Skip to content

Releases: pixee/codemodder-java

v0.98.6

19 Dec 16:48
@github-actions github-actions
v0.98.6
bb3eced
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.98.6 Latest
Latest 
Deprioritize log injection (#487)

This way, it runs "after" other codemods, and higher priority fixes will
be merged first, in a conflict.
Assets 3
Loading

v0.98.5

18 Dec 20:14
@github-actions github-actions
v0.98.5
b841ee3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.98.5 
Add several Sonar hotspot mappings (#486)
Assets 3
Loading

v0.98.4

12 Dec 20:29
@github-actions github-actions
v0.98.4
394739f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.98.4 
Fix more shapes of `log-injection` (#485)

This change fixes more shapes of log injection vulnerabilities, and
bumps the toolkit version to guarantee safety when passing non-`String`
types to `stripAll`.
Assets 3
Loading

v0.98.3

09 Dec 14:09
@github-actions github-actions
v0.98.3
56aba73
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.98.3 
New rules, first implemented in CodeQL (#483)

This change introduces new remediation logic for weak crypto algorithms,
and log injection, two unexciting vulnerability classes for different
reasons, but for completeness, should be present.
Assets 3
Loading

v0.98.2

06 Dec 14:48
@github-actions github-actions
v0.98.2
f69332a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.98.2 
Changed default XML parser to Woodstox (#482)

Changes the default StAX parser to Woodstox. This will allow us to be
more in control of the parser's behavior. Also it's a bit faster than
Java's default one.
Assets 3
Loading

v0.98.1

06 Dec 02:27
@github-actions github-actions
v0.98.1
4eecd14
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.98.1 
Add ability to remediate other XSS code shapes (#481)

Took logic specific to Semgrep and generalized.
Assets 3
Loading

v0.98.0

24 Nov 20:05
@github-actions github-actions
v0.98.0
9e68b29
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.98.0 
Add tests and more stable behavior when seeing Maven failure (#476)
Assets 3
Loading

v0.97.9

23 Nov 18:55
@github-actions github-actions
v0.97.9
e261a7f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.9 
Don't throw exceptions if dependencies can't be pre-calculated (#475)

We observed this issue:

```
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - Problem scanning file /tmp/codemodder-project6927415874030968841/app/src/main/java/org/apache/roller/weblogger/util/PasswordUtility.java
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - io.codemodder.plugins.maven.MavenProvider$DependencyUpdateException: Failure when retrieving dependencies
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at io.codemodder.plugins.maven.MavenProvider.getAllDependencies(MavenProvider.java:146)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at io.codemodder.DefaultCodemodExecutor.lambda$execute$0(DefaultCodemodExecutor.java:187)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
...
io.codemodder.DefaultCodemodExecutor.lambda$execute$1(DefaultCodemodExecutor.java:188)
edc124aedf71 - Caused by: org.dom4j.DocumentException: Error on line 781 of document  : The element type "sequential" must be terminated by the matching end-tag "</sequential>".
```

This error is preventing _analysis_ from occurring, not the updating of
Maven dependencies. We should still run our codemods, even if
dependencies can't be pre-calculated.
Assets 3
Loading

v0.97.8

22 Nov 01:33
@github-actions github-actions
v0.97.8
3b5d693
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.8 
Improve CodeQL handling of multiple rules (#474)

Also fixed incidental bug in header injection remediation when applied
to interfaces.
Assets 3
Loading

v0.97.7

21 Nov 17:01
@github-actions github-actions
v0.97.7
4e332a1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.7 
Normalize Maven codemod ID (#472)
Assets 3
Loading