hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
cbe417f5eb00f86ee3e27995eaa5aaa5995673d6
codeql/change-notes/1.25/analysis-javascript.md
Erik Krogh Kristensen e7d8cd8e8c Merge remote-tracking branch 'upstream/master' into MoarJQuery
2020-04-23 14:10:53 +02:00

2.1 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Support for the following frameworks and libraries has been improved:

New queries

Query Tags Purpose
Cross-site scripting through DOM (js/xss-through-dom) security, external/cwe/cwe-079, external/cwe/cwe-116 Highlights potential XSS vulnerabilities where existing text from the DOM is used as HTML. Results are not shown on LGTM by default.

Changes to existing queries

Query Expected impact Change
Misspelled variable name (js/misspelled-variable-name) Message changed The message for this query now correctly identifies the misspelled variable in additional cases.
Uncontrolled data used in path expression (js/path-injection) More results This query now recognizes additional file system calls.
Uncontrolled command line (js/command-line-injection) More results This query now recognizes additional command execution calls.

Changes to libraries

  • Added data flow for Map and Set, and added matching type-tracking steps that can accessed using the CollectionsTypeTracking module.