- Added support for merging two
PathGraph
s via disjoint union to allow results from multiple data flow computations in a singlepath-problem
query.
- Removed low-confidence call edges to known neutral call targets from the call graph used in data flow analysis. This includes, for example, custom
List.contains
implementations when the best inferrable type at the call site is simplyList
. - Added more sink and summary dataflow models for the following packages:
java.io
java.lang
java.sql
javafx.scene.web
org.apache.commons.compress.archivers.tar
org.apache.http.client.utils
org.codehaus.cargo.container.installer
- The main data flow and taint tracking APIs have been changed. The old APIs remain in place for now and translate to the new through a backwards-compatible wrapper. If multiple configurations are in scope simultaneously, then this may affect results slightly. The new API is quite similar to the old, but makes use of a configuration module instead of a configuration class.
- Deleted the deprecated
getPath
andgetFolder
predicates from theXmlFile
class. - Deleted the deprecated
getRepresentedString
predicate from theStringLiteral
class. - Deleted the deprecated
ServletWriterSource
class. - Deleted the deprecated
getGroupID
,getArtefactID
, andartefactMatches
predicates from theMavenRepoJar
class.