hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.5
codeql/java/ql/lib/change-notes/released/0.3.4.md
Tony Torralba 62b1091c17 Fix wrong packages in minor analysis change
2022-09-15 16:30:12 +02:00

2.5 KiB
Raw Permalink Blame History

0.3.4

Deprecated APIs

  • Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias.
  • The utility files previously in the semmle.code.java.security.performance package have been moved to the semmle.code.java.security.regexp package.
    The previous files still exist as deprecated aliases.

New Features

  • Added a new predicate, requiresPermissions, in the AndroidComponentXmlElement and AndroidApplicationXmlElement classes to detect if the element has explicitly set a value for its android:permission attribute.
  • Added a new predicate, hasAnIntentFilterElement, in the AndroidComponentXmlElement class to detect if a component contains an intent filter element.
  • Added a new predicate, hasExportedAttribute, in the AndroidComponentXmlElement class to detect if a component has an android:exported attribute.
  • Added a new class, AndroidCategoryXmlElement, to represent a category element in an Android manifest file.
  • Added a new predicate, getACategoryElement, in the AndroidIntentFilterXmlElement class to get a category element of an intent filter.
  • Added a new predicate, isInBuildDirectory, in the AndroidManifestXmlFile class. This predicate detects if the manifest file is located in a build directory.
  • Added a new predicate, isDebuggable, in the AndroidApplicationXmlElement class. This predicate detects if the application element has its android:debuggable attribute enabled.

Minor Analysis Improvements

  • Added new flow steps for the classes java.nio.file.Path and java.nio.file.Paths.
  • The class AndroidFragment now also models the Android Jetpack version of the Fragment class (androidx.fragment.app.Fragment).
  • Java 19 builds can now be extracted. There are no non-preview new language features in this release, so the only user-visible change is that the CodeQL extractor will now correctly trace compilations using the JDK 19 release of javac.
  • Classes and methods that are seen with several different paths during the extraction process (for example, packaged into different JAR files) now report an arbitrarily selected location via their getLocation and hasLocationInfo predicates, rather than reporting all of them. This may lead to reduced alert duplication.
  • The query java/hardcoded-credential-api-call now recognises methods that consume usernames, passwords and keys from the JSch, Ganymed, Apache SSHD, sshj, Trilead SSH-2, Apache FTPClient and MongoDB projects.