hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ca08097b56e1874e39cc1f012c8ab9c41bcdc2e9
codeql/change-notes/1.24/analysis-csharp.md
Calum Grant 59ce8842bb Merge branch 'master' of git.semmle.com:Semmle/ql into ASPNetPagesValidateRequest 
# Conflicts:
#	change-notes/1.24/analysis-csharp.md
2019-12-05 15:58:47 +00:00

1.3 KiB
Raw Blame History

Improvements to C# analysis

The following changes in version 1.24 affect C# analysis in all applications.

New queries

Query Tags Purpose
Insecure configuration for ASP.NET requestValidationMode (cs/insecure-request-validation-mode) security, external/cwe/cwe-016 Finds where this attribute has been set to a value less than 4.5, which turns off some validation features and makes the application less secure.
Page request validation is disabled (cs/web/request-validation-disabled) security, frameworks/asp.net, external/cwe/cwe-016 Finds where ASP.NET page request validation has been disabled, which could makes the application less secure.

Changes to existing queries

Query Expected impact Change

Removal of old queries

Changes to code extraction

Changes to libraries

  • The taint tracking library now tracks flow through (implicit or explicit) conversion operator calls.

Changes to autobuilder