mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
563 B
563 B
0.5.4
Minor Analysis Improvements
- Added new sinks for
java/hardcoded-credential-api-callto identify the use of hardcoded secrets in the creation and verification of JWT tokens usingcom.auth0.jwt. These sinks are from an experimental query submitted by @luchua. - The Java extractor now supports builds against JDK 20.
- The query
java/hardcoded-credential-api-callnow recognizes methods that accept user and password from the SQLServerDataSource class of the Microsoft JDBC Driver for SQL Server.