hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 08:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7c02027f59a17be9e8e9fd77e12f4fcd771f633
codeql/change-notes/1.21/analysis-javascript.md
Jason Reed 4475dd4b9f JavaScript: Add test and fix change note.
2019-03-15 14:40:48 -04:00

2.0 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Support for the following frameworks and libraries has been improved:

  • The security queries now track data flow through Base64 decoders such as the Node.js Buffer class, the DOM function atob, and a number of npm packages intcluding abab, atob, btoa, base-64, js-base64, Base64.js and base64-js.

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change
Expression has no effect Fewer false-positive results This rule now treats uses of Object.defineProperty more conservatively.
Useless assignment to property Fewer false-positive results This rule now ignore reads of additional getters.
Arbitrary file write during zip extraction ("Zip Slip") More results This rule now considers more libraries, including tar as well as zip.

Changes to QL libraries