hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2c7af72f14d9b0ed1ce4cfdb34a06da3a3216287
codeql/change-notes/1.24/analysis-python.md
Rasmus Wriedt Larsen e804e98d60 Python: Update change-notes
2020-02-21 14:08:09 +01:00

1.4 KiB
Raw Blame History

Improvements to Python analysis

The following changes in version 1.24 affect Python analysis in all applications.

General improvements

Support for Django version 2.x and 3.x

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change

Web framework support

The QL-library support for the web frameworks Bottle, CherryPy, Falcon, Pyramid, TurboGears, Tornado, and Twisted have been fixed so they provide a proper HttpRequestTaintSource, instead of a TaintSource. This will enable results for the following queries:

  • py/path-injection
  • py/command-line-injection
  • py/reflective-xss
  • py/sql-injection
  • py/code-injection
  • py/unsafe-deserialization
  • py/url-redirection

The QL-library support for the web framework Twisted have been fixed so they provide a proper HttpResponseTaintSink, instead of a TaintSink. This will enable results for the following queries:

  • py/reflective-xss
  • py/stack-trace-exposure

Changes to libraries