hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-15 18:01:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
caaee5e4e5a96706f9df178ae96a0cab9cefd51c
codeql/javascript/ql/src/CHANGELOG.md
github-actions[bot] 1dfcf427aa Release preparation for version 2.7.5
2022-01-04 14:44:56 +00:00

990 B
Raw Blame History

0.0.7

Minor Analysis Improvements

  • Support for handlebars templates has improved. Raw interpolation tags of the form {{& ... }} are now recognized, as well as whitespace-trimming tags like {{~ ... }}.
  • Data flow is now tracked across middleware functions in more cases, leading to more security results in general. Affected packages are express and fastify.
  • js/missing-token-validation has been made more precise, yielding both fewer false positives and more true positives.

0.0.6

Major Analysis Improvements

  • TypeScript 4.5 is now supported.

0.0.5

New Queries

  • The js/sensitive-get-query query has been added. It highlights GET requests that read sensitive information from the query string.
  • The js/insufficient-key-size query has been added. It highlights the creation of cryptographic keys with a short key size.
  • The js/session-fixation query has been added. It highlights servers that reuse a session after a user has logged in.