hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Address review comments

Browse Source
This commit is contained in:
Tom Hvitved
2020-05-07 15:58:46 +02:00
parent f19b1045d6
commit 0b85f3fed4
2 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
change-notes/1.25/analysis-csharp.md
View File

@@ -24,9 +24,10 @@ The following changes in version 1.25 affect C# analysis in all applications.
have type parameters. This means that non-generic nested types inside construced types,
such as `A<int>.B`, no longer are considered unbound generics. (Such nested types do,
however, still have relevant `.getSourceDeclaration()`s, for example `A<>.B`.)
* The data-flow library has been improved, which affects and improves most security queries. Flow
through methods now takes nested field reads/writes into account. For example, the library is
able to track flow from `"taint"` to `Sink()` via the method `GetF2F1()` in
* The data-flow library has been improved, which affects most security queries by potentially
adding more results. Flow through methods now takes nested field reads/writes into account.
For example, the library is able to track flow from `"taint"` to `Sink()` via the method
`GetF2F1()` in
```csharp
class C1
{
@@ -37,13 +38,12 @@ The following changes in version 1.25 affect C# analysis in all applications.
{
C1 F2;
string GetF2F1() => this.F2.F1; // Nested field read
string GetF2F1() => F2.F1; // Nested field read
void M()
{
this.F2 = new C1() { F1 = "taint" };
Sink(this.GetF2F1()); // NEW: "taint" reaches here
F2 = new C1() { F1 = "taint" };
Sink(GetF2F1()); // NEW: "taint" reaches here
}
}
```

7
change-notes/1.25/analysis-java.md
View File

@@ -18,9 +18,10 @@ The following changes in version 1.25 affect Java analysis in all applications.
## Changes to libraries
* The data-flow library has been improved, which affects and improves most security queries. Flow
through methods now takes nested field reads/writes into account. For example, the library is
able to track flow from `"taint"` to `sink()` via the method `getF2F1()` in
* The data-flow library has been improved, which affects most security queries by potentially
adding more results. Flow through methods now takes nested field reads/writes into account.
For example, the library is able to track flow from `"taint"` to `sink()` via the method
`getF2F1()` in
```java
class C1 {
String f1;