codeql/0.5.2.md at ea4c2e432100cb15e4ad5448d02c36153a6f9f95

mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00

Files

Arthur Baars 45c9a0d0b1 Apply suggestions from code review

Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>

2022-10-20 15:22:29 +02:00

0.5.2

Added model of cx_Oracle, oracledb, phonenixdb and pyodbc PyPI packages as a SQL interface following PEP249, resulting in additional sinks for py/sql-injection.
Added model of executemany calls on PEP-249 compliant database APIs, resulting in additional sinks for py/sql-injection.
Added model of pymssql PyPI package as a SQL interface following PEP249, resulting in additional sinks for py/sql-injection.
The alert messages of many queries were changed to better follow the style guide and make the messages consistent with other languages.

Fixed how flask.request is modeled as a RemoteFlowSource, such that we show fewer duplicated alert messages for Code Scanning alerts. The import, such as from flask import request, will now be shown as the first step in a path explanation.