hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c2175b678caf7183fd17e8001334459280f84dab
codeql/change-notes/1.25/analysis-python.md
Rasmus Wriedt Larsen 59548a523e Python: Add change-note about UntrustedStringKind imports
2020-05-29 13:45:10 +02:00

1.1 KiB
Raw Blame History

Improvements to Python analysis

The following changes in version 1.25 affect Python analysis in all applications.

General improvements

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change

Changes to libraries

  • Importing semmle.python.web.HttpRequest will no longer import UntrustedStringKind transitively. UntrustedStringKind is the most commonly used non-abstract subclass of ExternalStringKind. If not imported (by one mean or another), taint-tracking queries that concern ExternalStringKind will not produce any results. Please ensure such queries contain an explicit import (import semmle.python.security.strings.Untrusted).