Skip to content

Commit f522376

Browse files
author
Esben Sparre Andreasen
committed
JS: mention string formatting taint step in change notes
1 parent bbdf6b0 commit f522376

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

change-notes/1.18/analysis-javascript.md

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@
1212

1313
* Modelling of taint flow through the array operations `map` and `join` has been improved. This may give additional results for the security queries.
1414

15+
* The taint tracking library recognizes more ways in which taint propagates. In particular, some flow through string formatters is now recognized.
16+
1517
* Support for popular libraries has been improved. Consequently, queries may produce more results on code bases that use the following libraries:
1618
- [bluebird](http://bluebirdjs.com)
1719
- [browserid-crypto](https://github.com/mozilla/browserid-crypto)
@@ -35,6 +37,7 @@
3537
- [extend2](https://github.com/eggjs/extend2)
3638
- [fast-json-parse](https://github.com/mcollina/fast-json-parse)
3739
- [forge](https://github.com/digitalbazaar/forge)
40+
- [format-util](https://github.com/tmpfs/format-util)
3841
- [global](https://www.npmjs.com/package/global)
3942
- [he](https://github.com/mathiasbynens/he)
4043
- [html-entities](https://github.com/mdevils/node-html-entities)
@@ -56,13 +59,17 @@
5659
- [object.assign](https://github.com/ljharb/object.assign)
5760
- [object.defaults](https://github.com/jonschlinkert/object.defaults)
5861
- [parse-json](https://github.com/sindresorhus/parse-json)
59-
- [React Native](https://facebook.github.io/react-native/)
62+
- [printf](https://github.com/adaltas/node-printf)
63+
- [printj](https://github.com/SheetJS/printj)
6064
- [q](http://documentup.com/kriskowal/q/)
6165
- [ramda](https://ramdajs.com)
66+
- [React Native](https://facebook.github.io/react-native/)
6267
- [safe-json-parse](https://github.com/Raynos/safe-json-parse)
6368
- [sanitize](https://github.com/pocketly/node-sanitize)
6469
- [sanitizer](https://github.com/theSmaw/Caja-HTML-Sanitizer)
6570
- [smart-extend](https://github.com/danielkalen/smart-extend)
71+
- [sprintf.js](https://github.com/alexei/sprintf.js)
72+
- [string-template](https://github.com/Matt-Esch/string-template)
6673
- [underscore](https://underscorejs.org)
6774
- [util-extend](https://github.com/isaacs/util-extend)
6875
- [utils-merge](https://github.com/jaredhanson/utils-merge)

0 commit comments

Comments
 (0)