hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
This commit is contained in:
Taus
2020-04-22 16:03:20 +02:00
committed by GitHub
parent e97d88c158
commit 44b570f7b6
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
change-notes/1.24/analysis-python.md
View File

@@ -14,7 +14,7 @@ The following changes in version 1.24 affect Python analysis in all applications
- A large number of libraries and queries have been moved to the new `Value` API, which should result in more precise results.
- The `Value` API has been extended in various ways:
- The `Value` interface has been extended in various ways:
- A new `StringValue` class has been added, for tracking string literals.
- Values now have a `booleanValue` method which returns the boolean interpretation of the given value.
- Built-in methods for which the return type is not fixed are now modeled as returning an unknown value by default.
@@ -24,10 +24,10 @@ The following changes in version 1.24 affect Python analysis in all applications
| **Query** | **Expected impact** | **Change** |
|----------------------------|------------------------|------------------------------------------------------------------|
| Arbitrary file write during tarfile extraction (`py/tarslip`) | Fewer false negatives | Negations are now handled correctly in conditionals that may sanitize tainted values. |
| First parameter of a method is not named 'self' (`py/not-named-self`) | Fewer false positives | `__class_getitem__` is now recognized as a class method. |
| Import of deprecated module (`py/import-deprecated-module) | Fewer false positives | Deprecated modules used for backwards compatibility are no longer reported.|
| Module imports itself (`py/import-own-module`) | Fewer false positives | Imports local to a given package are no longer classified as self-imports. |
| Arbitrary file write during tarfile extraction (`py/tarslip`) | Fewer false negative results | Negations are now handled correctly in conditional expressions that may sanitize tainted values. |
| First parameter of a method is not named 'self' (`py/not-named-self`) | Fewer false positive results | `__class_getitem__` is now recognized as a class method. |
| Import of deprecated module (`py/import-deprecated-module`) | Fewer false positive results | Deprecated modules that are used to provide backwards compatibility are no longer reported.|
| Module imports itself (`py/import-own-module`) | Fewer false positive results | Imports local to a given package are no longer classified as self-imports. |
| Uncontrolled command line (`py/command-line-injection`) | More results | We now model the `fabric` and `invoke` packages for command execution. |
### Web framework support
@@ -53,4 +53,4 @@ queries:
## Changes to libraries
### Taint tracking
- The `urlsplit` and `urlparse` functions now propagate taint appropriately.
- HTTP requests using the `requests` library are now modeled.
- HTTP requests using the `requests` library are now modeled.