hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-24 22:27:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
326fa74b218c33c88fa4e32ec45fed09b41f4660
codeql/java/ql/src/change-notes/released/0.1.2.md
Mathias Vorreiter Pedersen eb3a35eaea Update java/ql/src/change-notes/released/0.1.2.md
2022-05-12 11:43:27 +01:00

607 B
Raw Blame History

0.1.2

Query Metadata Changes

  • Query java/predictable-seed now has a tag for CWE-337.

Minor Analysis Improvements

  • Query java/insecure-cookie now tolerates setting a cookie's secure flag to request.isSecure(). This means servlets that intentionally accept unencrypted connections will no longer raise an alert.
  • The query java/non-https-urls has been simplified and no longer requires its sinks to be MethodAccesses.
  • The logic to detect WebViews with JavaScript (and optionally file access) enabled in the query java/android/unsafe-android-webview-fetch has been improved.