hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-09 00:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f6975117fe4591a735caad7ca310de7651227939
codeql/java/ql/src/change-notes/released/0.8.9.md
Florin Coada a8816a6d1c Update java/ql/src/change-notes/released/0.8.9.md 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2024-03-01 09:18:22 +00:00

1.1 KiB
Raw Blame History

0.8.9

New Queries

  • Added a new query java/android/insecure-local-authentication for finding uses of biometric authentication APIs that do not make use of a KeyStore-backed key and thus may be bypassed.

Query Metadata Changes

  • The security-severity score of the query java/relative-path-command has been reduced to better adjust it to the specific conditions needed for exploitation.

Major Analysis Improvements

  • The sinks of the queries java/path-injection and java/path-injection-local have been reworked. Path creation sinks have been converted to summaries instead, while sinks now are actual file read/write operations only. This has reduced the false positive ratio of both queries.

Minor Analysis Improvements

  • The sanitizer for the path injection queries has been improved to handle more cases where equals is used to check an exact path match.
  • The query java/unvalidated-url-redirection now sanitizes results following the same logic as the query java/ssrf. URLs where the destination cannot be controlled externally are no longer reported.