mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
fa40d59332
Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there. I'm working on a document to describe how and when to create change notes for packs separately.
10 lines
624 B
Markdown
10 lines
624 B
Markdown
lgtm,codescanning
|
|
* Two new queries, "Untrusted data passed to external API" (`java/untrusted-data-to-external-api`)
|
|
and "Frequency counts for external APIs that are used with untrusted data"
|
|
(`java/count-untrusted-data-external-api`), have been added. These queries
|
|
should not be run by default as they are designed to have a low "true
|
|
positive" rate. However, they allow you to review the use of untrusted data
|
|
in an application to find new security vulnerabilities that are not found by
|
|
the default security queries, as well as identifying opportunities to improve
|
|
or add modeling of taint steps and sinks.
|