codeql/python/change-notes/2021-07-13-path-problem-cus...

623 B

lgtm,codescanning

  • Changed the way to provide extra sources/sinks for @kind path-problem queries, to avoid a potential performance problem due to re-evaluation of data-flow configurations. Please use the new <query>Customization.qll files and extend their classes instead (such as extending the Sink class from python/ql/src/semmle/python/security/dataflow/SqlInjectionCustomizations.qll). This is relevant for the queries: py/sql-injection, py/code-injection, py/command-line-injection, py/reflective-xss, py/url-redirection, py/unsafe-deserialization, py/stack-trace-exposure, py/path-injection.