hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.3
codeql/java/ql/lib/change-notes/released/0.8.1.md
github-actions[bot] 3b3c036626 Release preparation for version 2.15.1
2023-10-16 17:49:39 +00:00

38 lines
2.5 KiB
Markdown
Raw Permalink Blame History

## 0.8.1
### New Features
* Added predicate `MemberRefExpr::getReceiverExpr`
### Minor Analysis Improvements
* The `isBarrier`, `isBarrierIn`, `isBarrierOut`, and `isAdditionalFlowStep` methods of the taint-tracking configurations for local queries in the `ArithmeticTaintedLocalQuery`, `ExternallyControlledFormatStringLocalQuery`, `ImproperValidationOfArrayIndexQuery`, `NumericCastTaintedQuery`, `ResponseSplittingLocalQuery`, `SqlTaintedLocalQuery`, and `XssLocalQuery` libraries have been changed to match their remote counterpart configurations.
* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
* Deleted the deprecated `getAValue` predicate from the `Annotation` class.
* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead.
* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class.
* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class.
* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class.
* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`.
* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead.
* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead.
* Modified the `EnvInput` class in `semmle.code.java.dataflow.FlowSources` to include `environment` and `file` source nodes.
There are no changes to results unless you add source models using the `environment` or `file` source kinds.
* Added `environment` source models for the following methods:
* `java.lang.System#getenv`
* `java.lang.System#getProperties`
* `java.lang.System#getProperty`
* `java.util.Properties#get`
* `java.util.Properties#getProperty`
* Added `file` source models for the following methods:
* the `java.io.FileInputStream` constructor
* `hudson.FilePath#newInputStreamDenyingSymlinkAsNeeded`
* `hudson.FilePath#openInputStream`
* `hudson.FilePath#read`
* `hudson.FilePath#readFromOffset`
* `hudson.FilePath#readToString`
* Modified the `DatabaseInput` class in `semmle.code.java.dataflow.FlowSources` to include `database` source nodes.
There are no changes to results unless you add source models using the `database` source kind.
* Added `database` source models for the following method:
* `java.sql.ResultSet#getString`
Reference in New Issue View Git Blame Copy Permalink