Releases: pixee/codemodder-java
Releases · pixee/codemodder-java
v0.98.7
v0.98.6
Deprioritize log injection (#487) This way, it runs "after" other codemods, and higher priority fixes will be merged first, in a conflict.
v0.98.5
Add several Sonar hotspot mappings (#486)
v0.98.4
Fix more shapes of `log-injection` (#485) This change fixes more shapes of log injection vulnerabilities, and bumps the toolkit version to guarantee safety when passing non-`String` types to `stripAll`.
v0.98.3
New rules, first implemented in CodeQL (#483) This change introduces new remediation logic for weak crypto algorithms, and log injection, two unexciting vulnerability classes for different reasons, but for completeness, should be present.
v0.98.2
Changed default XML parser to Woodstox (#482) Changes the default StAX parser to Woodstox. This will allow us to be more in control of the parser's behavior. Also it's a bit faster than Java's default one.
v0.98.1
Add ability to remediate other XSS code shapes (#481) Took logic specific to Semgrep and generalized.
v0.98.0
Add tests and more stable behavior when seeing Maven failure (#476)
v0.97.9
Don't throw exceptions if dependencies can't be pre-calculated (#475) We observed this issue: ``` INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - Problem scanning file /tmp/codemodder-project6927415874030968841/app/src/main/java/org/apache/roller/weblogger/util/PasswordUtility.java INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - io.codemodder.plugins.maven.MavenProvider$DependencyUpdateException: Failure when retrieving dependencies INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at io.codemodder.plugins.maven.MavenProvider.getAllDependencies(MavenProvider.java:146) INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at io.codemodder.DefaultCodemodExecutor.lambda$execute$0(DefaultCodemodExecutor.java:187) INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273) INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625) INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) ... io.codemodder.DefaultCodemodExecutor.lambda$execute$1(DefaultCodemodExecutor.java:188) edc124aedf71 - Caused by: org.dom4j.DocumentException: Error on line 781 of document : The element type "sequential" must be terminated by the matching end-tag "</sequential>". ``` This error is preventing _analysis_ from occurring, not the updating of Maven dependencies. We should still run our codemods, even if dependencies can't be pre-calculated.
v0.97.8
Improve CodeQL handling of multiple rules (#474) Also fixed incidental bug in header injection remediation when applied to interfaces.