hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add change note for enhance visibility of security alerts and conversion to path-queries.

Browse Source
This commit is contained in:
Mark Shannon
2018-11-16 14:41:55 +00:00
committed by Mark Shannon
parent 24bf2922e0
commit 2ac2233e69
1 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
change-notes/1.19/analysis-python.md Normal file
View File

@@ -0,0 +1,38 @@
# Improvements to Python analysis
## General improvements
> Changes that affect alerts in many files or from many queries
> For example, changes to file classification
## New queries
| **Query** | **Tags** | **Purpose** |
|-----------------------------|-----------|--------------------------------------------------------------------|
| *@name of query (Query ID)* | *Tags* |*Aim of the new query and whether it is enabled by default or not* |
## Changes to existing queries
All taint-tracking queries now support visualization of paths in QL for Eclipse.
Most security alerts are now visible on LGTM by default.
| **Query** | **Expected impact** | **Change** |
|----------------------------|------------------------|------------------------------------------------------------------|
| Code injection (`py/code-injection`) | Supports path visualization and is now visible on LGTM by default | No change to expected results |
| Deserializing untrusted input (`py/unsafe-deserialization`) | Supports path visualization | No change to expected results |
| Information exposure through an exception (`py/stack-trace-exposure`) | Now visible on LGTM by default | No change to expected results |
| Reflected server-side cross-site scripting (`py/reflective-xss`) | Supports path visualization and is now visible on LGTM by default | No change to expected results |
| SQL query built from user-controlled sources (`py/sql-injection`) | Supports path visualization and is now visible on LGTM by default | No change to expected results |
| Uncontrolled data used in path expression (`py/path-injection`) | Supports path visualization and is now visible on LGTM by default | No change to expected results |
| Uncontrolled command line (`py/command-line-injection`) | Supports path visualization and is now visible on LGTM by default | No change to expected results |
| URL redirection from remote source (`py/url-redirection`) | Supports path visualization and is now visible on LGTM by default | No change to expected results |
## Changes to code extraction
* *Series of bullet points*
## Changes to QL libraries
* *Series of bullet points*