hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.12.1

Browse Source
This commit is contained in:
github-actions[bot]
2023-01-20 12:03:19 +00:00
parent 05c80b3f3c
commit 005b3e4a47
104 changed files with 274 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,14 @@
## 0.5.1
### Minor Analysis Improvements
* Added sink models for the constructors of `org.springframework.jdbc.object.MappingSqlQuery` and `org.springframework.jdbc.object.MappingSqlQueryWithParameters`.
* Added more dataflow models for frequently-used JDK APIs.
* Removed summary model for `java.lang.String#endsWith(String)` and added neutral model for this API.
* Added additional taint step for `java.lang.String#endsWith(String)` to `ConditionalBypassFlowConfig`.
* Added `AllowContentAccessMethod` to represent the `setAllowContentAccess` method of the `android.webkit.WebSettings` class.
* Added an external flow source for the parameters of methods annotated with `android.webkit.JavascriptInterface`.
## 0.5.0
### Minor Analysis Improvements

4
java/ql/lib/change-notes/2022-01-13-android-javascriptinterface-parameters-remote-sources.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added an external flow source for the parameters of methods annotated with `android.webkit.JavascriptInterface`.

4
java/ql/lib/change-notes/2022-12-21-allowcontentaccessmethod.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added `AllowContentAccessMethod` to represent the `setAllowContentAccess` method of the `android.webkit.WebSettings` class.

6
java/ql/lib/change-notes/2023-01-03-add-more-top-jdk-models.md
View File

@@ -1,6 +0,0 @@
---
category: minorAnalysis
---
* Added more dataflow models for frequently-used JDK APIs.
* Removed summary model for `java.lang.String#endsWith(String)` and added neutral model for this API.
* Added additional taint step for `java.lang.String#endsWith(String)` to `ConditionalBypassFlowConfig`.

4
java/ql/lib/change-notes/2023-01-05-fix-mad-typos.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added sink models for the constructors of `org.springframework.jdbc.object.MappingSqlQuery` and `org.springframework.jdbc.object.MappingSqlQueryWithParameters`.

10
java/ql/lib/change-notes/released/0.5.1.md Normal file
View File

@@ -0,0 +1,10 @@
## 0.5.1
### Minor Analysis Improvements
* Added sink models for the constructors of `org.springframework.jdbc.object.MappingSqlQuery` and `org.springframework.jdbc.object.MappingSqlQueryWithParameters`.
* Added more dataflow models for frequently-used JDK APIs.
* Removed summary model for `java.lang.String#endsWith(String)` and added neutral model for this API.
* Added additional taint step for `java.lang.String#endsWith(String)` to `ConditionalBypassFlowConfig`.
* Added `AllowContentAccessMethod` to represent the `setAllowContentAccess` method of the `android.webkit.WebSettings` class.
* Added an external flow source for the parameters of methods annotated with `android.webkit.JavascriptInterface`.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.5.0
lastReleaseVersion: 0.5.1

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 0.5.1-dev
version: 0.5.1
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

10
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,13 @@
## 0.5.1
### New Queries
* Added a new query `java/android/websettings-allow-content-access` to detect Android WebViews which do not disable access to `content://` urls.
### Minor Analysis Improvements
* The name, description and alert message for the query `java/concatenated-sql-query` have been altered to emphasise that the query flags the use of string concatenation to construct SQL queries, not the lack of appropriate escaping. The query's files have been renamed from `SqlUnescaped.ql` and `SqlUnescapedLib.qll` to `SqlConcatenated.ql` and `SqlConcatenatedLib.qll` respectively; in the unlikely event your custom configuration or queries refer to either of these files by name, those references will need to be adjusted. The query id remains `java/concatenated-sql-query`, so alerts should not be re-raised as a result of this change.
## 0.5.0
### New Queries

4
java/ql/src/change-notes/2022-12-21-android-allowcontentaccess-query.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query `java/android/websettings-allow-content-access` to detect Android WebViews which do not disable access to `content://` urls.

11
java/ql/src/change-notes/2023-01-03-renamed-sql-unescaped.md → java/ql/src/change-notes/released/0.5.1.md
View File

@@ -1,4 +1,9 @@
---
category: minorAnalysis
---
## 0.5.1
### New Queries
* Added a new query `java/android/websettings-allow-content-access` to detect Android WebViews which do not disable access to `content://` urls.
### Minor Analysis Improvements
* The name, description and alert message for the query `java/concatenated-sql-query` have been altered to emphasise that the query flags the use of string concatenation to construct SQL queries, not the lack of appropriate escaping. The query's files have been renamed from `SqlUnescaped.ql` and `SqlUnescapedLib.qll` to `SqlConcatenated.ql` and `SqlConcatenatedLib.qll` respectively; in the unlikely event your custom configuration or queries refer to either of these files by name, those references will need to be adjusted. The query id remains `java/concatenated-sql-query`, so alerts should not be re-raised as a result of this change.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.5.0
lastReleaseVersion: 0.5.1

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 0.5.1-dev
version: 0.5.1
groups:
- java
- queries