|
16 | 16 | * Support for tracking data flow and taint through getter functions (that is, functions that return a property of one of their arguments) and through the receiver object of method calls has been improved. This may produce more security alerts. |
17 | 17 |
|
18 | 18 | * Taint tracking through object property names has been made more precise, resulting in fewer false positive results. |
19 | | - |
| 19 | + |
| 20 | +* Method calls are now resolved in more cases, due to improved class hierarchy analysis. This may produce more security alerts. |
| 21 | + |
20 | 22 | ## New queries |
21 | 23 |
|
22 | 24 | | **Query** | **Tags** | **Purpose** | |
|
28 | 30 |
|
29 | 31 | | **Query** | **Expected impact** | **Change** | |
30 | 32 | |--------------------------------|------------------------------|---------------------------------------------------------------------------| |
31 | | -| Shift out of range | Fewer false positive results | This rule now correctly handles BigInt shift operands. | |
32 | | -| Conflicting HTML element attributes | Fewer results | Results are no longer shown on LGTM by default. | |
33 | | -| Superfluous trailing arguments | Fewer false-positive results. | This rule no longer flags calls to placeholder functions that trivially throw an exception. | |
34 | | -| Undocumented parameter | No changes to results | This rule is now run on LGTM, although its results are still not shown by default. | |
| 33 | +| Conflicting HTML element attributes (`js/conflicting-html-attribute`) | No changes to results | Results are no longer shown on LGTM by default. | |
| 34 | +| Shift out of range (`js/shift-out-of-range`| Fewer false positive results | This rule now correctly handles BigInt shift operands. | |
| 35 | +| Superfluous trailing arguments (`js/superfluous-trailing-arguments`) | Fewer false-positive results. | This rule no longer flags calls to placeholder functions that trivially throw an exception. | |
| 36 | +| Undocumented parameter (`js/jsdoc/missing-parameter`) | No changes to results | This rule is now run on LGTM, although its results are still not shown by default. | |
35 | 37 |
|
36 | 38 | ## Changes to QL libraries |
37 | 39 |
|
38 | | -- The `getName()` predicate on functions and classes now gets a name |
| 40 | +- The `getName()` predicate on functions and classes now gets a name that is |
39 | 41 | inferred from the context if the function or class was not declared with a name. |
40 | 42 | - The two-argument and three-argument variants of `DataFlow::Configuration::isBarrier` and |
41 | 43 | `TaintTracking::Configuration::isSanitizer` have been deprecated. Overriding them no |
|
0 commit comments