hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.22.4
codeql/java/ql/lib/change-notes/released/0.0.12.md
Ian Lynagh 1f8ce3a868 Java: Tweak release notes
2022-03-21 15:14:45 +00:00

1.5 KiB
Raw Permalink Blame History

0.0.12

Breaking Changes

  • The flow state variants of isBarrier and isAdditionalFlowStep are no longer exposed in the taint tracking library. The isSanitizer and isAdditionalTaintStep predicates should be used instead.

Deprecated APIs

  • Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. The old name still exists as a deprecated alias.

New Features

  • The data flow and taint tracking libraries have been extended with versions of isBarrierIn, isBarrierOut, and isBarrierGuard, respectively isSanitizerIn, isSanitizerOut, and isSanitizerGuard, that support flow states.

Minor Analysis Improvements

  • Added new guards IsWindowsGuard, IsSpecificWindowsVariant, IsUnixGuard, and IsSpecificUnixVariant to detect OS specific guards.
  • Added a new predicate getSystemProperty that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, etc.).
  • Added support for detection of SSRF via JDBC database URLs, including connections made using the standard library (java.sql), Hikari Connection Pool, JDBI and Spring JDBC.
  • Re-removed support for CharacterLiteral from CompileTimeConstantExpr.getStringValue() to restore the convention that that predicate only applies to String-typed constants.
  • All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.