codeql/0.0.10.md at 7d546696968613dec39cd4ddabb6da3dfd0335da - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2026-06-17 02:41:08 +02:00

Files

Josh Soref 8ff24bc3b9 spelling: additional

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

2022-10-20 08:18:23 -04:00

855 B

Raw Blame History

0.0.10

Breaking Changes

Add more classes to Netty request/response splitting. Change identification to java/netty-http-request-or-response-splitting. Identify request splitting differently from response splitting in query results. Support additional classes:
- io.netty.handler.codec.http.CombinedHttpHeaders
- io.netty.handler.codec.http.DefaultHttpRequest
- io.netty.handler.codec.http.DefaultFullHttpRequest

New Queries

A new query titled "Local information disclosure in a temporary directory" (java/local-temp-file-or-directory-information-disclosure) has been added. This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory. This query was originally submitted as query by @JLLeitschuh.