hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c71a66a045112a4bebb7d73a89b1a016a7db1b6c
codeql/change-notes/1.23/analysis-javascript.md
Asger F c71a66a045 JS: Add change note
2019-09-02 11:05:07 +01:00

1.6 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Support for the following frameworks and libraries has been improved:

  • The call graph has been improved to resolve method calls in more cases. This may produce more security alerts.

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change
Client-side cross-site scripting (js/xss) More results More potential vulnerabilities involving functions that manipulate DOM attributes are now recognized.
Prototype pollution (js/prototype-pollution) Same results The results are now shown on LGTM by default.

Changes to QL libraries

  • Expr.getDocumentation() now handles chain assignments.