mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
11 lines
906 B
Markdown
11 lines
906 B
Markdown
## 0.0.4
|
|
|
|
### Major Analysis Improvements
|
|
|
|
* Added modeling of `os.stat`, `os.lstat`, `os.statvfs`, `os.fstat`, and `os.fstatvfs`, which are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
|
|
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
|
|
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.
|
|
* Added modeling of `aiopg` for sinks executing SQL.
|
|
* Added modeling of HTTP requests and responses when using `flask_admin` (`Flask-Admin` PyPI package), which leads to additional remote flow sources.
|
|
* Added modeling of the PyPI package `toml`, which provides encoding/decoding of TOML documents, leading to new taint-tracking steps.
|