- The "XML external entity expansion" (
cpp/external-entity-expansion) query precision has been increased tohigh. - The
cpp/unused-local-variableno longer ignores functions that includeifandswitchstatements with C++17-style initializers.
- The "XML external entity expansion" (
cpp/external-entity-expansion) query has been extended to support a broader selection of XML libraries and interfaces.
- An new query
cpp/external-entity-expansionhas been added. The query detects XML objects that are vulnerable to external entity expansion (XXE) attacks.
- The
cpp/cleartext-transmissionquery now recognizes additional sources, for sensitive private data such as e-mail addresses and credit card numbers. - The
cpp/unused-local-variableno longer ignores functions that include lambda expressions capturing trivially copyable objects. - The
cpp/command-line-injectionquery now takes into account calling contexts across string concatenations. This removes false positives due to mismatched calling contexts before and after string concatenations. - A new query, "Potential exposure of sensitive system data to an unauthorized control sphere" (
cpp/potential-system-data-exposure) has been added. This query is focused on exposure of information that is highly likely to be sensitive, whereas the similar query "Exposure of system data to an unauthorized control sphere" (cpp/system-data-exposure) is focused on exposure of information on a channel that is more likely to be intercepted by an attacker.
- The
cpp/overflow-destination,cpp/unclear-array-index-validation, andcpp/uncontrolled-allocation-sizequeries have been modernized and converted topath-problemqueries and provide more true positive results. - The
cpp/system-data-exposurequery has been increased frommediumtohighprecision, following a number of improvements to the query logic.
- The deprecated queries
cpp/duplicate-block,cpp/duplicate-function,cpp/duplicate-class,cpp/duplicate-file,cpp/mostly-duplicate-function,cpp/similar-file,cpp/duplicated-lines-in-fileshave been removed.
- The predicates and classes in the
CodeDuplicationlibrary have been deprecated.
- A new query titled "Use of expired stack-address" (
cpp/using-expired-stack-address) has been added. This query finds accesses to expired stack-allocated memory that escaped via a global variable. - A new
cpp/insufficient-key-sizequery has been added to the default query suite for C/C++. The query finds uses of certain cryptographic algorithms where the key size is too small to provide adequate encryption strength.
- The "Failure to use HTTPS URLs" (
cpp/non-https-url) has been improved reducing false positive results, and its precision has been increased to 'high'. - The
cpp/system-data-exposurequery has been modernized and has converted to apath-problemquery. There are now fewer false positive results.
- The
CodeDuplication.Copy,CodeDuplication.DuplicateBlock, andCodeDuplication.SimilarBlockclasses have been deprecated.
- Added a new query,
cpp/open-call-with-mode-argument, to detect whenopenoropenatis called with theO_CREATorO_TMPFILEflag but when themodeargument is omitted.
- The "Cleartext transmission of sensitive information" (
cpp/cleartext-transmission) query has been further improved to reduce false positive results, and upgraded frommediumtohighprecision. - The "Cleartext transmission of sensitive information" (
cpp/cleartext-transmission) query now finds more results, where a password is stored in a struct field or class member variable. - The
cpp/cleartext-storage-filequery has been improved, removing false positives where data is written to a standard output stream. - The
cpp/cleartext-storage-bufferquery has been updated to use thesemmle.code.cpp.dataflow.TaintTrackinglibrary. - The
cpp/world-writable-file-creationquery now only detectsopenandopenatcalls with theO_CREATorO_TMPFILEflag.
- The
securitytag has been added to thecpp/return-stack-allocated-memoryquery. As a result, its results will now appear by default. - The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high.
- A new
cpp/very-likely-overruning-writequery has been added to the default query suite for C/C++. The query reports some results that were formerly flagged bycpp/overruning-write.
- Fix an issue with the
cpp/declaration-hides-variablequery where it would report variables that are unnamed in a database. - The
cpp/cleartext-storage-filequery has been upgraded with non-local taint flow and has been converted to apath-problemquery. - The
cpp/return-stack-allocated-memoryquery has been improved to produce fewer false positives. The query has also been converted to apath-problemquery. - The "Cleartext transmission of sensitive information" (
cpp/cleartext-transmission) query has been improved in several ways to reduce false positive results. - The "Potential improper null termination" (
cpp/improper-null-termination) query now produces fewer false positive results around control flow branches and loops. - Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field. This change reduces the number of false positives in the query.
- A new query
cpp/certificate-not-checkedhas been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries. - A new query
cpp/certificate-result-conflationhas been added for C/C++. The query flags unsafe use of OpenSSL and similar libraries.
- A new query
cpp/non-https-urlhas been added for C/C++. The query flags uses ofhttpURLs that might be better replaced withhttps.