hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Handle taint of f-strings

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-08-24 17:20:16 +02:00
parent 2f090df6d3
commit 13148b42d3
3 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change-notes/1.25/analysis-python.md
View File

@@ -20,3 +20,4 @@ The following changes in version 1.25 affect Python analysis in all applications
## Changes to libraries
* Importing `semmle.python.web.HttpRequest` will no longer import `UntrustedStringKind` transitively. `UntrustedStringKind` is the most commonly used non-abstract subclass of `ExternalStringKind`. If not imported (by one mean or another), taint-tracking queries that concern `ExternalStringKind` will not produce any results. Please ensure such queries contain an explicit import (`import semmle.python.security.strings.Untrusted`).
* Added support for tainted f-strings.