Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.12.2/ below:

CodeQL 2.12.2 (2023-02-07) — CodeQL

Contents

• Security Coverage

• CodeQL CLI

  • Bug Fixes

  • Miscellaneous

• Query Packs

  • New Queries

• Language Libraries

  • Major Analysis Improvements

  • Minor Analysis Improvements

This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.

CodeQL 2.12.2 runs a total of 385 security queries when configured with the Default suite (covering 154 CWE). The Extended suite enables an additional 121 queries (covering 31 more CWE). 2 security queries have been added with this release.

• Fixed a QL evaluator bug introduced in release 2.12.1 which could in certain rare cases lead to wrong analysis results.

• Fixed handling of -Xclang <arg> arguments passed to the clang compiler which could cause missing extractions for C++ code bases.

• Fixed a bug where the --overwrite option was failing for database clusters.

• The build of Eclipse Temurin OpenJDK that is bundled with the CodeQL CLI has been updated to version 17.0.6.

• Added a new query, java/android/sensitive-result-receiver, to find instances of sensitive data being leaked to an untrusted ResultReceiver.

• Added a new query, rb/html-constructed-from-input, to detect libraries that unsafely construct HTML from their inputs.

• Add extractor and library support for UTF-8 encoded strings.

• The StringLiteral class includes UTF-8 encoded strings.

• In the DB Scheme @string_literal_expr is renamed to @utf16_string_literal_expr.

• C# 11: Added extractor support for ref fields in ref struct declarations.

• Added sink models for the createQuery, createNativeQuery, and createSQLQuery methods of the org.hibernate.query.QueryProducer interface.

• Added sinks from the node-pty library to the js/code-injection query.

• Data flowing from the locals argument of a Rails render call is now tracked to uses of that data in an associated view.

• Access to headers stored in the env of Rack requests is now recognized as a source of remote input.

• Ruby 3.2: anonymous rest and keyword rest arguments can now be passed as arguments, instead of just used in method parameters.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4