0.7.2

Fixed a typo in the StdlibRandomSource class in RandomDataSource.qll, which caused the class to improperly model calls to the nextBytes method. Queries relying on StdlibRandomSource may see an increase in results.
Improved the precision of virtual dispatch of java.io.InputStream methods. Now, calls to these methods will not dispatch to arbitrary implementations of InputStream if there is a high-confidence alternative (like a models-as-data summary).
Added more dataflow steps for java.io.InputStreams that wrap other java.io.InputStreams.
Added models for the Struts 2 framework.
Improved the modeling of Struts 2 sources of untrusted data by tainting the whole object graph of the objects unmarshaled from an HTTP request.

Provide feedback