hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
79c90fa36aa1f29ab3a15d3fb42e6b27c68137cc
codeql/java/ql/lib/change-notes/released/0.7.2.md
github-actions[bot] 79c90fa36a Release preparation for version 2.14.2
2023-08-07 18:08:52 +00:00

880 B
Raw Blame History

0.7.2

New Features

  • A Diagnostic.getCompilationInfo() predicate has been added.

Minor Analysis Improvements

  • Fixed a typo in the StdlibRandomSource class in RandomDataSource.qll, which caused the class to improperly model calls to the nextBytes method. Queries relying on StdlibRandomSource may see an increase in results.
  • Improved the precision of virtual dispatch of java.io.InputStream methods. Now, calls to these methods will not dispatch to arbitrary implementations of InputStream if there is a high-confidence alternative (like a models-as-data summary).
  • Added more dataflow steps for java.io.InputStreams that wrap other java.io.InputStreams.
  • Added models for the Struts 2 framework.
  • Improved the modeling of Struts 2 sources of untrusted data by tainting the whole object graph of the objects unmarshaled from an HTTP request.