You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The query java/unsafe-url-forward-dispatch-load has been promoted from experimental to the main query pack as java/unvalidated-url-forward. Its results will now appear by default. This query was originally submitted as an experimental query by @haby0 and by @luchua-bc.
Major Analysis Improvements
The java/missing-case-in-switch query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.
Minor Analysis Improvements
Variables named tokenImage are no longer sources for the java/sensitive-log query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.
Added sanitizers for relative URLs, List.contains(), and checking the host of a URI to the java/ssrf and java/unvalidated-url-redirection queries.