hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add change notes for ThreadResourceAbuse ArithExpr fix

Browse Source
This commit is contained in:
Eric Bickle
2023-10-06 14:31:37 -07:00
parent 000c1f7ec8
commit 4dca396106
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/change-notes/2023-10-06-thread-resource-abuse-arithexpr.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: majorAnalysis
---
* The `java/thread-resource-abuse` experimental query has been improved to ensure that tained values flowing through arithmetic operations are preserved. For example, `Thread.sleep(untrustedInput * 1000)` will now be detected as a vulnerability.