hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

C#: Add change note for #3110

Browse Source
This commit is contained in:
Tom Hvitved
2020-05-06 14:28:47 +02:00
parent 3b3ca6d41e
commit ddd62a56cc
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
change-notes/1.25/analysis-csharp.md
View File

@@ -24,5 +24,28 @@ The following changes in version 1.25 affect C# analysis in all applications.
have type parameters. This means that non-generic nested types inside construced types,
such as `A<int>.B`, no longer are considered unbound generics. (Such nested types do,
however, still have relevant `.getSourceDeclaration()`s, for example `A<>.B`.)
* The data-flow library has been improved, which affects and improves most security queries. Flow
through methods now takes nested field reads/writes into account. For example, the library is
able to track flow from `"taint"` to `Sink()` via the method `GetF2F1()` in
```csharp
class C1
{
string F1;
}
class C2
{
C1 F2;
string GetF2F1() => this.F2.F1; // Nested field read
void M()
{
this.F2 = new C1() { F1 = "taint" };
Sink(this.GetF2F1()); // NEW: "taint" reaches here
}
}
```
## Changes to autobuilder