Release preparation for version 2.8.2

2025-12-16 16:53:25 +01:00 · 2022-02-24 14:57:08 +00:00
parent 83aaeca751
commit 20fe22c8c8
62 changed files with 195 additions and 86 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,5 +1,12 @@
+## 0.0.10
+
+### New Features
+
+* Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration.
+
 ## 0.0.9

+
 ## 0.0.8

 ### Deprecated APIs
--- a/cpp/ql/lib/change-notes/2022-02-21-structured-binding-data.md
+++ b/cpp/ql/lib/change-notes/2022-02-21-structured-binding-data.md
@@ -1,4 +1,5 @@
---
-category: feature
---
+## 0.0.10
+
+### New Features
+
 * Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.0.10-dev
+version: 0.0.10
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.0.10
+
+### Deprecated Queries
+
+* The `CodeDuplication.Copy`, `CodeDuplication.DuplicateBlock`, and `CodeDuplication.SimilarBlock` classes have been deprecated.
+
 ## 0.0.9

 ### New Queries
--- a/cpp/ql/src/change-notes/2022-02-11-code-duplication.md
+++ b/cpp/ql/src/change-notes/2022-02-11-code-duplication.md
@@ -1,4 +1,5 @@
---
-category: deprecated
---
+## 0.0.10
+
+### Deprecated Queries
+
 * The `CodeDuplication.Copy`, `CodeDuplication.DuplicateBlock`, and `CodeDuplication.SimilarBlock` classes have been deprecated.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.0.10-dev
+version: 0.0.10
 groups: 
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 1.0.4
+
 ## 1.0.3

 ## 1.0.2
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.4.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.4.md
@@ -0,0 +1 @@
+## 1.0.4
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.3
+lastReleaseVersion: 1.0.4
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.0.4-dev
+version: 1.0.4
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 1.0.4
+
 ## 1.0.3

 ## 1.0.2
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.4.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.4.md
@@ -0,0 +1 @@
+## 1.0.4
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.3
+lastReleaseVersion: 1.0.4
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.0.4-dev
+version: 1.0.4
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.0.10
+
 ## 0.0.9

 ### Major Analysis Improvements
--- a/csharp/ql/lib/change-notes/released/0.0.10.md
+++ b/csharp/ql/lib/change-notes/released/0.0.10.md
@@ -0,0 +1 @@
+## 0.0.10
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.0.10-dev
+version: 0.0.10
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.0.10
+
+### Query Metadata Changes
+
+The precision of hardcoded credentials queries (`cs/hardcoded-credentials` and
+`cs/hardcoded-connection-string-credentials`) have been downgraded to medium.
+
 ## 0.0.9

 ## 0.0.8
--- a/csharp/ql/src/change-notes/2022-02-15-hardcoded-credentials-downgrade.md
+++ b/csharp/ql/src/change-notes/2022-02-15-hardcoded-credentials-downgrade.md
@@ -1,5 +1,6 @@
---
-category: queryMetadata
---
+## 0.0.10
+
+### Query Metadata Changes
+
 The precision of hardcoded credentials queries (`cs/hardcoded-credentials` and
-`cs/hardcoded-connection-string-credentials`) have been downgraded to medium.
+`cs/hardcoded-connection-string-credentials`) have been downgraded to medium.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.0.10-dev
+version: 0.0.10
 groups: 
  - csharp
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.0.10
+
+### New Features
+
+* Added predicates `ClassOrInterface.getAPermittedSubtype` and `isSealed` exposing information about sealed classes.
+
 ## 0.0.9

 ## 0.0.8
--- a/java/ql/lib/change-notes/2022-02-14-sealed-classes-predicates.md
+++ b/java/ql/lib/change-notes/2022-02-14-sealed-classes-predicates.md
@@ -1,4 +1,5 @@
---
-category: feature
---
+## 0.0.10
+
+### New Features
+
 * Added predicates `ClassOrInterface.getAPermittedSubtype` and `isSealed` exposing information about sealed classes.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.0.10-dev
+version: 0.0.10
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,20 @@
+## 0.0.10
+
+### Breaking Changes
+
+* Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`.
+  Identify request splitting differently from response splitting in query results.
+  Support addional classes:
+  * `io.netty.handler.codec.http.CombinedHttpHeaders`
+  * `io.netty.handler.codec.http.DefaultHttpRequest`
+  * `io.netty.handler.codec.http.DefaultFullHttpRequest`
+
+### New Queries
+
+* A new query titled "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) has been added.
+  This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory.
+  This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388).
+
 ## 0.0.9

 ### New Queries
--- a/java/ql/src/change-notes/2021-01-02-netty-response-splitting-improve.md
+++ b/java/ql/src/change-notes/2021-01-02-netty-response-splitting-improve.md
@@ -1,9 +0,0 @@
---
-category: breaking
---
-* Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`.
-  Identify request splitting differently from response splitting in query results.
-  Support addional classes:
-  * `io.netty.handler.codec.http.CombinedHttpHeaders`
-  * `io.netty.handler.codec.http.DefaultHttpRequest`
-  * `io.netty.handler.codec.http.DefaultFullHttpRequest`
--- a/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md
+++ b/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md
@@ -1,6 +0,0 @@
---
-category: newQuery
---
-* A new query titled "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) has been added.
-  This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory.
-  This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388).
--- a/java/ql/src/change-notes/released/0.0.10.md
+++ b/java/ql/src/change-notes/released/0.0.10.md
@@ -0,0 +1,16 @@
+## 0.0.10
+
+### Breaking Changes
+
+* Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`.
+  Identify request splitting differently from response splitting in query results.
+  Support addional classes:
+  * `io.netty.handler.codec.http.CombinedHttpHeaders`
+  * `io.netty.handler.codec.http.DefaultHttpRequest`
+  * `io.netty.handler.codec.http.DefaultFullHttpRequest`
+
+### New Queries
+
+* A new query titled "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) has been added.
+  This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory.
+  This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388).
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.0.10-dev
+version: 0.0.10
 groups: 
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.0.11
+
 ## 0.0.10

 ## 0.0.9
--- a/javascript/ql/lib/change-notes/released/0.0.11.md
+++ b/javascript/ql/lib/change-notes/released/0.0.11.md
@@ -0,0 +1 @@
+## 0.0.11
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.10
+lastReleaseVersion: 0.0.11
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.0.11-dev
+version: 0.0.11
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,25 @@
+## 0.0.11
+
+### New Queries
+
+* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements
+  that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links.
+  The query is run by default.
+
+### Query Metadata Changes
+
+* The `js/request-forgery` query previously flagged both server-side and client-side request forgery,
+  but these are now handled by two different queries:
+  * `js/request-forgery` is now specific to server-side request forgery. Its precision has been raised to
+    `high` and is now shown by default (it was previously in the `security-extended` suite).
+  * `js/client-side-request-forgery` is specific to client-side request forgery. This is technically a new query
+    but simply flags a subset of what the old query did.
+    This has precision `medium` and is part of the `security-extended` suite.
+
+### Minor Analysis Improvements
+
+* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library.
+
 ## 0.0.10

 ### New Queries
--- a/javascript/ql/src/change-notes/2022-02-10-snapdragon.md
+++ b/javascript/ql/src/change-notes/2022-02-10-snapdragon.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library.
--- a/javascript/ql/src/change-notes/2022-02-14-functionality-from-untrusted-source.md
+++ b/javascript/ql/src/change-notes/2022-02-14-functionality-from-untrusted-source.md
@@ -1,6 +0,0 @@
---
-category: newQuery
---
-* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements
-  that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links.
-  The query is run by default.
--- a/javascript/ql/src/change-notes/2022-02-16-split-request-forgery.md
+++ b/javascript/ql/src/change-notes/2022-02-16-split-request-forgery.md
@@ -1,6 +1,13 @@
---
-category: queryMetadata
---
+## 0.0.11
+
+### New Queries
+
+* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements
+  that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links.
+  The query is run by default.
+
+### Query Metadata Changes
+
 * The `js/request-forgery` query previously flagged both server-side and client-side request forgery,
  but these are now handled by two different queries:
  * `js/request-forgery` is now specific to server-side request forgery. Its precision has been raised to
@@ -8,3 +15,7 @@ category: queryMetadata
  * `js/client-side-request-forgery` is specific to client-side request forgery. This is technically a new query
    but simply flags a subset of what the old query did.
    This has precision `medium` and is part of the `security-extended` suite.
+
+### Minor Analysis Improvements
+
+* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.10
+lastReleaseVersion: 0.0.11
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.0.11-dev
+version: 0.0.11
 groups: 
  - javascript
  - queries
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.0.10
+
+### Deprecated APIs
+
+* The old points-to based modeling has been deprecated. Use the new type-tracking/API-graphs based modeling instead.
+
 ## 0.0.9

 ## 0.0.8
--- a/python/ql/lib/change-notes/2022-01-19-deprecate-old-library-modeling.md
+++ b/python/ql/lib/change-notes/2022-01-19-deprecate-old-library-modeling.md
@@ -1,4 +1,5 @@
---
-category: deprecated
---
+## 0.0.10
+
+### Deprecated APIs
+
 * The old points-to based modeling has been deprecated. Use the new type-tracking/API-graphs based modeling instead.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.0.10-dev
+version: 0.0.10
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.0.10
+
+### New Queries
+
+* The query "LDAP query built from user-controlled sources" (`py/ldap-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @jorgectf](https://github.com/github/codeql/pull/5443).
+* The query "Log Injection" (`py/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear when `security-extended` is used. This query was originally [submitted as an experimental query by @haby0](https://github.com/github/codeql/pull/6182).
+
 ## 0.0.9

 ### Bug Fixes
--- a/python/ql/src/change-notes/2022-02-25-promote-log-injection.md
+++ b/python/ql/src/change-notes/2022-02-25-promote-log-injection.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* The query "Log Injection" (`py/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear when `security-extended` is used. This query was originally [submitted as an experimental query by @haby0](https://github.com/github/codeql/pull/6182).
--- a/python/ql/src/change-notes/2022-02-28-promote-ldap-injection.md
+++ b/python/ql/src/change-notes/2022-02-28-promote-ldap-injection.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* The query "LDAP query built from user-controlled sources" (`py/ldap-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @jorgectf](https://github.com/github/codeql/pull/5443).
--- a/python/ql/src/change-notes/released/0.0.10.md
+++ b/python/ql/src/change-notes/released/0.0.10.md
@@ -0,0 +1,6 @@
+## 0.0.10
+
+### New Queries
+
+* The query "LDAP query built from user-controlled sources" (`py/ldap-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @jorgectf](https://github.com/github/codeql/pull/5443).
+* The query "Log Injection" (`py/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear when `security-extended` is used. This query was originally [submitted as an experimental query by @haby0](https://github.com/github/codeql/pull/6182).
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.0.10-dev
+version: 0.0.10
 groups: 
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.0.10
+
+### Minor Analysis Improvements
+
+* Added `FileSystemWriteAccess` concept to model data written to the filesystem.
+
 ## 0.0.9

 ## 0.0.8
--- a/ruby/ql/lib/change-notes/2022-02-20-file-system-write-access.md
+++ b/ruby/ql/lib/change-notes/2022-02-20-file-system-write-access.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.0.10
+
+### Minor Analysis Improvements
+
 * Added `FileSystemWriteAccess` concept to model data written to the filesystem.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.0.10-dev
+version: 0.0.10
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.0.10
+
+### New Queries
+
+* Added a new query, `rb/clear-text-logging-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are logged as cleartext.
+
 ## 0.0.9

 ## 0.0.8
--- a/ruby/ql/src/change-notes/2022-01-28-rb-clear-text-logging-sensitive-data.md
+++ b/ruby/ql/src/change-notes/2022-01-28-rb-clear-text-logging-sensitive-data.md
@@ -1,4 +1,5 @@
---
-category: newQuery
---
+## 0.0.10
+
+### New Queries
+
 * Added a new query, `rb/clear-text-logging-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are logged as cleartext.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.0.10-dev
+version: 0.0.10
 groups: 
  - ruby
  - queries