|
2 | 2 |
|
3 | 3 | ## General improvements |
4 | 4 |
|
5 | | -* Where applicable, path explanations have been added to the security queries. |
| 5 | +Path explanations have been added to the relevant security queries. |
| 6 | +Use [QL for Eclipse](https://help.semmle.com/ql-for-eclipse/Content/WebHelp/getting-started.html) |
| 7 | +to run queries and explore the data flow in results. |
6 | 8 |
|
7 | 9 | ## New queries |
8 | 10 |
|
9 | 11 | | **Query** | **Tags** | **Purpose** | |
10 | 12 | |-----------------------------|-----------|--------------------------------------------------------------------| |
11 | | -| Arbitrary file write during archive extraction ("Zip Slip") (`java/zipslip`) | security, external/cwe/cwe-022 | Identifies extraction routines that allow arbitrary file overwrite vulnerabilities. | |
12 | | -| Missing catch of NumberFormatException (`java/uncaught-number-format-exception`) | reliability, external/cwe/cwe-248 | Finds calls to `Integer.parseInt` and similar string-to-number conversions that might raise a `NumberFormatException` without a corresponding `catch`-clause. | |
| 13 | +| Arbitrary file write during archive extraction ("Zip Slip") (`java/zipslip`) | security, external/cwe/cwe-022 | Identifies extraction routines that allow arbitrary file overwrite vulnerabilities. Results are shown on LGTM by default. | |
| 14 | +| Missing catch of NumberFormatException (`java/uncaught-number-format-exception`) | reliability, external/cwe/cwe-248 | Finds calls to `Integer.parseInt` and similar string-to-number conversions that might raise a `NumberFormatException` without a corresponding `catch`-clause. Results are hidden on LGTM by default. | |
13 | 15 |
|
14 | 16 | ## Changes to existing queries |
15 | 17 |
|
16 | 18 | | **Query** | **Expected impact** | **Change** | |
17 | 19 | |----------------------------|------------------------|------------------------------------------------------------------| |
18 | | -| Array index out of bounds (`java/index-out-of-bounds`) | Fewer false positive results | False positives involving arrays with a length evenly divisible by 3 or some greater number and an index being increased with a similar stride length are no longer reported. | |
19 | | -| Confusing overloading of methods (`java/confusing-method-signature`) | Fewer false positive results | A bugfix in the inheritance relation ensures that spurious results on certain generic classes no longer occur. | |
20 | | -| Query built from user-controlled sources (`java/sql-injection`) | More results | Sql injection sinks from the Spring JDBC, MyBatis, and Hibernate frameworks are now reported. | |
21 | | -| Query built without neutralizing special characters (`java/concatenated-sql-query`) | More results | Sql injection sinks from the Spring JDBC, MyBatis, and Hibernate frameworks are now reported. | |
22 | | -| Unreachable catch clause (`java/unreachable-catch-clause`) | Fewer false positive results | This rule now accounts for calls to generic methods that throw generic exceptions. | |
| 20 | +| Array index out of bounds (`java/index-out-of-bounds`) | Fewer false positive results | Results for arrays with a length evenly divisible by 3, or some greater number, and an index being increased with a similar stride length are no longer reported. | |
| 21 | +| Confusing overloading of methods (`java/confusing-method-signature`) | Fewer false positive results | A correction to the inheritance relation ensures that spurious results on certain generic classes no longer occur. | |
| 22 | +| Query built from user-controlled sources (`java/sql-injection`) | More results | SQL injection sinks from the Spring JDBC, MyBatis, and Hibernate frameworks are now reported. | |
| 23 | +| Query built without neutralizing special characters (`java/concatenated-sql-query`) | More results | SQL injection sinks from the Spring JDBC, MyBatis, and Hibernate frameworks are now reported. | |
| 24 | +| Unreachable catch clause (`java/unreachable-catch-clause`) | Fewer false positive results | Now accounts for calls to generic methods that throw generic exceptions. | |
23 | 25 | | Useless comparison test (`java/constant-comparison`) | Fewer false positive results | Constant comparisons guarding `java.util.ConcurrentModificationException` are no longer reported, as they are intended to always be false in the absence of API misuse. | |
24 | 26 |
|
25 | 27 | ## Changes to QL libraries |
26 | 28 |
|
27 | 29 | * The default set of taint sources in the `FlowSources` library is extended to |
28 | 30 | cover parameters annotated with Spring framework annotations indicating |
29 | 31 | remote user input from servlets. This affects all security queries, which |
30 | | - will yield additional results on projects using the Spring Web framework. |
| 32 | + will yield additional results on projects that use the Spring Web framework. |
31 | 33 | * The `ParityAnalysis` library is replaced with the more general `ModulusAnalysis` library, which improves the range analysis. |
32 | 34 |
|
0 commit comments