Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space SDmaster and version 1.22
Dont print

On this page:

Table of Contents


Analysis in all applications

The following changes in version 1.18 affect Python analysis in all applications.

## General improvements

[Thrift]( definition files can now be extracted.

## New queries

| **Query**                   | **Tags**  | **Purpose**                                                        |
| Hard-coded credentials (`py/hardcoded-credentials`) | security, external/cwe/cwe-798 | Finds hard-coded passwords or other credentials. Results are  shown on LGTM by default. |

## Changes to existing queries

| **Query**                  | **Expected impact**    | **Change**                                                       |
| Missing call to \_\_init\_\_ during object initialization (`py/missing-call-to-init`) | Fewer false positive results | Improvements to the points-to library have improved the analysis of the call-graph. |
| Syntax error (`py/syntax-error`) | Improved alert message | The alert message now reports which version of Python reported a syntax error. |

## Changes to QL libraries

* Improved identification of tests. Test frameworks that use the same naming conventions as the `unittest` module are now recognized.
* Library support for Thrift definition files has been added.
* Taint tracking now uses a different context from points-to, removing some limitations in tracking taint through libraries and deep call stacks.
* The number of layers in the points-to library has been reduced from three to two. There should be no observable change in accuracy, and users should see a 20-30% speedup in computing results for queries that use this library.
* More code is now treated as reachable by the points-to analysis. For queries that use this library, this may result in some additional results or fewer false positive results.
* Sanitizers now correctly block the flow of taint to ESSA variable definitions. This was not the case previously.
* It is now harder to accidentally omit source or sinks when implementing a taint-tracking query. The predicate `TaintSource.isSourceOf()` is now abstract and a message is shown when no sources or sinks are present.

Additional changes for analysis in QL tools and applications only

There are no additional changes that affect Python analysis only in QL for Eclipse, and the QL command-line tools.