Skip to content

Collated python change notes#527

Merged
taus-semmle merged 3 commits into
github:nextfrom
markshannon:python-security-change-note
Nov 23, 2018
Merged

Collated python change notes#527
taus-semmle merged 3 commits into
github:nextfrom
markshannon:python-security-change-note

Conversation

@markshannon

@markshannon markshannon commented Nov 22, 2018

Copy link
Copy Markdown
Contributor

Includes change notes for:

  1. Increasing precision for some security queries. Python: Set precision of security queries to 'high' #500
  2. Making taint-tracking queries into path queries. Python path queries #516
  3. Previously internal change notes for 1.19 release.

@taus-semmle taus-semmle left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we are missing changes that are currently listed in the internal copy of the change note. I don't see any reason why we wouldn't want to migrate these change notes as well.

Comment thread change-notes/1.19/analysis-python.md Outdated
|----------------------------|------------------------|------------------------------------------------------------------|
| Code injection (`py/code-injection`) | Supports path visualization and is now visible on LGTM by default | No change to expected results |
| Deserializing untrusted input (`py/unsafe-deserialization`) | Supports path visualization | No change to expected results |
| Information exposure through an exception (`py/stack-trace-exposure`) | Now visible on LGTM by default | No change to expected results |

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a new query for 1.19. Did you base this file on lgtm-python.md?

@taus-semmle taus-semmle merged commit ceb316d into github:next Nov 23, 2018
cklin pushed a commit that referenced this pull request May 23, 2022
…racking

Improve net/http taint-tracking fidelity
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants