hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update change notes for name change

Browse Source
This commit is contained in:
Felicity Chapman
2019-11-01 12:27:43 +00:00
parent 570e55190d
commit 236e1f7955
5 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
change-notes/1.23/analysis-cpp.md
View File

@@ -24,7 +24,7 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.
| Unclear comparison precedence (`cpp/comparison-precedence`) | Fewer false positive results | False positives involving template classes and functions have been fixed. | | Unclear comparison precedence (`cpp/comparison-precedence`) | Fewer false positive results | False positives involving template classes and functions have been fixed. |
| Comparison of narrow type with wide type in loop condition (`cpp/comparison-with-wider-type`) | Higher precision | The precision of this query has been increased to "high" as the alerts from this query have proved to be valuable on real-world projects. With this precision, results are now displayed by default in LGTM. | | Comparison of narrow type with wide type in loop condition (`cpp/comparison-with-wider-type`) | Higher precision | The precision of this query has been increased to "high" as the alerts from this query have proved to be valuable on real-world projects. With this precision, results are now displayed by default in LGTM. |
## Changes to QL libraries ## Changes to libraries
* The data-flow library has been extended with a new feature to aid debugging. * The data-flow library has been extended with a new feature to aid debugging.
Instead of specifying `isSink(Node n) { any() }` on a configuration to Instead of specifying `isSink(Node n) { any() }` on a configuration to

2
change-notes/1.23/analysis-csharp.md
View File

@@ -24,7 +24,7 @@ The following changes in version 1.23 affect C# analysis in all applications.
* `nameof` expressions are now extracted correctly when the name is a namespace. * `nameof` expressions are now extracted correctly when the name is a namespace.
## Changes to QL libraries ## Changes to libraries
* The new class `NamespaceAccess` models accesses to namespaces, for example in `nameof` expressions. * The new class `NamespaceAccess` models accesses to namespaces, for example in `nameof` expressions.
* The data-flow library now makes it easier to specify barriers/sanitizers * The data-flow library now makes it easier to specify barriers/sanitizers

2
change-notes/1.23/analysis-java.md
View File

@@ -19,7 +19,7 @@ The following changes in version 1.23 affect Java analysis in all applications.
| Query built without neutralizing special characters (`java/concatenated-sql-query`) | More results | The query now identifies arguments to `Statement.executeLargeUpdate` and `Connection.prepareCall` as SQL expressions sinks. | | Query built without neutralizing special characters (`java/concatenated-sql-query`) | More results | The query now identifies arguments to `Statement.executeLargeUpdate` and `Connection.prepareCall` as SQL expressions sinks. |
| Useless comparison test (`java/constant-comparison`) | Fewer false positives | Additional overflow check patterns are now recognized and no longer reported. | | Useless comparison test (`java/constant-comparison`) | Fewer false positives | Additional overflow check patterns are now recognized and no longer reported. |
## Changes to QL libraries ## Changes to libraries
* The data-flow library has been extended with a new feature to aid debugging. * The data-flow library has been extended with a new feature to aid debugging.
Instead of specifying `isSink(Node n) { any() }` on a configuration to Instead of specifying `isSink(Node n) { any() }` on a configuration to

2
change-notes/1.23/analysis-javascript.md
View File

@@ -46,7 +46,7 @@
| Uncontrolled data used in path expression (`js/path-injection`) | Fewer false-positive results | This query now recognizes calls to Express `sendFile` as safe in some cases. | | Uncontrolled data used in path expression (`js/path-injection`) | Fewer false-positive results | This query now recognizes calls to Express `sendFile` as safe in some cases. |
| Unknown directive (`js/unknown-directive`) | Fewer false positive results | This query no longer flags uses of ":", which is sometimes used like a directive. | | Unknown directive (`js/unknown-directive`) | Fewer false positive results | This query no longer flags uses of ":", which is sometimes used like a directive. |
## Changes to QL libraries ## Changes to libraries
* `Expr.getDocumentation()` now handles chain assignments. * `Expr.getDocumentation()` now handles chain assignments.

2
change-notes/support/README.md
View File

@@ -1,6 +1,6 @@
# Files moved to ``docs`` directory # Files moved to ``docs`` directory
Now that all of the QL documentation is in this repository, Now that all of the CodeQL documentation is in this repository,
notes on the languages, compilers, and frameworks supported have moved. notes on the languages, compilers, and frameworks supported have moved.
They're now stored as part of the Sphinx ``support`` project with the other documentation: They're now stored as part of the Sphinx ``support`` project with the other documentation:
``docs/language/support``. ``docs/language/support``.