hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-16 18:31:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
bee2ddaf266e475da7053bfdddf0b9ebc7ca9bca
codeql/change-notes/1.20/analysis-javascript.md
semmle-qlci 9e73ed71b9 Merge pull request #623 from esben-semmle/js/incomplete-url-sanitization 
Approved by mc-semmle
2018-12-06 20:46:37 +00:00

2.6 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Support for popular libraries has been improved. Consequently, queries may produce more results on code bases that use the following features:
    • client-side code, for example React
    • server-side code, for example hapi

New queries

Query Tags Purpose
Double escaping or unescaping (js/double-escaping) correctness, security, external/cwe/cwe-116 Highlights potential double escaping or unescaping of special characters, indicating a possible violation of CWE-116. Results are shown on LGTM by default.
Incomplete URL substring sanitization correctness, security, external/cwe/cwe-020 Highlights URL sanitizers that are likely to be incomplete, indicating a violation of CWE-020. Results shown on LGTM by default.
Incorrect suffix check (js/incorrect-suffix-check) correctness, security, external/cwe/cwe-020 Highlights error-prone suffix checks based on indexOf, indicating a potential violation of CWE-20. Results are shown on LGTM by default.
Useless comparison test (js/useless-comparison-test) correctness Highlights code that is unreachable due to a numeric comparison that is always true or always false. Results are shown on LGTM by default.

Changes to existing queries

Query Expected impact Change
Client-side cross-site scripting More results This rule now recognizes WinJS functions that are vulnerable to HTML injection.
Unused variable, import, function or class Fewer false-positive results This rule now flags fewer variables that are implictly used by JSX elements.

Changes to QL libraries