Java: Add change note about CFG cast deprecation.

2025-12-16 08:43:11 +01:00 · 2018-12-12 14:57:50 +00:00
parent be5ac2f2ff
commit 2150af9732
1 changed files with 5 additions and 0 deletions
--- a/change-notes/1.19/analysis-java.md
+++ b/change-notes/1.19/analysis-java.md
@@ -26,6 +26,11 @@ to run queries and explore the data flow in results.

 ## Changes to QL libraries

+* The class `ControlFlowNode` (and by extension `BasicBlock`) has until now
+  been directly equatable to `Expr` and `Stmt`.  Exploiting these equalities,
+  for example by using casts, is now deprecated, and the conversions
+  `Expr.getControlFlowNode()` and `Stmt.getControlFlowNode()` should be used
+  instead.
 * The default set of taint sources in the `FlowSources` library is extended to
  cover parameters annotated with Spring framework annotations indicating
  remote user input from servlets. This affects all security queries, which