hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
77eac2c980600c9d1be60a6bcdfcdfdec23977c2
codeql/change-notes/1.22/analysis-java.md
Anders Schack-Mulligen 3588066ba1 Java: Add qldoc and change note.
2019-07-18 17:53:40 +02:00

839 B
Raw Blame History

Improvements to Java analysis

Changes to existing queries

Query Expected impact Change
Equals method does not inspect argument type (java/unchecked-cast-in-equals) Fewer false positive and more true positive results Precision has been improved by doing a bit of inter-procedural analysis and relying less on ad-hoc method names.

Changes to QL libraries

  • The virtual dispatch library has been updated to give more precise dispatch targets for Object.toString() calls. This affects all security queries and removes false positives that arose from paths through impossible toString() calls.