hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e0b4518a3ee9d51e1a0081bcdc3cc78ef8d3eee7
codeql/change-notes/1.25/analysis-javascript.md
Esben Sparre Andreasen 04b5a794f1 Merge pull request #3313 from esbena/js/typical-bad-sanitizer 
New query: Incomplete HTML attribute sanitization
2020-04-27 14:31:13 +02:00

2.3 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Support for the following frameworks and libraries has been improved:

New queries

Query Tags Purpose
Cross-site scripting through DOM (js/xss-through-dom) security, external/cwe/cwe-079, external/cwe/cwe-116 Highlights potential XSS vulnerabilities where existing text from the DOM is used as HTML. Results are not shown on LGTM by default.
Incomplete HTML attribute sanitization (js/incomplete-html-attribute-sanitization) security, external/cwe/cwe-20, external/cwe/cwe-079, external/cwe/cwe-116 Highlights potential XSS vulnerabilities due to incomplete sanitization of HTML meta-characters. Results are shown on LGTM by default.

Changes to existing queries

Query Expected impact Change
Misspelled variable name (js/misspelled-variable-name) Message changed The message for this query now correctly identifies the misspelled variable in additional cases.
Uncontrolled data used in path expression (js/path-injection) More results This query now recognizes additional file system calls.
Uncontrolled command line (js/command-line-injection) More results This query now recognizes additional command execution calls.

Changes to libraries

  • Added data flow for Map and Set, and added matching type-tracking steps that can accessed using the CollectionsTypeTracking module.