- Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
- Added children of
UnspecifiedElement, which will be present only in certain downgraded databases. - Collection content is now automatically read at taint flow sinks. This removes the need to define an
allowImplicitReadpredicate on data flow configurations where the sink might be an array, set or similar type with tainted contents. Where that step had not been defined, taint may find additional results now. - Added taint models for
StringProtocol.appendingFormatandString.decodeCString. - Added taint flow models for members of
Substring. - Added taint flow models for
RawRepresentable. - The contents of autoclosure function parameters are now included in the control flow graph and data flow libraries.
- Added models of
StringProtocolandNSStringmethods that evaluate regular expressions. - Flow through 'open existential expressions', implicit expressions created by the compiler when a method is called on a protocol. This may apply, for example, when the method is a modelled taint source.