Contents
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.
Security Coverage¶CodeQL 2.9.1 runs a total of 327 security queries when configured with the Default suite (covering 140 CWE). The Extended suite enables an additional 103 queries (covering 29 more CWE). 3 security queries have been added with this release.
CodeQL CLI¶There are no user-facing CLI changes in this release.
Query Packs¶ Minor Analysis Improvements¶ Java/Kotlin¶Query java/insecure-cookie no longer produces a false positive if cookie.setSecure(...) is called passing a constant that always equals true.
The call graph now deals more precisely with calls to accessors (getters and setters). Previously, calls to static accessors were not resolved, and some method calls were incorrectly seen as calls to an accessor. Both issues have been fixed.
An new query cpp/external-entity-expansion has been added. The query detects XML objects that are vulnerable to external entity expansion (XXE) attacks.
Added a new query, rb/insecure-download. The query finds cases where executables and other sensitive files are downloaded over an insecure connection, which may allow for man-in-the-middle attacks.
Added a new query, rb/regex/missing-regexp-anchor, which finds regular expressions which are improperly anchored. Validations using such expressions are at risk of being bypassed.
Added a new query, rb/incomplete-sanitization. The query finds string transformations that do not replace or escape all occurrences of a meta-character.
The QL class JumpStmt has been made the superclass of BreakStmt, ContinueStmt and YieldStmt. This allows directly using its inherited predicates without having to explicitly cast to JumpStmt first.
The signature of allowImplicitRead on DataFlow::Configuration and TaintTracking::Configuration has changed from allowImplicitRead(DataFlow::Node node, DataFlow::Content c) to allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c).
The signature of allowImplicitRead on DataFlow::Configuration and TaintTracking::Configuration has changed from allowImplicitRead(DataFlow::Node node, DataFlow::Content c) to allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c).
The signature of allowImplicitRead on DataFlow::Configuration and TaintTracking::Configuration has changed from allowImplicitRead(DataFlow::Node node, DataFlow::Content c) to allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c).
The signature of allowImplicitRead on DataFlow::Configuration and TaintTracking::Configuration has changed from allowImplicitRead(DataFlow::Node node, DataFlow::Content c) to allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c).
The signature of allowImplicitRead on DataFlow::Configuration and TaintTracking::Configuration has changed from allowImplicitRead(DataFlow::Node node, DataFlow::Content c) to allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c).
More Windows pool allocation functions are now detected as AllocationFunctions.
The semmle.code.cpp.commons.Buffer library has been enhanced to handle array members of classes that do not specify a size.
Improved the data flow support for the Android class SharedPreferences$Editor. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
Added flow sources and steps for JMS versions 1 and 2.
Added flow sources and steps for RabbitMQ.
Added flow steps for java.io.DataInput and java.io.ObjectInput implementations.
Added data-flow models for the Spring Framework component spring-beans.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4