hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2720f5796590f4eaf8c855ea1fef542e7eb6077c
codeql/csharp/ql/lib/change-notes/released/0.9.0.md
github-actions[bot] ec97d9a304 Release preparation for version 2.17.0
2024-04-01 13:46:57 +00:00

1.5 KiB
Raw Blame History

0.9.0

Breaking Changes

  • The CIL extractor has been deleted and the corresponding extractor option cil has been removed. It is no longer possible to do CIL extraction.
  • The QL library C# classes no longer extend their corresponding DotNet classes. Furthermore, CIL related data flow functionality has been deleted and all DotNet and CIL related classes have been deprecated. This effectively means that it no longer has any effect to enable CIL extraction.

Minor Analysis Improvements

  • Added new source models for the Dapper package. These models can be enabled by enabling the database threat model.
  • Additional models have been added for System.IO. These are primarily source models with the file threat model, and summaries related to reading from a file or stream.
  • Support for C# 12 / .NET8.
  • Added the windows-registry source kind and threat model to represent values which come from the registry on Windows.
  • The models for System.Net.Http.HttpRequestMessage have been modified to better model the flow of tainted URIs.
  • The .NET standard libraries APIs for accessing command line arguments and environment variables have been modeled using the commandargs and environment threat models.
  • The cs/assembly-path-injection query has been modified so that it's sources rely on ThreatModelFlowSource. In order to restore results from command line arguments, you should enable the commandargs threat model.
  • The models for System.IO.TextReader have been modified to better model the flow of tainted text from a TextReader.