Skip to content

Releases: pixee/codemodder-java

v0.98.0

24 Nov 20:05
@github-actions github-actions
v0.98.0
9e68b29
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.98.0 Latest
Latest 
Add tests and more stable behavior when seeing Maven failure (#476)
Assets 3
Loading

v0.97.9

23 Nov 18:55
@github-actions github-actions
v0.97.9
e261a7f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.9 
Don't throw exceptions if dependencies can't be pre-calculated (#475)

We observed this issue:

```
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - Problem scanning file /tmp/codemodder-project6927415874030968841/app/src/main/java/org/apache/roller/weblogger/util/PasswordUtility.java
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - io.codemodder.plugins.maven.MavenProvider$DependencyUpdateException: Failure when retrieving dependencies
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at io.codemodder.plugins.maven.MavenProvider.getAllDependencies(MavenProvider.java:146)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at io.codemodder.DefaultCodemodExecutor.lambda$execute$0(DefaultCodemodExecutor.java:187)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
INFO - 4abaf6cf-c5e6-4f48-b198-edc124aedf71 - at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
...
io.codemodder.DefaultCodemodExecutor.lambda$execute$1(DefaultCodemodExecutor.java:188)
edc124aedf71 - Caused by: org.dom4j.DocumentException: Error on line 781 of document  : The element type "sequential" must be terminated by the matching end-tag "</sequential>".
```

This error is preventing _analysis_ from occurring, not the updating of
Maven dependencies. We should still run our codemods, even if
dependencies can't be pre-calculated.
Assets 3
Loading

v0.97.8

22 Nov 01:33
@github-actions github-actions
v0.97.8
3b5d693
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.8 
Improve CodeQL handling of multiple rules (#474)

Also fixed incidental bug in header injection remediation when applied
to interfaces.
Assets 3
Loading

v0.97.7

21 Nov 17:01
@github-actions github-actions
v0.97.7
4e332a1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.7 
Normalize Maven codemod ID (#472)
Assets 3
Loading

v0.97.6

20 Nov 15:11
@github-actions github-actions
v0.97.6
dd84751
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.6 
Limit `ResponseEntity` call changes (#470)

We can only safely make this change when the first argument value is a
`String` -- this adds that change and tests it.
Assets 3
Loading

v0.97.5

20 Nov 06:51
@github-actions github-actions
v0.97.5
2c4bb17
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.5 
New remediation code shapes (#469)

Adding other form of ZipSlip remediation
Added XSS reported in `ResponseEntity`
Assets 3
Loading

v0.97.4

18 Nov 02:04
@github-actions github-actions
v0.97.4
0fd8818
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.4 
Single codemod execution performance improvements (#468)

* Only load codemod resources if needed (a codemod for the provider is
active)
* Cache AppScan location data
Assets 3
Loading

v0.97.3

11 Nov 04:18
@github-actions github-actions
v0.97.3
3ee3ad9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.3 
Filter `DocumentBuilder#parse()` calls more accurately (#465)

.. so it doesn't recognize `XMLReader#parse()` calls as well.
Assets 3
Loading

v0.97.2

11 Nov 00:50
@github-actions github-actions
v0.97.2
0ecf40e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.2 
Respect order when `--codemod-includes` are set (#464)
Assets 3
Loading

v0.97.1

08 Nov 18:44
@github-actions github-actions
v0.97.1
882f436
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.97.1 
Adds new transformation for SQL injection/parameterization codemods (…
Assets 3
Loading