hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b55526aa58a5b500fe5d1be2c7edd09075711d09
codeql/change-notes/1.18/analysis-javascript.md
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

3.9 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Additional heuristics have been added to semmle.javascript.heuristics. Add import semmle.javascript.heuristics.all to a query in order to activate all of the heuristics at once.

  • Modelling of data flow through destructuring assignments has been improved. This may give additional results for the security queries and other queries that rely on data flow.

  • Support for popular libraries has been improved. Consequently, queries may produce more results on code bases that use the following libraries:

New queries

Query Tags Purpose
Disabling Electron webSecurity (js/disabling-electron-websecurity) security, frameworks/electron Highlights Electron browser objects that are created with the webSecurity property set to false. Results shown on LGTM by default.
Enabling Electron allowRunningInsecureContent (js/enabling-electron-insecure-content) security, frameworks/electron Highlights Electron browser objects that are created with the allowRunningInsecureContent property set to true. Results shown on LGTM by default.
Use of externally-controlled format string (js/tainted-format-string) security, external/cwe/cwe-134 Highlights format strings containing user-provided data, indicating a violation of CWE-134. Results shown on LGTM by default.

Changes to existing queries

Query Expected impact Change
Arguments redefined Fewer results This rule previously also flagged redefinitions of eval. This was an oversight that is now fixed.
CORS misconfiguration for credentials transfer More true-positive results This rule now treats header names case-insensitively.
Hard-coded credentials More true-positive results This rule now recognizes secret cryptographic keys.
Insecure randomness More true-positive results This rule now recognizes secret cryptographic keys.
Missing X-Frame-Options HTTP header Fewer false-positive results This rule now treats header names case-insensitively.
Reflected cross-site scripting Fewer false-positive results This rule now treats header names case-insensitively.
Server-side URL redirect More true-positive results This rule now treats header names case-insensitively.
Uncontrolled command line More true-positive results This rule now recognizes indirect command injection through sh -c and similar.
Unused variable Fewer results This rule no longer flags class expressions that could be made anonymous. While technically true, these results are not interesting.

Changes to QL libraries

  • HTTP header names are now always normalized to lower case to reflect the fact that they are case insensitive. In particular, the result of HeaderDefinition.getAHeaderName, and the first parameter of HeaderDefinition.defines, ExplicitHeaderDefinition.definesExplicitly and RouteHandler.getAResponseHeader is now always a lower-case string.