codeql/0.7.4.md at e992d86d38920819a6884969803f25615da0e7d6 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00

Files

github-actions[bot] abf2b12b1c Release preparation for version 2.14.4

2023-09-05 16:56:14 +00:00

564 B

Raw Blame History

0.7.4

New Queries

Added the java/trust-boundary-violation query to detect trust boundary violations between HTTP requests and the HTTP session. Also added the trust-boundary-violation sink kind for sinks which may cross a trust boundary, such as calls to the HttpSession#setAttribute method.

Minor Analysis Improvements

The queries "Resolving XML external entity in user-controlled data" (java/xxe) and "Resolving XML external entity in user-controlled data from local source" (java/xxe-local) now recognize sinks in the MDHT library.