hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
28b6aa8616a393ebb45186e3ba4df004a0f3ef4e
codeql/go/ql/lib/change-notes/released/0.4.0.md
Jeroen Ketema 170242f79c Apply suggestions from code review
2023-01-05 17:57:19 +01:00

1.5 KiB
Raw Blame History

0.4.0

Breaking Changes

  • The signature of allowImplicitRead on DataFlow::Configuration and TaintTracking::Configuration has changed from allowImplicitRead(DataFlow::Node node, DataFlow::Content c) to allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c).

Deprecated APIs

  • The BarrierGuard class has been deprecated. Such barriers and sanitizers can now instead be created using the new BarrierGuard parameterized module.

Minor Analysis Improvements

  • The predicate getNumParameter on FuncTypeExpr has been changed to actually give the number of parameters. It previously gave the number of parameter declarations. getNumParameterDecl has been introduced to preserve this functionality.
  • The definition of mayHaveSideEffects for ReturnStmt was incorrect when more than one expression was being returned. Such return statements were effectively considered to never have side effects. This has now been fixed. In rare circumstances globalValueNumber may have incorrectly treated two values as the same when they were in fact distinct.
  • Queries that care about SQL, such as go/sql-injection, now recognise SQL-consuming functions belonging to the gorqlite and GoFrame packages.
  • rsync has been added to the list of commands which may evaluate its parameters as a shell command.

Bug Fixes

  • Fixed an issue in the taint tracking analysis where implicit reads were not allowed by default in sinks or additional taint steps that used flow states.