- The "XML external entity expansion" (
cpp/external-entity-expansion
) query precision has been increased tohigh
. - The
cpp/unused-local-variable
no longer ignores functions that includeif
andswitch
statements with C++17-style initializers.
- The "XML external entity expansion" (
cpp/external-entity-expansion
) query has been extended to support a broader selection of XML libraries and interfaces.
- An new query
cpp/external-entity-expansion
has been added. The query detects XML objects that are vulnerable to external entity expansion (XXE) attacks.
- The
cpp/cleartext-transmission
query now recognizes additional sources, for sensitive private data such as e-mail addresses and credit card numbers. - The
cpp/unused-local-variable
no longer ignores functions that include lambda expressions capturing trivially copyable objects. - The
cpp/command-line-injection
query now takes into account calling contexts across string concatenations. This removes false positives due to mismatched calling contexts before and after string concatenations. - A new query, "Potential exposure of sensitive system data to an unauthorized control sphere" (
cpp/potential-system-data-exposure
) has been added. This query is focused on exposure of information that is highly likely to be sensitive, whereas the similar query "Exposure of system data to an unauthorized control sphere" (cpp/system-data-exposure
) is focused on exposure of information on a channel that is more likely to be intercepted by an attacker.
- The
cpp/overflow-destination
,cpp/unclear-array-index-validation
, andcpp/uncontrolled-allocation-size
queries have been modernized and converted topath-problem
queries and provide more true positive results. - The
cpp/system-data-exposure
query has been increased frommedium
tohigh
precision, following a number of improvements to the query logic.
- The deprecated queries
cpp/duplicate-block
,cpp/duplicate-function
,cpp/duplicate-class
,cpp/duplicate-file
,cpp/mostly-duplicate-function
,cpp/similar-file
,cpp/duplicated-lines-in-files
have been removed.
- The predicates and classes in the
CodeDuplication
library have been deprecated.
- A new query titled "Use of expired stack-address" (
cpp/using-expired-stack-address
) has been added. This query finds accesses to expired stack-allocated memory that escaped via a global variable. - A new
cpp/insufficient-key-size
query has been added to the default query suite for C/C++. The query finds uses of certain cryptographic algorithms where the key size is too small to provide adequate encryption strength.
- The "Failure to use HTTPS URLs" (
cpp/non-https-url
) has been improved reducing false positive results, and its precision has been increased to 'high'. - The
cpp/system-data-exposure
query has been modernized and has converted to apath-problem
query. There are now fewer false positive results.
- The
CodeDuplication.Copy
,CodeDuplication.DuplicateBlock
, andCodeDuplication.SimilarBlock
classes have been deprecated.
- Added a new query,
cpp/open-call-with-mode-argument
, to detect whenopen
oropenat
is called with theO_CREAT
orO_TMPFILE
flag but when themode
argument is omitted.
- The "Cleartext transmission of sensitive information" (
cpp/cleartext-transmission
) query has been further improved to reduce false positive results, and upgraded frommedium
tohigh
precision. - The "Cleartext transmission of sensitive information" (
cpp/cleartext-transmission
) query now finds more results, where a password is stored in a struct field or class member variable. - The
cpp/cleartext-storage-file
query has been improved, removing false positives where data is written to a standard output stream. - The
cpp/cleartext-storage-buffer
query has been updated to use thesemmle.code.cpp.dataflow.TaintTracking
library. - The
cpp/world-writable-file-creation
query now only detectsopen
andopenat
calls with theO_CREAT
orO_TMPFILE
flag.
- The
security
tag has been added to thecpp/return-stack-allocated-memory
query. As a result, its results will now appear by default. - The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high.
- A new
cpp/very-likely-overruning-write
query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged bycpp/overruning-write
.
- Fix an issue with the
cpp/declaration-hides-variable
query where it would report variables that are unnamed in a database. - The
cpp/cleartext-storage-file
query has been upgraded with non-local taint flow and has been converted to apath-problem
query. - The
cpp/return-stack-allocated-memory
query has been improved to produce fewer false positives. The query has also been converted to apath-problem
query. - The "Cleartext transmission of sensitive information" (
cpp/cleartext-transmission
) query has been improved in several ways to reduce false positive results. - The "Potential improper null termination" (
cpp/improper-null-termination
) query now produces fewer false positive results around control flow branches and loops. - Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field. This change reduces the number of false positives in the query.
- A new query
cpp/certificate-not-checked
has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries. - A new query
cpp/certificate-result-conflation
has been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries.
- A new query
cpp/non-https-url
has been added for C/C++. The query flags uses ofhttp
URLs that might be better replaced withhttps
.