You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: python/ql/lib/CHANGELOG.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -70,7 +70,7 @@ No user-facing changes.
70
70
71
71
### Minor Analysis Improvements
72
72
73
-
* Added new full SSRF sanitization barrier from the new AntiSSRF library.
73
+
* Added new full SSRF sanitization barrier from the new AntiSSRF library.
74
74
* When a guard such as `isSafe(x)` is defined, we now also automatically handle `isSafe(x) == true` and `isSafe(x) != false`.
75
75
76
76
## 6.1.1
@@ -169,7 +169,7 @@ No user-facing changes.
169
169
### Minor Analysis Improvements
170
170
171
171
- The modelling of Psycopg2 now supports the use of `psycopg2.pool` connection pools for handling database connections.
172
-
* Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks.
172
+
* Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks.
173
173
174
174
## 4.0.13
175
175
@@ -262,7 +262,7 @@ No user-facing changes.
262
262
### Minor Analysis Improvements
263
263
264
264
* The sensitive data library has been improved so that `snake_case` style variable names are recognized more reliably. This may result in more sensitive data being identified, and more results from queries that use the sensitive data library.
265
-
- Additional taint steps through methods of `lxml.etree.Element` and `lxml.etree.ElementTree` objects from the `lxml` PyPI package have been modeled.
265
+
- Additional taint steps through methods of `lxml.etree.Element` and `lxml.etree.ElementTree` objects from the `lxml` PyPI package have been modeled.
266
266
267
267
## 3.1.0
268
268
@@ -316,7 +316,7 @@ No user-facing changes.
316
316
317
317
### Minor Analysis Improvements
318
318
319
-
* The common sanitizer guard `StringConstCompareBarrier` has been renamed to `ConstCompareBarrier` and expanded to cover comparisons with other constant values such as `None`. This may result in fewer false positive results for several queries.
319
+
* The common sanitizer guard `StringConstCompareBarrier` has been renamed to `ConstCompareBarrier` and expanded to cover comparisons with other constant values such as `None`. This may result in fewer false positive results for several queries.
320
320
321
321
## 2.0.0
322
322
@@ -545,7 +545,7 @@ No user-facing changes.
545
545
546
546
### New Features
547
547
548
-
* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`.
548
+
* The `DataFlow::StateConfigSig` signature module has gained default implementations for `isBarrier/2` and `isAdditionalFlowStep/4`.
549
549
Hence it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
550
550
551
551
### Minor Analysis Improvements
@@ -572,7 +572,7 @@ No user-facing changes.
572
572
* Deleted many deprecated predicates and classes with uppercase `API`, `HTTP`, `XSS`, `SQL`, etc. in their names. Use the PascalCased versions instead.
573
573
* Deleted the deprecated `getName()` predicate from the `Container` class, use `getAbsolutePath()` instead.
574
574
* Deleted many deprecated module names that started with a lowercase letter, use the versions that start with an uppercase letter instead.
575
-
* Deleted many deprecated predicates in `PointsTo.qll`.
575
+
* Deleted many deprecated predicates in `PointsTo.qll`.
576
576
* Deleted many deprecated files from the `semmle.python.security` package.
577
577
* Deleted the deprecated `BottleRoutePointToExtension` class from `Extensions.qll`.
578
578
* Type tracking is now aware of flow summaries. This leads to a richer API graph, and may lead to more results in some queries.
@@ -729,7 +729,7 @@ No user-facing changes.
729
729
### Deprecated APIs
730
730
731
731
* Some unused predicates in `SsaDefinitions.qll`, `TObject.qll`, `protocols.qll`, and the `pointsto/` folder have been deprecated.
732
-
* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
732
+
* Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
733
733
The old name still exists as a deprecated alias.
734
734
735
735
### Minor Analysis Improvements
@@ -748,9 +748,9 @@ No user-facing changes.
748
748
749
749
### Deprecated APIs
750
750
751
-
* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
751
+
* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
752
752
The old name still exists as a deprecated alias.
753
-
* The utility files previously in the `semmle.python.security.performance` package have been moved to the `semmle.python.security.regexp` package.
753
+
* The utility files previously in the `semmle.python.security.performance` package have been moved to the `semmle.python.security.regexp` package.
754
754
The previous files still exist as deprecated aliases.
755
755
756
756
### Minor Analysis Improvements
@@ -843,9 +843,9 @@ No user-facing changes.
843
843
844
844
### Deprecated APIs
845
845
846
-
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
846
+
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
847
847
The old name still exists as a deprecated alias.
848
-
* Some modules that started with a lowercase letter have been renamed to follow our style-guide.
848
+
* Some modules that started with a lowercase letter have been renamed to follow our style-guide.
Copy file name to clipboardExpand all lines: python/ql/test/query-tests/Security/CWE-089-SqlInjection/SqlInjection.expected
-6Lines changed: 0 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,6 @@
1
1
#select
2
2
| app.py:23:20:23:24 | ControlFlowNode for query | app.py:20:18:20:21 | ControlFlowNode for name | app.py:23:20:23:24 | ControlFlowNode for query | This SQL query depends on a $@. | app.py:20:18:20:21 | ControlFlowNode for name | user-provided value |
3
3
| app.py:30:20:30:24 | ControlFlowNode for query | app.py:27:19:27:22 | ControlFlowNode for name | app.py:30:20:30:24 | ControlFlowNode for query | This SQL query depends on a $@. | app.py:27:19:27:22 | ControlFlowNode for name | user-provided value |
4
-
| app.py:37:20:37:24 | ControlFlowNode for query | app.py:34:19:34:22 | ControlFlowNode for name | app.py:37:20:37:24 | ControlFlowNode for query | This SQL query depends on a $@. | app.py:34:19:34:22 | ControlFlowNode for name | user-provided value |
5
4
| app.py:44:20:44:24 | ControlFlowNode for query | app.py:41:19:41:22 | ControlFlowNode for name | app.py:44:20:44:24 | ControlFlowNode for query | This SQL query depends on a $@. | app.py:41:19:41:22 | ControlFlowNode for name | user-provided value |
6
5
| app.py:51:20:51:24 | ControlFlowNode for query | app.py:48:19:48:22 | ControlFlowNode for name | app.py:51:20:51:24 | ControlFlowNode for query | This SQL query depends on a $@. | app.py:48:19:48:22 | ControlFlowNode for name | user-provided value |
7
6
| sql_injection.py:21:24:21:77 | ControlFlowNode for BinaryExpr | sql_injection.py:14:15:14:22 | ControlFlowNode for username | sql_injection.py:21:24:21:77 | ControlFlowNode for BinaryExpr | This SQL query depends on a $@. | sql_injection.py:14:15:14:22 | ControlFlowNode for username | user-provided value |
@@ -25,8 +24,6 @@ edges
25
24
| app.py:21:5:21:9 | ControlFlowNode for query | app.py:23:20:23:24 | ControlFlowNode for query | provenance | |
26
25
| app.py:27:19:27:22 | ControlFlowNode for name | app.py:28:5:28:9 | ControlFlowNode for query | provenance | |
27
26
| app.py:28:5:28:9 | ControlFlowNode for query | app.py:30:20:30:24 | ControlFlowNode for query | provenance | |
28
-
| app.py:34:19:34:22 | ControlFlowNode for name | app.py:35:5:35:9 | ControlFlowNode for query | provenance | |
29
-
| app.py:35:5:35:9 | ControlFlowNode for query | app.py:37:20:37:24 | ControlFlowNode for query | provenance | |
30
27
| app.py:41:19:41:22 | ControlFlowNode for name | app.py:42:5:42:9 | ControlFlowNode for query | provenance | |
31
28
| app.py:42:5:42:9 | ControlFlowNode for query | app.py:44:20:44:24 | ControlFlowNode for query | provenance | |
32
29
| app.py:48:19:48:22 | ControlFlowNode for name | app.py:49:5:49:9 | ControlFlowNode for query | provenance | |
@@ -54,9 +51,6 @@ nodes
54
51
| app.py:27:19:27:22 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
55
52
| app.py:28:5:28:9 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
56
53
| app.py:30:20:30:24 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
57
-
| app.py:34:19:34:22 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
58
-
| app.py:35:5:35:9 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
59
-
| app.py:37:20:37:24 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
60
54
| app.py:41:19:41:22 | ControlFlowNode for name | semmle.label | ControlFlowNode for name |
61
55
| app.py:42:5:42:9 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
62
56
| app.py:44:20:44:24 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
0 commit comments