hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.3
codeql/python/ql/lib/change-notes/released/0.0.11.md
github-actions[bot] 6b194bc55f Release preparation for version 2.8.3
2022-03-10 19:43:58 +00:00

905 B
Raw Permalink Blame History

0.0.11

Minor Analysis Improvements

  • Added new SSRF sinks for httpx, pycurl, urllib, urllib2, urllib3, and libtaxii. This improvement was submitted by @haby0.
  • The regular expression parser now groups sequences of normal characters. This reduces the number of instances of RegExpNormalChar.
  • Fixed taint propagation for attribute assignment. In the assignment x.foo = tainted we no longer treat the entire object x as tainted, just because the attribute foo contains tainted data. This leads to slightly fewer false positives.
  • Improved analysis of attributes for data-flow and taint tracking queries, so getattr/setattr are supported, and a write to an attribute properly stops flow for the old value in that attribute.
  • Added post-update nodes (DataFlow::PostUpdateNode) for arguments in calls that can't be resolved.