- Added a new query
java/android/insecure-local-authenticationfor finding uses of biometric authentication APIs that do not make use of aKeyStore-backed key and thus may be bypassed.
- The
security-severityscore of the queryjava/relative-path-commandhas been reduced to better adjust it to the specific conditions needed for exploitation.
- The sinks of the queries
java/path-injectionandjava/path-injection-localhave been reworked. Path creation sinks have been converted to summaries instead, while sinks now are actual file read/write operations only. This has reduced the false positive ratio of both queries.
- The sanitizer for the path injection queries has been improved to handle more cases where
equalsis used to check an exact path match. - The query
java/unvalidated-url-redirectionnow sanitizes results following the same logic as the queryjava/ssrf. URLs where the destination cannot be controlled externally are no longer reported.