hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.12.1

Browse Source
This commit is contained in:
github-actions[bot]
2023-01-20 12:03:19 +00:00
parent 05c80b3f3c
commit 005b3e4a47
104 changed files with 274 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,13 @@
## 0.5.1
### New Queries
* Added a new query `java/android/websettings-allow-content-access` to detect Android WebViews which do not disable access to `content://` urls.
### Minor Analysis Improvements
* The name, description and alert message for the query `java/concatenated-sql-query` have been altered to emphasise that the query flags the use of string concatenation to construct SQL queries, not the lack of appropriate escaping. The query's files have been renamed from `SqlUnescaped.ql` and `SqlUnescapedLib.qll` to `SqlConcatenated.ql` and `SqlConcatenatedLib.qll` respectively; in the unlikely event your custom configuration or queries refer to either of these files by name, those references will need to be adjusted. The query id remains `java/concatenated-sql-query`, so alerts should not be re-raised as a result of this change.
## 0.5.0
### New Queries

4
java/ql/src/change-notes/2022-12-21-android-allowcontentaccess-query.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query `java/android/websettings-allow-content-access` to detect Android WebViews which do not disable access to `content://` urls.

11
java/ql/src/change-notes/2023-01-03-renamed-sql-unescaped.md → java/ql/src/change-notes/released/0.5.1.md
View File

@@ -1,4 +1,9 @@
---
category: minorAnalysis
---
## 0.5.1
### New Queries
* Added a new query `java/android/websettings-allow-content-access` to detect Android WebViews which do not disable access to `content://` urls.
### Minor Analysis Improvements
* The name, description and alert message for the query `java/concatenated-sql-query` have been altered to emphasise that the query flags the use of string concatenation to construct SQL queries, not the lack of appropriate escaping. The query's files have been renamed from `SqlUnescaped.ql` and `SqlUnescapedLib.qll` to `SqlConcatenated.ql` and `SqlConcatenatedLib.qll` respectively; in the unlikely event your custom configuration or queries refer to either of these files by name, those references will need to be adjusted. The query id remains `java/concatenated-sql-query`, so alerts should not be re-raised as a result of this change.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.5.0
lastReleaseVersion: 0.5.1

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 0.5.1-dev
version: 0.5.1
groups:
- java
- queries