mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
18 lines
1.5 KiB
Markdown
18 lines
1.5 KiB
Markdown
## 0.9.0
|
|
|
|
### Breaking Changes
|
|
|
|
* The CIL extractor has been deleted and the corresponding extractor option `cil` has been removed. It is no longer possible to do CIL extraction.
|
|
* The QL library C# classes no longer extend their corresponding `DotNet` classes. Furthermore, CIL related data flow functionality has been deleted and all `DotNet` and `CIL` related classes have been deprecated. This effectively means that it no longer has any effect to enable CIL extraction.
|
|
|
|
### Minor Analysis Improvements
|
|
|
|
* Added new source models for the `Dapper` package. These models can be enabled by enabling the `database` threat model.
|
|
* Additional models have been added for `System.IO`. These are primarily source models with the `file` threat model, and summaries related to reading from a file or stream.
|
|
* Support for C# 12 / .NET8.
|
|
* Added the `windows-registry` source kind and threat model to represent values which come from the registry on Windows.
|
|
* The models for `System.Net.Http.HttpRequestMessage` have been modified to better model the flow of tainted URIs.
|
|
* The .NET standard libraries APIs for accessing command line arguments and environment variables have been modeled using the `commandargs` and `environment` threat models.
|
|
* The `cs/assembly-path-injection` query has been modified so that it's sources rely on `ThreatModelFlowSource`. In order to restore results from command line arguments, you should enable the `commandargs` threat model.
|
|
* The models for `System.IO.TextReader` have been modified to better model the flow of tainted text from a `TextReader`.
|