mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
Release preparation for version 2.13.0
This commit is contained in:
github-actions[bot]
@@ -1,3 +1,76 @@
|
||||
## 0.6.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `execTainted` predicate in `CommandLineQuery.qll` has been deprecated and replaced with the predicate `execIsTainted`.
|
||||
* The recently introduced new data flow and taint tracking APIs have had a
|
||||
number of module and predicate renamings. The old APIs remain in place for
|
||||
now.
|
||||
* The `WebViewDubuggingQuery` library has been renamed to `WebViewDebuggingQuery` to fix the typo in the file name. `WebViewDubuggingQuery` is now deprecated.
|
||||
|
||||
### New Features
|
||||
|
||||
* Predicates `Compilation.getExpandedArgument` and `Compilation.getAnExpandedArgument` has been added.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed a bug in the regular expression used to identify sensitive information in `SensitiveActions::getCommonSensitiveInfoRegex`. This may affect the results of the queries `java/android/sensitive-communication`, `java/android/sensitive-keyboard-cache`, and `java/sensitive-log`.
|
||||
* Added a summary model for the `java.lang.UnsupportedOperationException(String)` constructor.
|
||||
* The filenames embedded in `Compilation.toString()` now use `/` as the path separator on all platforms.
|
||||
* Added models for the following packages:
|
||||
* java.lang
|
||||
* java.net
|
||||
* java.nio.file
|
||||
* Added models for the following packages:
|
||||
* java.io
|
||||
* java.lang.module
|
||||
* org.apache.commons.io
|
||||
* Added the `TaintedPathQuery.qll` library to provide the `TaintedPathFlow` and `TaintedPathLocalFlow` taint-tracking modules to reason about tainted path vulnerabilities.
|
||||
* Added the `ZipSlipQuery.qll` library to provide the `ZipSlipFlow` taint-tracking module to reason about zip-slip vulnerabilities.
|
||||
* Added the `InsecureBeanValidationQuery.qll` library to provide the `BeanValidationFlow` taint-tracking module to reason about bean validation vulnerabilities.
|
||||
* Added the `XssQuery.qll` library to provide the `XssFlow` taint-tracking module to reason about cross site scripting vulnerabilities.
|
||||
* Added the `LdapInjectionQuery.qll` library to provide the `LdapInjectionFlow` taint-tracking module to reason about LDAP injection vulnerabilities.
|
||||
* Added the `ResponseSplittingQuery.qll` library to provide the `ResponseSplittingFlow` taint-tracking module to reason about response splitting vulnerabilities.
|
||||
* Added the `ExternallyControlledFormatStringQuery.qll` library to provide the `ExternallyControlledFormatStringFlow` taint-tracking module to reason about externally controlled format string vulnerabilities.
|
||||
* Improved the handling of addition in the range analysis. This can cause in minor changes to the results produced by `java/index-out-of-bounds` and `java/constant-comparison`.
|
||||
* A new models as data sink kind `command-injection` has been added.
|
||||
* The queries `java/command-line-injection` and `java/concatenated-command-line` now can be extended using the `command-injection` models as data sink kind.
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.google.common.io
|
||||
* java.lang
|
||||
* java.nio.file
|
||||
* kotlin.io
|
||||
* org.apache.commons.httpclient.util
|
||||
* org.apache.http.client
|
||||
* org.eclipse.jetty.client
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `hudson.model`
|
||||
* `hudson.scm`
|
||||
* `hudson.util`
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `hudson.cli`
|
||||
* `hudson.lifecycle`
|
||||
* `hudson`
|
||||
* `hudson.util.io`
|
||||
* Added the extensible abstract class `JndiInjectionSanitizer`. Now this class can be extended to add more sanitizers to the `java/jndi-injection` query.
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `java.net`
|
||||
* `java.nio.file`
|
||||
* `javax.imageio.stream`
|
||||
* `javax.naming`
|
||||
* `javax.servlet`
|
||||
* `org.geogebra.web.full.main`
|
||||
* Added a summary model for the `nativeSQL` method of the `java.sql.Connection` interface.
|
||||
* Added sink and summary dataflow models for the Jenkins and Netty frameworks.
|
||||
* The Models as Data syntax for selecting the qualifier has been changed from `-1` to `this` (e.g. `Argument[-1]` is now written as `Argument[this]`).
|
||||
* Added sources and flow step models for the Netty framework up to version 4.1.
|
||||
* Added more dataflow models for frequently-used JDK APIs.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
|
||||
|
||||
## 0.5.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more dataflow models for frequently-used JDK APIs.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added sources and flow step models for the Netty framework up to version 4.1.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The Models as Data syntax for selecting the qualifier has been changed from `-1` to `this` (e.g. `Argument[-1]` is now written as `Argument[this]`).
|
||||
@@ -1,10 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `java.net`
|
||||
* `java.nio.file`
|
||||
* `javax.imageio.stream`
|
||||
* `javax.naming`
|
||||
* `javax.servlet`
|
||||
* `org.geogebra.web.full.main`
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added a summary model for the `nativeSQL` method of the `java.sql.Connection` interface.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added sink and summary dataflow models for the Jenkins and Netty frameworks.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `WebViewDubuggingQuery` library has been renamed to `WebViewDebuggingQuery` to fix the typo in the file name. `WebViewDubuggingQuery` is now deprecated.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Predicates `Compilation.getExpandedArgument` and `Compilation.getAnExpandedArgument` has been added.
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The recently introduced new data flow and taint tracking APIs have had a
|
||||
number of module and predicate renamings. The old APIs remain in place for
|
||||
now.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added the extensible abstract class `JndiInjectionSanitizer`. Now this class can be extended to add more sanitizers to the `java/jndi-injection` query.
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `hudson.model`
|
||||
* `hudson.scm`
|
||||
* `hudson.util`
|
||||
@@ -1,8 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `hudson.cli`
|
||||
* `hudson.lifecycle`
|
||||
* `hudson`
|
||||
* `hudson.util.io`
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* A new models as data sink kind `command-injection` has been added.
|
||||
* The queries `java/command-line-injection` and `java/concatenated-command-line` now can be extended using the `command-injection` models as data sink kind.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `execTainted` predicate in `CommandLineQuery.qll` has been deprecated and replaced with the predicate `execIsTainted`.
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.google.common.io
|
||||
* java.lang
|
||||
* java.nio.file
|
||||
* kotlin.io
|
||||
* org.apache.commons.httpclient.util
|
||||
* org.apache.http.client
|
||||
* org.eclipse.jetty.client
|
||||
@@ -1,10 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added the `TaintedPathQuery.qll` library to provide the `TaintedPathFlow` and `TaintedPathLocalFlow` taint-tracking modules to reason about tainted path vulnerabilities.
|
||||
* Added the `ZipSlipQuery.qll` library to provide the `ZipSlipFlow` taint-tracking module to reason about zip-slip vulnerabilities.
|
||||
* Added the `InsecureBeanValidationQuery.qll` library to provide the `BeanValidationFlow` taint-tracking module to reason about bean validation vulnerabilities.
|
||||
* Added the `XssQuery.qll` library to provide the `XssFlow` taint-tracking module to reason about cross site scripting vulnerabilities.
|
||||
* Added the `LdapInjectionQuery.qll` library to provide the `LdapInjectionFlow` taint-tracking module to reason about LDAP injection vulnerabilities.
|
||||
* Added the `ResponseSplittingQuery.qll` library to provide the `ResponseSplittingFlow` taint-tracking module to reason about response splitting vulnerabilities.
|
||||
* Added the `ExternallyControlledFormatStringQuery.qll` library to provide the `ExternallyControlledFormatStringFlow` taint-tracking module to reason about externally controlled format string vulnerabilities.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved the handling of addition in the range analysis. This can cause in minor changes to the results produced by `java/index-out-of-bounds` and `java/constant-comparison`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The filenames embedded in `Compilation.toString()` now use `/` as the path separator on all platforms.
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
* java.io
|
||||
* java.lang.module
|
||||
* org.apache.commons.io
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
* java.lang
|
||||
* java.net
|
||||
* java.nio.file
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added a summary model for the `java.lang.UnsupportedOperationException(String)` constructor.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed a bug in the regular expression used to identify sensitive information in `SensitiveActions::getCommonSensitiveInfoRegex`. This may affect the results of the queries `java/android/sensitive-communication`, `java/android/sensitive-keyboard-cache`, and `java/sensitive-log`.
|
||||
72
java/ql/lib/change-notes/released/0.6.0.md
Normal file
72
java/ql/lib/change-notes/released/0.6.0.md
Normal file
@@ -0,0 +1,72 @@
|
||||
## 0.6.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `execTainted` predicate in `CommandLineQuery.qll` has been deprecated and replaced with the predicate `execIsTainted`.
|
||||
* The recently introduced new data flow and taint tracking APIs have had a
|
||||
number of module and predicate renamings. The old APIs remain in place for
|
||||
now.
|
||||
* The `WebViewDubuggingQuery` library has been renamed to `WebViewDebuggingQuery` to fix the typo in the file name. `WebViewDubuggingQuery` is now deprecated.
|
||||
|
||||
### New Features
|
||||
|
||||
* Predicates `Compilation.getExpandedArgument` and `Compilation.getAnExpandedArgument` has been added.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed a bug in the regular expression used to identify sensitive information in `SensitiveActions::getCommonSensitiveInfoRegex`. This may affect the results of the queries `java/android/sensitive-communication`, `java/android/sensitive-keyboard-cache`, and `java/sensitive-log`.
|
||||
* Added a summary model for the `java.lang.UnsupportedOperationException(String)` constructor.
|
||||
* The filenames embedded in `Compilation.toString()` now use `/` as the path separator on all platforms.
|
||||
* Added models for the following packages:
|
||||
* java.lang
|
||||
* java.net
|
||||
* java.nio.file
|
||||
* Added models for the following packages:
|
||||
* java.io
|
||||
* java.lang.module
|
||||
* org.apache.commons.io
|
||||
* Added the `TaintedPathQuery.qll` library to provide the `TaintedPathFlow` and `TaintedPathLocalFlow` taint-tracking modules to reason about tainted path vulnerabilities.
|
||||
* Added the `ZipSlipQuery.qll` library to provide the `ZipSlipFlow` taint-tracking module to reason about zip-slip vulnerabilities.
|
||||
* Added the `InsecureBeanValidationQuery.qll` library to provide the `BeanValidationFlow` taint-tracking module to reason about bean validation vulnerabilities.
|
||||
* Added the `XssQuery.qll` library to provide the `XssFlow` taint-tracking module to reason about cross site scripting vulnerabilities.
|
||||
* Added the `LdapInjectionQuery.qll` library to provide the `LdapInjectionFlow` taint-tracking module to reason about LDAP injection vulnerabilities.
|
||||
* Added the `ResponseSplittingQuery.qll` library to provide the `ResponseSplittingFlow` taint-tracking module to reason about response splitting vulnerabilities.
|
||||
* Added the `ExternallyControlledFormatStringQuery.qll` library to provide the `ExternallyControlledFormatStringFlow` taint-tracking module to reason about externally controlled format string vulnerabilities.
|
||||
* Improved the handling of addition in the range analysis. This can cause in minor changes to the results produced by `java/index-out-of-bounds` and `java/constant-comparison`.
|
||||
* A new models as data sink kind `command-injection` has been added.
|
||||
* The queries `java/command-line-injection` and `java/concatenated-command-line` now can be extended using the `command-injection` models as data sink kind.
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.google.common.io
|
||||
* java.lang
|
||||
* java.nio.file
|
||||
* kotlin.io
|
||||
* org.apache.commons.httpclient.util
|
||||
* org.apache.http.client
|
||||
* org.eclipse.jetty.client
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `hudson.model`
|
||||
* `hudson.scm`
|
||||
* `hudson.util`
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `hudson.cli`
|
||||
* `hudson.lifecycle`
|
||||
* `hudson`
|
||||
* `hudson.util.io`
|
||||
* Added the extensible abstract class `JndiInjectionSanitizer`. Now this class can be extended to add more sanitizers to the `java/jndi-injection` query.
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `java.net`
|
||||
* `java.nio.file`
|
||||
* `javax.imageio.stream`
|
||||
* `javax.naming`
|
||||
* `javax.servlet`
|
||||
* `org.geogebra.web.full.main`
|
||||
* Added a summary model for the `nativeSQL` method of the `java.sql.Connection` interface.
|
||||
* Added sink and summary dataflow models for the Jenkins and Netty frameworks.
|
||||
* The Models as Data syntax for selecting the qualifier has been changed from `-1` to `this` (e.g. `Argument[-1]` is now written as `Argument[this]`).
|
||||
* Added sources and flow step models for the Netty framework up to version 4.1.
|
||||
* Added more dataflow models for frequently-used JDK APIs.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.5.6
|
||||
lastReleaseVersion: 0.6.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 0.6.0-dev
|
||||
version: 0.6.0
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
Reference in New Issue
Block a user