Analysis in all applications
The following changes in version 1.18 affect Python analysis in all applications.
Thrift definition files can now be extracted.
| Hard-coded credentials (
||security, external/cwe/cwe-798||Finds hard-coded passwords or other credentials. Results are shown on LGTM by default.|
Changes to existing queries
| Missing call to __init__ during object initialization (
||Fewer false positive results||Improvements to the points-to library have improved the analysis of the call-graph.|
| Syntax error (
||Improved alert message||The alert message now reports which version of Python reported a syntax error.|
Changes to QL libraries
- Improved identification of tests. Test frameworks that use the same naming conventions as the
unittestmodule are now recognized.
- Library support for Thrift definition files has been added.
- Taint tracking now uses a different context from points-to, removing some limitations in tracking taint through libraries and deep call stacks.
- The number of layers in the points-to library has been reduced from three to two. There should be no observable change in accuracy, and users should see a 20-30% speedup in computing results for queries that use this library.
- More code is now treated as reachable by the points-to analysis. For queries that use this library, this may result in some additional results or fewer false positive results.
- Sanitizers now correctly block the flow of taint to ESSA variable definitions. This was not the case previously.
- It is now harder to accidentally omit source or sinks when implementing a taint-tracking query. The predicate
TaintSource.isSourceOf()is now abstract and a message is shown when no sources or sinks are present.
Additional changes for analysis in QL tools and applications only
There are no additional changes that affect Python analysis only in QL for Eclipse, and the QL command-line tools.