- The
BarrierGuard
class has been deprecated. Such barriers and sanitizers can now instead be created using the newBarrierGuard
parameterized module.
UserType.getADeclarationEntry()
now yields all forward declarations when the user type is aclass
,struct
, orunion
.
- An
isBraced
predicate was added to theInitializer
class which holds when a C++ braced initializer was used in the initialization.
- The
AnalysedString
class in theStringAnalysis
module has been replaced withAnalyzedString
, to follow our style guide. The old name still exists as a deprecated alias.
- A
getInitialization
predicate was added to theConstexprIfStmt
,IfStmt
, andSwitchStmt
classes that yields the C++17-style initializer of theif
orswitch
statement when it exists.
- The signature of
allowImplicitRead
onDataFlow::Configuration
andTaintTracking::Configuration
has changed fromallowImplicitRead(DataFlow::Node node, DataFlow::Content c)
toallowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)
.
- More Windows pool allocation functions are now detected as
AllocationFunction
s. - The
semmle.code.cpp.commons.Buffer
library has been enhanced to handle array members of classes that do not specify a size.
- The recently added flow-state versions of
isBarrierIn
,isBarrierOut
,isSanitizerIn
, andisSanitizerOut
in the data flow and taint tracking libraries have been removed.
- A new library
semmle.code.cpp.security.PrivateData
has been added. The new library heuristically detects variables and functions dealing with sensitive private data, such as e-mail addresses and credit card numbers.
- The
semmle.code.cpp.security.SensitiveExprs
library has been enhanced with some additional rules for detecting credentials.
- The flow state variants of
isBarrier
andisAdditionalFlowStep
are no longer exposed in the taint tracking library. TheisSanitizer
andisAdditionalTaintStep
predicates should be used instead.
- Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. The old name still exists as a deprecated alias.
- The data flow and taint tracking libraries have been extended with versions of
isBarrierIn
,isBarrierOut
, andisBarrierGuard
, respectivelyisSanitizerIn
,isSanitizerOut
, andisSanitizerGuard
, that support flow states.
DefaultOptions::exits
now holds for C11 functions with the_Noreturn
ornoreturn
specifier.hasImplicitCopyConstructor
andhasImplicitCopyAssignmentOperator
now correctly handle implicitly-deleted operators in templates.- All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
- Many queries now support structured bindings, as structured bindings are now handled in the IR translation.
- Added a
isStructuredBinding
predicate to theVariable
class which holds when the variable is declared as part of a structured binding declaration.
- The
codeql/cpp-upgrades
CodeQL pack has been removed. All upgrades scripts have been merged into thecodeql/cpp-all
CodeQL pack.
FormatLiteral::getMaxConvertedLength
now uses range analysis to provide a more accurate length for integers formatted with%x
- The QL library
semmle.code.cpp.commons.Exclusions
now contains a predicateisFromSystemMacroDefinition
for identifying code that originates from a macro outside the project being analyzed.