Joe Farebrother
Joe Farebrother
Note that this would be useful to handle the newly-revealed sticker mechanic; as well as make some existing things easier such as counters in exile
There's a performance issue on jdk. The unusual dataflow logic and workarounds probably deserve a look at by somebody like @aschackmull too.
Seems to be some memory pressure (lots of instances of "pausing/unpausing evaluation") within some of the dataflow stages. Currently trying removing various aspects of the query to see if any...
Looks like the main culprit is in adding all field reads as flow steps; restricting it to just field reads containing a MessageDigest improves the performance.
Now it no longer times out and takes multiple hours, but DCA still indicates a 20% slowdown on JDK (and takes ~320 seconds locally)
Hi @vlkl-sap, thank you for your feedback and apologies for the delayed response. We have decided to keep the current query in place, as it covers a known CWE and...
@geoffw0 What are the next steps for this? Should I just be waiting for an approval from each language team?
@erik-krogh There are new results for `rb/sensitive-get-query`, `py/clear-text-storage-sensitive-data`, and `py/clear-text-logging-sensitive-data`. and `py/weak-sensitive-data-hashing`. New results in ruby sensitive get looks like a few TPs from new heuristics. (The MRVA run that...
Thanks for the report. Unfortunately, it looks like this code is using a custom attribute-based system for authorization, which it is hard to see how the query could recognise using...
Possibly would make sense to use dominance, just wasn't sure exactly how it worked. Would it work for detecting that an exception edge can cause the close to not be...