hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c2175b678caf7183fd17e8001334459280f84dab
codeql/change-notes/1.25/analysis-java.md
Tom Hvitved 0b85f3fed4 Address review comments
2020-05-07 15:58:46 +02:00

1.2 KiB
Raw Blame History

Improvements to Java analysis

The following changes in version 1.25 affect Java analysis in all applications.

General improvements

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change

Changes to libraries

  • The data-flow library has been improved, which affects most security queries by potentially adding more results. Flow through methods now takes nested field reads/writes into account. For example, the library is able to track flow from "taint" to sink() via the method getF2F1() in 
    class C1 {
  String f1;
  C1(String f1) { this.f1 = f1; }
}

class C2 {
  C1 f2;
  String getF2F1() {
      return this.f2.f1; // Nested field read
  }
  void m() {
      this.f2 = new C1("taint");
      sink(this.getF2F1()); // NEW: "taint" reaches here
  }
}