hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Minor text updates

Browse Source
This commit is contained in:
Felicity Chapman
2019-06-06 18:48:23 +01:00
parent f7a092882b
commit 5be8576ee2
1 changed files with 7 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
change-notes/1.21/analysis-java.md
View File

@@ -1,10 +1,5 @@
# Improvements to Java analysis # Improvements to Java analysis
## New queries
| **Query** | **Tags** | **Purpose** |
|-----------------------------|-----------|--------------------------------------------------------------------|
## Changes to existing queries ## Changes to existing queries
| **Query** | **Expected impact** | **Change** | | **Query** | **Expected impact** | **Change** |
@@ -19,14 +14,13 @@
`checkArgument` and `checkState` methods in `checkArgument` and `checkState` methods in
`com.google.common.base.Preconditions`, the `isTrue` and `validState` methods `com.google.common.base.Preconditions`, the `isTrue` and `validState` methods
in `org.apache.commons.lang3.Validate`, as well as any similar custom in `org.apache.commons.lang3.Validate`, as well as any similar custom
methods. This means that more guards are recognized yielding precision methods. This means that more guards are recognized which improves the precision of a number of queries including `java/index-out-of-bounds`,
improvements in a number of queries including `java/index-out-of-bounds`,
`java/dereferenced-value-may-be-null`, and `java/useless-null-check`. `java/dereferenced-value-may-be-null`, and `java/useless-null-check`.
* The default sanitizer in taint tracking has been made more precise. The * The default sanitizer in taint tracking has been made more precise. The
sanitizer works by looking for guards that inspect tainted strings, and it sanitizer works by looking for guards that inspect tainted strings. It
used to work at the level of individual variables. This has been changed to previously worked at the level of individual variables. Now it
use the `Guards` library, such that only guarded variable accesses are uses the `Guards` library, such that only guarded variable accesses are
sanitized. This may give additional results in the security queries. sanitized. This may give additional results for security queries.
* Spring framework support is enhanced by taking into account additional * Spring framework support now takes into account additional
annotations that indicate remote user input. This affects all security annotations that indicate remote user input. This affects all security
queries, which may yield additional results. queries, which may give additional results.