hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.1
codeql/python/ql/lib/change-notes/released/0.7.0.md
Jeroen Ketema 170242f79c Apply suggestions from code review
2023-01-05 17:57:19 +01:00

1.5 KiB
Raw Permalink Blame History

0.7.0

Major Analysis Improvements

  • The PAM authorization bypass due to incorrect usage (py/pam-auth-bypass) query has been converted to a taint-tracking query, resulting in significantly fewer false positives.

Minor Analysis Improvements

  • Added subprocess.getoutput and subprocess.getoutputstatus as new command injection sinks for the StdLib.
  • The data-flow library has been rewritten to no longer rely on the points-to analysis in order to resolve references to modules. Improvements in the module resolution can lead to more results.
  • Deleted the deprecated importNode predicate from the DataFlowUtil.qll file.
  • Deleted the deprecated features from PEP249.qll that were not inside the PEP249 module.
  • Deleted the deprecated werkzeug from the Werkzeug module in Werkzeug.qll.
  • Deleted the deprecated methodResult predicate from PEP249::Cursor.

Bug Fixes

  • except* is now supported.
  • The result of Try.getAHandler and Try.getHandler(<index>) is no longer of type ExceptStmt, as handlers may also be ExceptGroupStmts (After Python 3.11 introduced PEP 654). Instead, it is of the new type ExceptionHandler of which ExceptStmt and ExceptGroupStmt are subtypes. To support selecting only one type of handler, Try.getANormalHandler and Try.getAGroupHandler have been added. Existing uses of Try.getAHandler for which it is important to select only normal handlers, will need to be updated to Try.getANormalHandler.