Merge pull request #4156 from RasmusWL/python-fix-changenote-fstring-taint

tausbn · web-flow · commit afe234dade0d · 2020-08-28T10:23:06.000+02:00
Python: fstring taint change note should be for 1.26
diff --git a/change-notes/1.25/analysis-python.md b/change-notes/1.25/analysis-python.md
@@ -20,4 +20,3 @@ The following changes in version 1.25 affect Python analysis in all applications
 ## Changes to libraries
 
 * Importing `semmle.python.web.HttpRequest` will no longer import `UntrustedStringKind` transitively. `UntrustedStringKind` is the most commonly used non-abstract subclass of `ExternalStringKind`. If not imported (by one mean or another), taint-tracking queries that concern `ExternalStringKind` will not produce any results. Please ensure such queries contain an explicit import (`import semmle.python.security.strings.Untrusted`).
-* Added support for tainted f-strings.
diff --git a/change-notes/1.26/analysis-python.md b/change-notes/1.26/analysis-python.md
@@ -0,0 +1,22 @@
+# Improvements to Python analysis
+
+The following changes in version 1.26 affect Python analysis in all applications.
+
+## General improvements
+
+
+## New queries
+
+| **Query**                   | **Tags**  | **Purpose**                                                        |
+|-----------------------------|-----------|--------------------------------------------------------------------|
+
+
+## Changes to existing queries
+
+| **Query**                  | **Expected impact**    | **Change**                                                       |
+|----------------------------|------------------------|------------------------------------------------------------------|
+
+
+## Changes to libraries
+
+* Added taint tracking support for string formatting through f-strings.

Original file line number	Diff line number	Diff line change
`@@ -20,4 +20,3 @@ The following changes in version 1.25 affect Python analysis in all applications`
`20`	`20`	`## Changes to libraries`
`21`	`21`
`22`	`22`	* Importing `semmle.python.web.HttpRequest` will no longer import `UntrustedStringKind` transitively. `UntrustedStringKind` is the most commonly used non-abstract subclass of `ExternalStringKind`. If not imported (by one mean or another), taint-tracking queries that concern `ExternalStringKind` will not produce any results. Please ensure such queries contain an explicit import (`import semmle.python.security.strings.Untrusted`).
`23`		`-* Added support for tainted f-strings.`