hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
codeql/python/ql/lib/change-notes/released/0.11.6.md
github-actions[bot] a6c8cc9551 Release preparation for version 2.16.0
2024-01-08 13:11:26 +00:00

1.2 KiB
Raw Permalink Blame History

0.11.6

Major Analysis Improvements

  • Added support for global data-flow through captured variables.

Minor Analysis Improvements

  • Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that flask_restful.Resource is a subclass of flask.views.MethodView, so our Flask modeling will still consider a function named post on a class Foo(flask_restful.Resource): as a HTTP request handler.
  • Python now makes use of the shared type tracking library, exposed as semmle.python.dataflow.new.TypeTracking. The existing type tracking library, semmle.python.dataflow.new.TypeTracker, has consequently been deprecated.

Bug Fixes

  • We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly.
  • The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected.