hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.21.1
codeql/java/ql/lib/change-notes/released/0.8.1.md
github-actions[bot] 3b3c036626 Release preparation for version 2.15.1
2023-10-16 17:49:39 +00:00

2.5 KiB
Raw Permalink Blame History

0.8.1

New Features

  • Added predicate MemberRefExpr::getReceiverExpr

Minor Analysis Improvements

  • The isBarrier, isBarrierIn, isBarrierOut, and isAdditionalFlowStep methods of the taint-tracking configurations for local queries in the ArithmeticTaintedLocalQuery, ExternallyControlledFormatStringLocalQuery, ImproperValidationOfArrayIndexQuery, NumericCastTaintedQuery, ResponseSplittingLocalQuery, SqlTaintedLocalQuery, and XssLocalQuery libraries have been changed to match their remote counterpart configurations.
  • Deleted the deprecated isBarrierGuard predicate from the dataflow library and its uses, use isBarrier and the BarrierGuard module instead.
  • Deleted the deprecated getAValue predicate from the Annotation class.
  • Deleted the deprecated alias FloatingPointLiteral, use FloatLiteral instead.
  • Deleted the deprecated getASuppressedWarningLiteral predicate from the SuppressWarningsAnnotation class.
  • Deleted the deprecated getATargetExpression predicate form the TargetAnnotation class.
  • Deleted the deprecated getRetentionPolicyExpression predicate from the RetentionAnnotation class.
  • Deleted the deprecated conditionCheck predicate from Preconditions.qll.
  • Deleted the deprecated semmle.code.java.security.performance folder, use semmle.code.java.security.regexp instead.
  • Deleted the deprecated ExternalAPI class from ExternalApi.qll, use ExternalApi instead.
  • Modified the EnvInput class in semmle.code.java.dataflow.FlowSources to include environment and file source nodes. There are no changes to results unless you add source models using the environment or file source kinds.
  • Added environment source models for the following methods:
    • java.lang.System#getenv
    • java.lang.System#getProperties
    • java.lang.System#getProperty
    • java.util.Properties#get
    • java.util.Properties#getProperty
  • Added file source models for the following methods:
    • the java.io.FileInputStream constructor
    • hudson.FilePath#newInputStreamDenyingSymlinkAsNeeded
    • hudson.FilePath#openInputStream
    • hudson.FilePath#read
    • hudson.FilePath#readFromOffset
    • hudson.FilePath#readToString
  • Modified the DatabaseInput class in semmle.code.java.dataflow.FlowSources to include database source nodes. There are no changes to results unless you add source models using the database source kind.
  • Added database source models for the following method:
    • java.sql.ResultSet#getString