Amazon QDetector Library Sign in to Amazon Q

April 2025 change log

This change log includes updates to detectors made in April 2025.

Added and updated rules

1. [Java, Python, JavaScript, TypeScript, C#][SQL Injection Detection Enhancement] Added SQL injection detection rules for multiple databases including MySQL, SQLite, PostgreSQL, Oracle, treating function parameters as potentially tainted input in addition to HTTP requests. 2. [Java, Python, JavaScript, TypeScript, C#][NoSQL Injection Detection Enhancement] Added NoSQL injection detection rules with expanded coverage for MongoDB and DynamoDB, analyzing function parameters and user-controlled inputs. 3. [Java, Python, JavaScript, TypeScript, C#][Log Injection Detection] Added new Log Injection detection rules to identify log-based attack vulnerabilities across various logging frameworks. 4. [Java, Python, JavaScript, TypeScript, C#][Cross-Site Scripting (XSS) Detection] Enhanced Cross-Site Scripting (XSS) detection rules to better identify XSS vulnerabilities across web applications. 5. [Java, Python, JavaScript, TypeScript, C#][Hardcoded Credentials Detection Enhancement] Enhanced detection of hardcoded credentials by adding new rules for frequently used libraries and frameworks across multiple categories like Database Connections,SMTP Credentials,Cloud Provider APIs,Symmetric Encryption,Asymmetric,,Encryption, Hashing,Digital Signatures,Key Management,Random Number Generation,Password,Hashing,TLS/SSL, Social Media APIs,Payment,Gateways,Authentication,SSH/SFTP,CI/CD,Geolocation and Version Control. 6. [Java] Added rule to detect unsafe modification of non-thread-safe collections in parallel streams, improving concurrency-related vulnerability detection. 7. [Java] Enhanced detection for CRLF injection, JNDI injection, and Spring Shell exploitation attempts. 8. [Java] Added XML Entity Injection detection rules and service principal misconfiguration detection to prevent identity confusion or privilege escalation. 9. [Python] Added rules for detecting insecure deserialization and command injection vulnerabilities, including those through Jinja templates. 10. [Python] Added rule for identifying security issues from legacy package names in Python dependencies. 11. [PHP] Enhanced SQL injection detection for Laravel Framework and CodeIgniter Framework, expanding coverage beyond basic MySQL/PostgreSQL support. 12. [C#] Enhanced performance and coverage for integer overflow, insecure cryptography, open directory listing, XPath injection, KMS key length, and SSL certificate trust handshake vulnerabilities. 13. [Kotlin] Improved coverage for bad hexadecimal conversion, pseudo random number generators, and URL rewriting detection rules. 14. [Go] Enhanced nil pointer dereference detection precision by reducing false positives in error-checked code paths. 15. [Java] Updated Cross-Site Scripting rule with improved security recommendations and mitigation guidance aligned with current best practices.

Disabled rules

The following rules were disabled due to false positives:

1. javascript-log-injection