hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b79b25ef876ae071e2d0b6f85251a04b9a3b0719
codeql/change-notes/1.25/analysis-javascript.md
Erik Krogh Kristensen b79b25ef87 correct cwe-78 to cwe-078
2020-05-21 12:38:44 +00:00

3.7 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

New queries

Query Tags Purpose
Cross-site scripting through DOM (js/xss-through-dom) security, external/cwe/cwe-079, external/cwe/cwe-116 Highlights potential XSS vulnerabilities where existing text from the DOM is used as HTML. Results are not shown on LGTM by default.
Incomplete HTML attribute sanitization (js/incomplete-html-attribute-sanitization) security, external/cwe/cwe-20, external/cwe/cwe-079, external/cwe/cwe-116 Highlights potential XSS vulnerabilities due to incomplete sanitization of HTML meta-characters. Results are shown on LGTM by default.
Unsafe expansion of self-closing HTML tag (js/unsafe-html-expansion) security, external/cwe/cwe-079, external/cwe/cwe-116 Highlights potential XSS vulnerabilities caused by unsafe expansion of self-closing HTML tags.
Unsafe shell command constructed from library input (js/shell-command-constructed-from-input) correctness, security, external/cwe/cwe-078, external/cwe/cwe-088 Highlights potential command injections due to a shell command being constructed from library inputs. Results are shown on LGTM by default.

Changes to existing queries

Query Expected impact Change
Misspelled variable name (js/misspelled-variable-name) Message changed The message for this query now correctly identifies the misspelled variable in additional cases.
Uncontrolled data used in path expression (js/path-injection) More results This query now recognizes additional file system calls.
Uncontrolled command line (js/command-line-injection) More results This query now recognizes additional command execution calls.
Expression has no effect (js/useless-expression) Less results This query no longer flags an expression when that expression is the only content of the containing file.
Unknown directive (js/unknown-directive) Less results This query no longer flags directives generated by the Babel compiler.
Code injection (js/code-injection) More results More potential vulnerabilities involving NoSQL code operators are now recognized.
Zip Slip (js/zipslip) More results This query now recognizes additional vulnerabilities.

Changes to libraries

  • A library semmle.javascript.explore.CallGraph has been added to help write queries for exploring the call graph.
  • Added data flow for Map and Set, and added matching type-tracking steps that can accessed using the CollectionsTypeTracking module.