hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
645cc99383b26265dec61be598f2cc431e7e5a6b
codeql/change-notes/1.23/analysis-java.md
Anders Schack-Mulligen 645cc99383 Java: Update change note to cover #2304 and #2346.
2019-11-18 13:26:50 +01:00

2.5 KiB
Raw Blame History

Improvements to Java analysis

The following changes in version 1.23 affect Java analysis in all applications.

New queries

Query Tags Purpose
Continue statement that does not continue (java/continue-in-false-loop) correctness Finds continue statements in do { ... } while (false) loops.

Changes to existing queries

Query Expected impact Change
Dereferenced variable may be null (java/dereferenced-value-may-be-null) Fewer false positives Certain indirect null guards involving two auxiliary variables known to be equal can now be detected.
Non-synchronized override of synchronized method (java/non-sync-override) Fewer false positives Results are now only reported if the immediately overridden method is synchronized.
Query built from user-controlled sources (java/sql-injection) More results The query now identifies arguments to Statement.executeLargeUpdate and Connection.prepareCall as SQL expressions sinks.
Query built from local-user-controlled sources (java/sql-injection-local) More results The query now identifies arguments to Statement.executeLargeUpdate and Connection.prepareCall as SQL expressions sinks.
Query built without neutralizing special characters (java/concatenated-sql-query) More results The query now identifies arguments to Statement.executeLargeUpdate and Connection.prepareCall as SQL expressions sinks.
Useless comparison test (java/constant-comparison) Fewer false positives Additional overflow check patterns are now recognized and no longer reported. Also, a few bug fixes in the range analysis for floating-point variables means a further reduction in false positives.

Changes to libraries

  • The data-flow library has been extended with a new feature to aid debugging. Instead of specifying isSink(Node n) { any() } on a configuration to explore the possible flow from a source, it is recommended to use the new Configuration::hasPartialFlow predicate, as this gives a more complete picture of the partial flow paths from a given source. The feature is disabled by default and can be enabled for individual configurations by overriding int explorationLimit().