251e0f95a0
codeql/change-notes/1.22/analysis-javascript.md
Max Schaefer 97c0c97b28 JavaScript: Classify __mocks__ and __tests_ as tests. 
These are conventions used by jest: https://jestjs.io/docs/en/manual-mocks#mocking-user-modules.
2019-08-02 11:15:02 +01:00

1.8 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Automatic classification of test files has been improved, in particular __tests__ and __mocks__ folders (as used by Jest) are now recognized.

  • Support for the following frameworks and libraries has been improved:

  • Support for tracking data flow and taint through getter functions (that is, functions that return a property of one of their arguments) and through the receiver object of method calls has been improved. This may produce more security alerts.

  • Taint tracking through object property names has been made more precise, resulting in fewer false positive results.

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change
Shift out of range Fewer false positive results This rule now correctly handles BigInt shift operands.

Changes to QL libraries

  • The getName() predicate on functions and classes now gets a name inferred from the context if the function or class was not declared with a name.