hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
26f624d2d46ec3b738ce0489906d39f88476e870
codeql/change-notes/1.24/analysis-python.md
Rasmus Wriedt Larsen 49fa7c8589 Python: update 1.24 changelog
2020-03-24 10:15:36 +01:00

1.5 KiB
Raw Blame History

Improvements to Python analysis

The following changes in version 1.24 affect Python analysis in all applications.

General improvements

Support for Django version 2.x and 3.x

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change
Uncontrolled command line (py/command-line-injection) More results We now model the fabric and invoke pacakges for command execution.

Web framework support

The QL-library support for the web frameworks Bottle, CherryPy, Falcon, Pyramid, TurboGears, Tornado, and Twisted have been fixed so they provide a proper HttpRequestTaintSource, instead of a TaintSource. This will enable results for the following queries:

  • py/path-injection
  • py/command-line-injection
  • py/reflective-xss
  • py/sql-injection
  • py/code-injection
  • py/unsafe-deserialization
  • py/url-redirection

The QL-library support for the web framework Twisted have been fixed so they provide a proper HttpResponseTaintSink, instead of a TaintSink. This will enable results for the following queries:

  • py/reflective-xss
  • py/stack-trace-exposure

Changes to libraries