hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-17 21:14:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
404ca27aecef46df2ce38887782c5728ef8043cd
codeql/csharp/ql/src/change-notes/released/0.3.3.md
Ian Lynagh 9a3b540551 Update csharp/ql/src/change-notes/released/0.3.3.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-08-25 14:24:11 +01:00

604 B
Raw Blame History

0.3.3

Minor Analysis Improvements

  • Parameters of delegates passed to routing endpoint calls like MapGet in ASP.NET Core are now considered remote flow sources.
  • The query cs/unsafe-deserialization-untrusted-input is not reporting on all calls of JsonConvert.DeserializeObject any longer, it only covers cases that explicitly use unsafe serialization settings.
  • Added better support for the SQLite framework in the SQL injection query.
  • File streams are now considered stored flow sources. For example, reading query elements from a file can lead to a Second Order SQL injection alert.