mirror of
https://github.com/github/codeql.git
synced 2026-06-26 15:17:06 +02:00
Release preparation for version 2.26.0
This commit is contained in:
github-actions[bot]
@@ -1,3 +1,10 @@
|
||||
## 0.4.38
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* GitHub Actions queries now better account for permission checks on jobs that call reusable workflows.
|
||||
* The query `actions/pr-on-self-hosted-runner` was updated to the latest standard runner labels reducing false positive results.
|
||||
|
||||
## 0.4.37
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* The query `actions/pr-on-self-hosted-runner` was updated to the latest standard runner labels reducing false positive results.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* GitHub Actions queries now better account for permission checks on jobs that call reusable workflows.
|
||||
6
actions/ql/lib/change-notes/released/0.4.38.md
Normal file
6
actions/ql/lib/change-notes/released/0.4.38.md
Normal file
@@ -0,0 +1,6 @@
|
||||
## 0.4.38
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* GitHub Actions queries now better account for permission checks on jobs that call reusable workflows.
|
||||
* The query `actions/pr-on-self-hosted-runner` was updated to the latest standard runner labels reducing false positive results.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.4.37
|
||||
lastReleaseVersion: 0.4.38
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-all
|
||||
version: 0.4.38-dev
|
||||
version: 0.4.38
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.6.30
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* The name, description, and alert message of `actions/untrusted-checkout/medium` have been corrected to describe a non-privileged context.
|
||||
|
||||
## 0.6.29
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
## 0.6.30
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* The name, description, and alert message of `actions/untrusted-checkout/medium` have been corrected to describe a non-privileged context.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.29
|
||||
lastReleaseVersion: 0.6.30
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-queries
|
||||
version: 0.6.30-dev
|
||||
version: 0.6.30
|
||||
library: false
|
||||
warnOnImplicitThis: true
|
||||
groups: [actions, queries]
|
||||
|
||||
@@ -1,3 +1,20 @@
|
||||
## 11.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Removed the deprecated `overrideReturnsNull` predicate from `Options.qll`. Use `CustomOptions.overrideReturnsNull` instead.
|
||||
* Removed the deprecated `returnsNull` predicate from `Options.qll`. Use `CustomOptions.returnsNull` instead.
|
||||
* Removed the deprecated `exits` predicate from `Options.qll`. Use `CustomOptions.exits` instead.
|
||||
* Removed the deprecated `exprExits` predicate from `Options.qll`. Use `CustomOptions.exprExits` instead.
|
||||
* Removed the deprecated `alwaysCheckReturnValue` predicate from `Options.qll`. Use `CustomOptions.alwaysCheckReturnValue` instead.
|
||||
* Removed the deprecated `okToIgnoreReturnValue` predicate from `Options.qll`. Use `CustomOptions.okToIgnoreReturnValue` instead.
|
||||
* Removed the deprecated `semmle.code.cpp.Member`. Import `semmle.code.cpp.Element` and/or `semmle.code.cpp.Type` directly.
|
||||
* Removed the deprecated `UnknownDefaultLocation` class. Use `UnknownLocation` instead.
|
||||
* Removed the deprecated `UnknownExprLocation` class. Use `UnknownLocation` instead.
|
||||
* Removed the deprecated `UnknownStmtLocation` class. Use `UnknownLocation` instead.
|
||||
* Removed the deprecated `TemplateParameter` class. Use `TypeTemplateParameter` instead.
|
||||
* Support for class resolution across link targets has been removed for databases which were created with CodeQL versions before 1.23.0.
|
||||
|
||||
## 10.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
## 11.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Removed the deprecated `overrideReturnsNull` predicate from `Options.qll`. Use `CustomOptions.overrideReturnsNull` instead.
|
||||
* Removed the deprecated `returnsNull` predicate from `Options.qll`. Use `CustomOptions.returnsNull` instead.
|
||||
* Removed the deprecated `exits` predicate from `Options.qll`. Use `CustomOptions.exits` instead.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 10.2.0
|
||||
lastReleaseVersion: 11.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 10.2.1-dev
|
||||
version: 11.0.0
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.6.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.6.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
cpp/ql/src/change-notes/released/1.6.5.md
Normal file
3
cpp/ql/src/change-notes/released/1.6.5.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.6.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.4
|
||||
lastReleaseVersion: 1.6.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.6.5-dev
|
||||
version: 1.6.5
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.69
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.68
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.69
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.68
|
||||
lastReleaseVersion: 1.7.69
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.69-dev
|
||||
version: 1.7.69
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.69
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.68
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.69
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.68
|
||||
lastReleaseVersion: 1.7.69
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.69-dev
|
||||
version: 1.7.69
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,19 @@
|
||||
## 7.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Renamed types related to *operation* expressions. The QL classes `BinaryArithmeticOperation`, `BinaryBitwiseOperation`, and `BinaryLogicalOperation` now include compound assignments; for example, `BinaryArithmeticOperation` now includes `a += b`.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added Razor Page handler method parameters (e.g., `OnGet`, `OnPost`, `OnPostAsync`) as remote flow sources, enabling security queries such as `cs/sql-injection` to detect vulnerabilities in `PageModel` subclasses.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved property and indexer call target resolution for partially overridden properties and indexers.
|
||||
* Improved extraction of range-access expressions on spans and strings (for example, `a[0..3]`). These expressions are now extracted as `Slice` (span) or `Substring` (string) calls.
|
||||
* Improved call target resolution for ref-return properties and indexers.
|
||||
|
||||
## 6.0.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved call target resolution for ref-return properties and indexers.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved extraction of range-access expressions on spans and strings (for example, `a[0..3]`). These expressions are now extracted as `Slice` (span) or `Substring` (string) calls.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved property and indexer call target resolution for partially overridden properties and indexers.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* Added Razor Page handler method parameters (e.g., `OnGet`, `OnPost`, `OnPostAsync`) as remote flow sources, enabling security queries such as `cs/sql-injection` to detect vulnerabilities in `PageModel` subclasses.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* Renamed types related to *operation* expressions. The QL classes `BinaryArithmeticOperation`, `BinaryBitwiseOperation`, and `BinaryLogicalOperation` now include compound assignments; for example, `BinaryArithmeticOperation` now includes `a += b`.
|
||||
15
csharp/ql/lib/change-notes/released/7.0.0.md
Normal file
15
csharp/ql/lib/change-notes/released/7.0.0.md
Normal file
@@ -0,0 +1,15 @@
|
||||
## 7.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Renamed types related to *operation* expressions. The QL classes `BinaryArithmeticOperation`, `BinaryBitwiseOperation`, and `BinaryLogicalOperation` now include compound assignments; for example, `BinaryArithmeticOperation` now includes `a += b`.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added Razor Page handler method parameters (e.g., `OnGet`, `OnPost`, `OnPostAsync`) as remote flow sources, enabling security queries such as `cs/sql-injection` to detect vulnerabilities in `PageModel` subclasses.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved property and indexer call target resolution for partially overridden properties and indexers.
|
||||
* Improved extraction of range-access expressions on spans and strings (for example, `a[0..3]`). These expressions are now extracted as `Slice` (span) or `Substring` (string) calls.
|
||||
* Improved call target resolution for ref-return properties and indexers.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 6.0.2
|
||||
lastReleaseVersion: 7.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 6.0.3-dev
|
||||
version: 7.0.0
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
csharp/ql/src/change-notes/released/1.7.5.md
Normal file
3
csharp/ql/src/change-notes/released/1.7.5.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.7.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.4
|
||||
lastReleaseVersion: 1.7.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.7.5-dev
|
||||
version: 1.7.5
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.52
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.51
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.0.52
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.51
|
||||
lastReleaseVersion: 1.0.52
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.52-dev
|
||||
version: 1.0.52
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,20 @@
|
||||
## 7.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* `FuncTypeExpr.getResultDecl()` has been deprecated. Use `FuncTypeExpr.getResultDecl(int i)` instead.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models for the `log/slog` package (Go 1.21+). Its logging functions and
|
||||
`*slog.Logger` methods (`Debug`/`Info`/`Warn`/`Error`, their `Context`
|
||||
variants, and `Log`/`LogAttrs`) are now recognized as logging sinks, so the
|
||||
`go/log-injection` and `go/clear-text-logging` queries cover code that logs
|
||||
through `slog`.
|
||||
* `DataFlow::ResultNode`s are no longer created for returned expressions in functions with named result parameters. In this case there are already result nodes corresponding to `IR::ReadResultInstruction`s at the end of the function body.
|
||||
* `FuncTypeExpr.getNumResult()` now gets the number of result parameters. It previously got the number of result declarations, which is different when one result declaration declares more than one variable, as in `x, y int`. All uses of it expected the number of result parameters. Its QLDoc has been updated.
|
||||
* More logging functions are now recognized as not returning or panicking.
|
||||
|
||||
## 7.1.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* More logging functions are now recognized as not returning or panicking.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* `FuncTypeExpr.getResultDecl()` has been deprecated. Use `FuncTypeExpr.getResultDecl(int i)` instead.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* `DataFlow::ResultNode`s are no longer created for returned expressions in functions with named result parameters. In this case there are already result nodes corresponding to `IR::ReadResultInstruction`s at the end of the function body.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* `FuncTypeExpr.getNumResult()` now gets the number of result parameters. It previously got the number of result declarations, which is different when one result declaration declares more than one variable, as in `x, y int`. All uses of it expected the number of result parameters. Its QLDoc has been updated.
|
||||
@@ -1,8 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the `log/slog` package (Go 1.21+). Its logging functions and
|
||||
`*slog.Logger` methods (`Debug`/`Info`/`Warn`/`Error`, their `Context`
|
||||
variants, and `Log`/`LogAttrs`) are now recognized as logging sinks, so the
|
||||
`go/log-injection` and `go/clear-text-logging` queries cover code that logs
|
||||
through `slog`.
|
||||
16
go/ql/lib/change-notes/released/7.2.0.md
Normal file
16
go/ql/lib/change-notes/released/7.2.0.md
Normal file
@@ -0,0 +1,16 @@
|
||||
## 7.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* `FuncTypeExpr.getResultDecl()` has been deprecated. Use `FuncTypeExpr.getResultDecl(int i)` instead.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models for the `log/slog` package (Go 1.21+). Its logging functions and
|
||||
`*slog.Logger` methods (`Debug`/`Info`/`Warn`/`Error`, their `Context`
|
||||
variants, and `Log`/`LogAttrs`) are now recognized as logging sinks, so the
|
||||
`go/log-injection` and `go/clear-text-logging` queries cover code that logs
|
||||
through `slog`.
|
||||
* `DataFlow::ResultNode`s are no longer created for returned expressions in functions with named result parameters. In this case there are already result nodes corresponding to `IR::ReadResultInstruction`s at the end of the function body.
|
||||
* `FuncTypeExpr.getNumResult()` now gets the number of result parameters. It previously got the number of result declarations, which is different when one result declaration declares more than one variable, as in `x, y int`. All uses of it expected the number of result parameters. Its QLDoc has been updated.
|
||||
* More logging functions are now recognized as not returning or panicking.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.1.2
|
||||
lastReleaseVersion: 7.2.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 7.1.3-dev
|
||||
version: 7.2.0
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.6.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The query `go/unhandled-writable-file-close` ("Writable file handle closed without error handling") now produces fewer false positives. A deferred call to `Close` that is preceded on every execution path by a handled call to `Sync` on the same file handle is no longer flagged.
|
||||
|
||||
## 1.6.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.6.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The query `go/unhandled-writable-file-close` ("Writable file handle closed without error handling") now produces fewer false positives. A deferred call to `Close` that is preceded on every execution path by a handled call to `Sync` on the same file handle is no longer flagged.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.4
|
||||
lastReleaseVersion: 1.6.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.6.5-dev
|
||||
version: 1.6.5
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 9.2.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Kotlin 2.4.0 can now be analysed.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved modeling of Apache HttpClient `execute` method sinks for `java/ssrf` and `java/non-https-url`.
|
||||
|
||||
## 9.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Kotlin 2.4.0 can now be analysed.
|
||||
@@ -1,4 +1,9 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 9.2.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Kotlin 2.4.0 can now be analysed.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved modeling of Apache HttpClient `execute` method sinks for `java/ssrf` and `java/non-https-url`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 9.1.2
|
||||
lastReleaseVersion: 9.2.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 9.1.3-dev
|
||||
version: 9.2.0
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.11.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.11.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
java/ql/src/change-notes/released/1.11.5.md
Normal file
3
java/ql/src/change-notes/released/1.11.5.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.11.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.11.4
|
||||
lastReleaseVersion: 1.11.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 1.11.5-dev
|
||||
version: 1.11.5
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 2.8.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Added `UseMemoDirective` and `UseNoMemoDirective` classes to model the React compiler directives `"use memo"` and `"use no memo"`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added more prompt-injection sinks for the OpenAI, Anthropic, and Google GenAI SDKs: OpenAI `videos.create`/`edit`/`extend`/`remix` (Sora) prompts and `beta.realtime.sessions.create` instructions, Anthropic legacy `completions.create` prompts, and Google GenAI `caches.create` cached contents and system instructions.
|
||||
* The OpenAI legacy `completions.create` prompt is now treated as a user-prompt-injection sink instead of a system-prompt-injection sink, since the legacy `/v1/completions` endpoint takes a single free-form prompt with no role separation.
|
||||
|
||||
## 2.7.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added `UseMemoDirective` and `UseNoMemoDirective` classes to model the React compiler directives `"use memo"` and `"use no memo"`.
|
||||
@@ -1,5 +1,10 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 2.8.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Added `UseMemoDirective` and `UseNoMemoDirective` classes to model the React compiler directives `"use memo"` and `"use no memo"`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added more prompt-injection sinks for the OpenAI, Anthropic, and Google GenAI SDKs: OpenAI `videos.create`/`edit`/`extend`/`remix` (Sora) prompts and `beta.realtime.sessions.create` instructions, Anthropic legacy `completions.create` prompts, and Google GenAI `caches.create` cached contents and system instructions.
|
||||
* The OpenAI legacy `completions.create` prompt is now treated as a user-prompt-injection sink instead of a system-prompt-injection sink, since the legacy `/v1/completions` endpoint takes a single free-form prompt with no role separation.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.7.2
|
||||
lastReleaseVersion: 2.8.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 2.7.3-dev
|
||||
version: 2.8.0
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 2.4.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `js/system-prompt-injection`, to detect cases where untrusted, user-provided values flow into the system prompt of an AI model, allowing an attacker to manipulate the model's behavior.
|
||||
* Added a new experimental query, `javascript/ssrf-ipv6-transition-incomplete-guard`, to detect SSRF host-validation guards that reject private IPv4 ranges but fail to unwrap IPv6-transition forms (IPv4-mapped `::ffff:`, NAT64 `64:ff9b::`, 6to4 `2002::`), allowing the guard to be bypassed by wrapping an internal IPv4 address in a transition literal.
|
||||
|
||||
## 2.3.11
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
|
||||
* Added a new query, `js/system-prompt-injection`, to detect cases where untrusted, user-provided values flow into the system prompt of an AI model, allowing an attacker to manipulate the model's behavior.
|
||||
@@ -1,4 +1,6 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
## 2.4.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `js/system-prompt-injection`, to detect cases where untrusted, user-provided values flow into the system prompt of an AI model, allowing an attacker to manipulate the model's behavior.
|
||||
* Added a new experimental query, `javascript/ssrf-ipv6-transition-incomplete-guard`, to detect SSRF host-validation guards that reject private IPv4 ranges but fail to unwrap IPv6-transition forms (IPv4-mapped `::ffff:`, NAT64 `64:ff9b::`, 6to4 `2002::`), allowing the guard to be bypassed by wrapping an internal IPv4 address in a transition literal.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.3.11
|
||||
lastReleaseVersion: 2.4.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 2.3.12-dev
|
||||
version: 2.4.0
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.52
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.51
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
misc/suite-helpers/change-notes/released/1.0.52.md
Normal file
3
misc/suite-helpers/change-notes/released/1.0.52.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.52
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.51
|
||||
lastReleaseVersion: 1.0.52
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: codeql/suite-helpers
|
||||
version: 1.0.52-dev
|
||||
version: 1.0.52
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -1,3 +1,16 @@
|
||||
## 7.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `Function.getAReturnValueFlowNode()` predicate has been deprecated. Bind a `Return` node explicitly instead — `exists(Return ret | ret.getScope() = f and n.getNode() = ret.getValue())`. This is a preparatory step towards migrating the dataflow library off the legacy CFG; it has no semantic effect.
|
||||
* The `AstNode.getAFlowNode()` predicate has been deprecated. Use `ControlFlowNode.getNode()` from the other direction instead: replace `e.getAFlowNode() = n` with `n.getNode() = e`. This is a preparatory step towards migrating the dataflow library off the legacy CFG; it has no semantic effect.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Python type tracking now follows values stored in instance attributes such as `self.attr` across instance methods, including across a class hierarchy (for example, a value stored on `self.attr` in a base class and read in a subclass, or vice versa). As a result, analysis is more likely to recognize user-defined objects that are stored on `self` and used later in other methods, which may produce additional results.
|
||||
* Simplified the internal predicates that detect `@staticmethod`, `@classmethod` and `@property` decorators to match the decorator's AST `Name` directly, rather than going through the CFG and requiring the name to resolve globally. Code that shadows these three builtin decorators at the module-scope will now be classified by the decorator name alone; in practice, shadowing these names is extremely rare and the call-graph results are unchanged.
|
||||
* Python taint tracking is now more precise for values flowing through container contents, such as list, set, tuple, and dictionary elements. This may remove some false positive alerts.
|
||||
|
||||
## 7.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `AstNode.getAFlowNode()` predicate has been deprecated. Use `ControlFlowNode.getNode()` from the other direction instead: replace `e.getAFlowNode() = n` with `n.getNode() = e`. This is a preparatory step towards migrating the dataflow library off the legacy CFG; it has no semantic effect.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Python taint tracking is now more precise for values flowing through container contents, such as list, set, tuple, and dictionary elements. This may remove some false positive alerts.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Simplified the internal predicates that detect `@staticmethod`, `@classmethod` and `@property` decorators to match the decorator's AST `Name` directly, rather than going through the CFG and requiring the name to resolve globally. Code that shadows these three builtin decorators at the module-scope will now be classified by the decorator name alone; in practice, shadowing these names is extremely rare and the call-graph results are unchanged.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `Function.getAReturnValueFlowNode()` predicate has been deprecated. Bind a `Return` node explicitly instead — `exists(Return ret | ret.getScope() = f and n.getNode() = ret.getValue())`. This is a preparatory step towards migrating the dataflow library off the legacy CFG; it has no semantic effect.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Python type tracking now follows values stored in instance attributes such as `self.attr` across instance methods, including across a class hierarchy (for example, a value stored on `self.attr` in a base class and read in a subclass, or vice versa). As a result, analysis is more likely to recognize user-defined objects that are stored on `self` and used later in other methods, which may produce additional results.
|
||||
12
python/ql/lib/change-notes/released/7.2.0.md
Normal file
12
python/ql/lib/change-notes/released/7.2.0.md
Normal file
@@ -0,0 +1,12 @@
|
||||
## 7.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `Function.getAReturnValueFlowNode()` predicate has been deprecated. Bind a `Return` node explicitly instead — `exists(Return ret | ret.getScope() = f and n.getNode() = ret.getValue())`. This is a preparatory step towards migrating the dataflow library off the legacy CFG; it has no semantic effect.
|
||||
* The `AstNode.getAFlowNode()` predicate has been deprecated. Use `ControlFlowNode.getNode()` from the other direction instead: replace `e.getAFlowNode() = n` with `n.getNode() = e`. This is a preparatory step towards migrating the dataflow library off the legacy CFG; it has no semantic effect.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Python type tracking now follows values stored in instance attributes such as `self.attr` across instance methods, including across a class hierarchy (for example, a value stored on `self.attr` in a base class and read in a subclass, or vice versa). As a result, analysis is more likely to recognize user-defined objects that are stored on `self` and used later in other methods, which may produce additional results.
|
||||
* Simplified the internal predicates that detect `@staticmethod`, `@classmethod` and `@property` decorators to match the decorator's AST `Name` directly, rather than going through the CFG and requiring the name to resolve globally. Code that shadows these three builtin decorators at the module-scope will now be classified by the decorator name alone; in practice, shadowing these names is extremely rare and the call-graph results are unchanged.
|
||||
* Python taint tracking is now more precise for values flowing through container contents, such as list, set, tuple, and dictionary elements. This may remove some false positive alerts.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.1.2
|
||||
lastReleaseVersion: 7.2.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 7.1.3-dev
|
||||
version: 7.2.0
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.8.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `py/modification-of-locals` query no longer flags modifications of a `locals()` dictionary that has been passed out of the scope in which `locals()` was called (for example, by passing it to another function or storing it in an instance attribute). In such cases the dictionary is used as an ordinary mapping and modifying it is meaningful, so these were false positives. The "modification has no effect" claim only applies within the scope that called `locals()`, which is now the only case reported.
|
||||
|
||||
## 1.8.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.8.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `py/modification-of-locals` query no longer flags modifications of a `locals()` dictionary that has been passed out of the scope in which `locals()` was called (for example, by passing it to another function or storing it in an instance attribute). In such cases the dictionary is used as an ordinary mapping and modifying it is meaningful, so these were false positives. The "modification has no effect" claim only applies within the scope that called `locals()`, which is now the only case reported.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.8.4
|
||||
lastReleaseVersion: 1.8.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-queries
|
||||
version: 1.8.5-dev
|
||||
version: 1.8.5
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The `else` branch of a `case` expression is no longer represented as a `StmtSequence` directly. Instead, a new `CaseElseBranch` AST node wraps the body (a `StmtSequence`). `CaseExpr.getElseBranch()` now returns a `CaseElseBranch`, and the body of the else branch can be accessed via `CaseElseBranch.getBody()`.
|
||||
|
||||
## 5.2.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The `else` branch of a `case` expression is no longer represented as a `StmtSequence` directly. Instead, a new `CaseElseBranch` AST node wraps the body (a `StmtSequence`). `CaseExpr.getElseBranch()` now returns a `CaseElseBranch`, and the body of the else branch can be accessed via `CaseElseBranch.getBody()`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.2.2
|
||||
lastReleaseVersion: 6.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-all
|
||||
version: 5.2.3-dev
|
||||
version: 6.0.0
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.6.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.6.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
ruby/ql/src/change-notes/released/1.6.5.md
Normal file
3
ruby/ql/src/change-notes/released/1.6.5.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.6.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.4
|
||||
lastReleaseVersion: 1.6.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-queries
|
||||
version: 1.6.5-dev
|
||||
version: 1.6.5
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user