hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-13 10:49:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
48e16e52b5601b573b481370c9c92de718e1db76
codeql/java/ql/src/change-notes/released/0.1.3.md
github-actions[bot] 1f1b364feb Release preparation for version 2.9.3
2022-05-25 07:46:48 +00:00

715 B
Raw Blame History

0.1.3

New Queries

  • Two new queries "Inefficient regular expression" (java/redos) and "Polynomial regular expression used on uncontrolled data" (java/polynomial-redos) have been added. These queries help find instances of Regular Expression Denial of Service vulnerabilities.

Minor Analysis Improvements

  • Query java/sensitive-log has received several improvements.
    • It no longer considers usernames as sensitive information.
    • The conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened.
    • A sanitizer has been added to handle certain elements introduced by a Kotlin compiler plugin that have deceptive names.