codeql/csharp/ql/lib/change-notes/released/0.6.3.md

0.6.3

Major Analysis Improvements

• The extractor has been changed to run after the traced compiler call. This allows inspecting compiler generated files, such as the output of source generators. With this change, .cshtml files and their generated .cshtml.g.cs counterparts are extracted on dotnet 6 and above.

Minor Analysis Improvements

• C#: Analysis of the dotnet test command supplied with a dll or exe file as argument no longer fails due to the addition of an erroneous -p:SharedCompilation=false argument.
• Deleted the deprecated WebConfigXML, ConfigurationXMLElement, LocationXMLElement, SystemWebXMLElement, SystemWebServerXMLElement, CustomErrorsXMLElement, and HttpRuntimeXMLElement classes from WebConfig.qll. The non-deprecated names with PascalCased Xml suffixes should be used instead.
• Deleted the deprecated Record class from both Types.qll and Type.qll.
• Deleted the deprecated StructuralComparisonConfiguration class from StructuralComparison.qll, use sameGvn instead.
• Deleted the deprecated isParameterOf predicate from the ParameterNode class.
• Deleted the deprecated SafeExternalAPICallable, ExternalAPIDataNode, UntrustedDataToExternalAPIConfig, UntrustedExternalAPIDataNode, and ExternalAPIUsedWithUntrustedData classes from ExternalAPIsQuery.qll. The non-deprecated names with PascalCased Api suffixes should be used instead.
• Updated the following C# sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
  • code to code-injection
  • sql to sql-injection
  • html to html-injection
  • xss to js-injection
  • remote to file-content-store