hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
codeql/change-notes/1.21/analysis-java.md
Felicity Chapman 5be8576ee2 Minor text updates
2019-06-06 18:48:23 +01:00

1.8 KiB
Raw Permalink Blame History

Improvements to Java analysis

Changes to existing queries

Query Expected impact Change
Implicit conversion from array to string (java/print-array) Fewer false positive results Results in slf4j logging calls are no longer reported as slf4j supports array printing.
Result of multiplication cast to wider type (java/integer-multiplication-cast-to-long) Fewer false positive results Range analysis is now used to exclude results involving multiplication of small values that cannot overflow.

Changes to QL libraries

  • The Guards library has been extended to account for method calls that check conditions by conditionally throwing an exception. This includes the checkArgument and checkState methods in com.google.common.base.Preconditions, the isTrue and validState methods in org.apache.commons.lang3.Validate, as well as any similar custom methods. This means that more guards are recognized which improves the precision of a number of queries including java/index-out-of-bounds, java/dereferenced-value-may-be-null, and java/useless-null-check.
  • The default sanitizer in taint tracking has been made more precise. The sanitizer works by looking for guards that inspect tainted strings. It previously worked at the level of individual variables. Now it uses the Guards library, such that only guarded variable accesses are sanitized. This may give additional results for security queries.
  • Spring framework support now takes into account additional annotations that indicate remote user input. This affects all security queries, which may give additional results.