Describe the bug
CodeQL javascript-security-extended-qls finds js/remote-property-injection vulnerability.
To Reproduce
Prerequisites:
Have CodeQL installed, ensure that queries are at least on version 2.1.2.
Have a way to view SARIF content, e.g. Visual Studio Code's SARIF extension.
Steps:
- Create CodeQL database from dist folder content:
codeql database create ./codeql-db --language=javascript --overwrite
- Run javascript-security-extended suite:
codeql database analyze ./codeql-db codeql/javascript-queries:codeql-suites/javascript-security-extended.qls --format=sarifv2.1.0 --output=codeql-results.sarif
- Examine codeql-results.sarif, it contains the mentioned vulnerability.
Expected behavior
CodeQL doesn't raise any findings.
Setup details
The scanned version of url-parse was 1.5.10.
Describe the bug
CodeQL javascript-security-extended-qls finds js/remote-property-injection vulnerability.
To Reproduce
Prerequisites:
Have CodeQL installed, ensure that queries are at least on version 2.1.2.
Have a way to view SARIF content, e.g. Visual Studio Code's SARIF extension.
Steps:
codeql database create ./codeql-db --language=javascript --overwritecodeql database analyze ./codeql-db codeql/javascript-queries:codeql-suites/javascript-security-extended.qls --format=sarifv2.1.0 --output=codeql-results.sarifExpected behavior
CodeQL doesn't raise any findings.
Setup details
The scanned version of url-parse was 1.5.10.