mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Merge pull request #20105 from github/release-prep/2.22.2
Release preparation for version 2.22.2
This commit is contained in:
Nick Rolfe
@@ -1,3 +1,9 @@
|
||||
## 0.4.13
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
|
||||
|
||||
## 0.4.12
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
|
||||
5
actions/ql/lib/change-notes/released/0.4.13.md
Normal file
5
actions/ql/lib/change-notes/released/0.4.13.md
Normal file
@@ -0,0 +1,5 @@
|
||||
## 0.4.13
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.4.12
|
||||
lastReleaseVersion: 0.4.13
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-all
|
||||
version: 0.4.13-dev
|
||||
version: 0.4.13
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.6.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
actions/ql/src/change-notes/released/0.6.5.md
Normal file
3
actions/ql/src/change-notes/released/0.6.5.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.6.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.4
|
||||
lastReleaseVersion: 0.6.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-queries
|
||||
version: 0.6.5-dev
|
||||
version: 0.6.5
|
||||
library: false
|
||||
warnOnImplicitThis: true
|
||||
groups: [actions, queries]
|
||||
|
||||
@@ -1,3 +1,20 @@
|
||||
## 5.3.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a `isFinalValueOfParameter` predicate to `DataFlow::Node` which holds when a dataflow node represents the final value of an output parameter of a function.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
|
||||
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
|
||||
* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
|
||||
* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
|
||||
|
||||
## 5.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a `isFinalValueOfParameter` predicate to DataFlow::Node which holds when a dataflow node represents the final value of an output parameter of a function.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
|
||||
16
cpp/ql/lib/change-notes/released/5.3.0.md
Normal file
16
cpp/ql/lib/change-notes/released/5.3.0.md
Normal file
@@ -0,0 +1,16 @@
|
||||
## 5.3.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a `isFinalValueOfParameter` predicate to `DataFlow::Node` which holds when a dataflow node represents the final value of an output parameter of a function.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
|
||||
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
|
||||
* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
|
||||
* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.2.0
|
||||
lastReleaseVersion: 5.3.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 5.2.1-dev
|
||||
version: 5.3.0
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,3 +1,16 @@
|
||||
## 1.4.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
|
||||
* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
|
||||
* Improved support for dataflow through function objects and lambda expressions.
|
||||
* Added flow models for `pthread_create` and `std::thread`.
|
||||
* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.
|
||||
* Added flow models for the GNU C Library.
|
||||
* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
|
||||
* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.
|
||||
|
||||
## 1.4.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added flow models for the GNU C Library.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added flow models for `pthread_create` and `std::thread`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved support for dataflow through function objects and lambda expressions.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
|
||||
12
cpp/ql/src/change-notes/released/1.4.4.md
Normal file
12
cpp/ql/src/change-notes/released/1.4.4.md
Normal file
@@ -0,0 +1,12 @@
|
||||
## 1.4.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
|
||||
* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
|
||||
* Improved support for dataflow through function objects and lambda expressions.
|
||||
* Added flow models for `pthread_create` and `std::thread`.
|
||||
* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.
|
||||
* Added flow models for the GNU C Library.
|
||||
* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
|
||||
* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.4.3
|
||||
lastReleaseVersion: 1.4.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.4.4-dev
|
||||
version: 1.4.4
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.44
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.43
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.44
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.43
|
||||
lastReleaseVersion: 1.7.44
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.44-dev
|
||||
version: 1.7.44
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.44
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.43
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.44
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.43
|
||||
lastReleaseVersion: 1.7.44
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.44-dev
|
||||
version: 1.7.44
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 5.2.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a new predicate, `getASuperType()`, to get a direct supertype of this type.
|
||||
|
||||
## 5.1.9
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
## 5.2.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a new predicate, `getASuperType()`, to get a direct supertype of this type.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.1.9
|
||||
lastReleaseVersion: 5.2.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 5.1.10-dev
|
||||
version: 5.2.0
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 1.3.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Explicitly added summary models for all overloads of `System.Xml.XmlDictionaryReader.CreateBinaryReader`. Added models for some of the methods and properties in `System.Runtime.Serialization.SerializationInfo` and `System.Runtime.Serialization.SerializationInfoEnumerator`. Updated models for `System.Text.Encoding.GetBytes`, `System.Text.Encoding.GetChars` and the constructor for `System.IO.MemoryStream`. This generally improves the library modelling and thus reduces the number of false negatives.
|
||||
* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* `web.config` and `web.release.config` files are now recognized regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
|
||||
|
||||
## 1.3.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* `web.config` and `web.release.config` files are now recognised regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
|
||||
@@ -1,4 +1,10 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.3.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Explicitly added summary models for all overloads of `System.Xml.XmlDictionaryReader.CreateBinaryReader`. Added models for some of the methods and properties in `System.Runtime.Serialization.SerializationInfo` and `System.Runtime.Serialization.SerializationInfoEnumerator`. Updated models for `System.Text.Encoding.GetBytes`, `System.Text.Encoding.GetChars` and the constructor for `System.IO.MemoryStream`. This generally improves the library modelling and thus reduces the number of false negatives.
|
||||
* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* `web.config` and `web.release.config` files are now recognized regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.3.0
|
||||
lastReleaseVersion: 1.3.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.3.1-dev
|
||||
version: 1.3.1
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.27
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.26
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.0.27
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.26
|
||||
lastReleaseVersion: 1.0.27
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.27-dev
|
||||
version: 1.0.27
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,15 @@
|
||||
## 4.3.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The class `BuiltinType` is now deprecated. Use the new replacement `BuiltinTypeEntity` instead.
|
||||
* The class `DeclaredType` is now deprecated. Use the new replacement `DeclaredTypeEntity` instead.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models for the `Head` function and the `Client.Head` method, from the `net/http` package, to the `Http::ClientRequest` class. This means that they will be recognized as sinks for the query `go/request-forgery` and the experimental query `go/ssrf`.
|
||||
* Previously, `DefinedType.getBaseType` gave the underlying type. It now gives the right hand side of the type declaration, as the documentation indicated that it should.
|
||||
|
||||
## 4.2.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Previously, `DefinedType.getBaseType` gave the underlying type. It now gives the right hand side of the type declaration, as the documentation indicated that it should.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The class `BuiltinType` is now deprecated. Use the new replacement `BuiltinTypeEntity` instead.
|
||||
* The class `DeclaredType` is now deprecated. Use the new replacement `DeclaredTypeEntity` instead.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the `Head` function and the `Client.Head` method, from the `net/http` package, to the `Http::ClientRequest` class. This means that they will be recognized as sinks for the query `go/request-forgery` and the experimental query `go/ssrf`.
|
||||
11
go/ql/lib/change-notes/released/4.3.0.md
Normal file
11
go/ql/lib/change-notes/released/4.3.0.md
Normal file
@@ -0,0 +1,11 @@
|
||||
## 4.3.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The class `BuiltinType` is now deprecated. Use the new replacement `BuiltinTypeEntity` instead.
|
||||
* The class `DeclaredType` is now deprecated. Use the new replacement `DeclaredTypeEntity` instead.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models for the `Head` function and the `Client.Head` method, from the `net/http` package, to the `Http::ClientRequest` class. This means that they will be recognized as sinks for the query `go/request-forgery` and the experimental query `go/ssrf`.
|
||||
* Previously, `DefinedType.getBaseType` gave the underlying type. It now gives the right hand side of the type declaration, as the documentation indicated that it should.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 4.2.8
|
||||
lastReleaseVersion: 4.3.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 4.2.9-dev
|
||||
version: 4.3.0
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.4.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* `filepath.IsLocal` is now recognized as a sanitizer against path-traversal and related vulnerabilities.
|
||||
|
||||
## 1.4.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* `filepath.IsLocal` is now recognised as a sanitizer against path-traversal and related vulnerabilities.
|
||||
5
go/ql/src/change-notes/released/1.4.1.md
Normal file
5
go/ql/src/change-notes/released/1.4.1.md
Normal file
@@ -0,0 +1,5 @@
|
||||
## 1.4.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* `filepath.IsLocal` is now recognized as a sanitizer against path-traversal and related vulnerabilities.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.4.0
|
||||
lastReleaseVersion: 1.4.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.4.1-dev
|
||||
version: 1.4.1
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,21 @@
|
||||
## 7.4.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The module `semmle.code.java.frameworks.Castor` has been deprecated and will be removed in a future release.
|
||||
* The module `semmle.code.java.frameworks.JYaml` has been deprecated and will be removed in a future release.
|
||||
* The classes `UnsafeHessianInputReadObjectMethod` and `BurlapInputReadObjectMethod` in the module `semmle.code.java.frameworks.HessianBurlap` have been deprecated and will be removed in a future release.
|
||||
* The class `YamlBeansReaderReadMethod` in the module `semmle.code.java.frameworks.YamlBeans` has been deprecated and will be removed in a future release.
|
||||
* The class `MethodApacheSerializationUtilsDeserialize` in the module `semmle.code.java.frameworks.apache.Lang` has been deprecated and will be removed in a future release.
|
||||
|
||||
### New Features
|
||||
|
||||
* You can now add sinks for the query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#extensible-predicates-used-to-create-custom-models-in-java-and-kotlin) by extending `sinkModel` and using the kind "unsafe-deserialization". The existing sinks which do not require extra logic to determine if they are unsafe are now defined in this way.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The qualifiers of a calls to `readObject` on any classes that implement `java.io.ObjectInput` are now recognised as sinks for `java/unsafe-deserialization`. Previously this was only the case for classes which extend `java.io.ObjectInputStream`.
|
||||
|
||||
## 7.3.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The qualifiers of a calls to `readObject` on any classes that implement `java.io.ObjectInput` are now recognised as sinks for `java/unsafe-deserialization`. Previously this was only the case for classes which extend `java.io.ObjectInputStream`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* You can now add sinks for the query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#extensible-predicates-used-to-create-custom-models-in-java-and-kotlin) by extending `sinkModel` and using the kind "unsafe-deserialization". The existing sinks which do not require extra logic to determine if they are unsafe are now defined in this way.
|
||||
@@ -1,8 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The module `semmle.code.java.frameworks.Castor` has been deprecated and will be removed in a future release.
|
||||
* The module `semmle.code.java.frameworks.JYaml` has been deprecated and will be removed in a future release.
|
||||
* The classes `UnsafeHessianInputReadObjectMethod` and `BurlapInputReadObjectMethod` in the module `semmle.code.java.frameworks.HessianBurlap` have been deprecated and will be removed in a future release.
|
||||
* The class `YamlBeansReaderReadMethod` in the module `semmle.code.java.frameworks.YamlBeans` has been deprecated and will be removed in a future release.
|
||||
* The class `MethodApacheSerializationUtilsDeserialize` in the module `semmle.code.java.frameworks.apache.Lang` has been deprecated and will be removed in a future release.
|
||||
17
java/ql/lib/change-notes/released/7.4.0.md
Normal file
17
java/ql/lib/change-notes/released/7.4.0.md
Normal file
@@ -0,0 +1,17 @@
|
||||
## 7.4.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The module `semmle.code.java.frameworks.Castor` has been deprecated and will be removed in a future release.
|
||||
* The module `semmle.code.java.frameworks.JYaml` has been deprecated and will be removed in a future release.
|
||||
* The classes `UnsafeHessianInputReadObjectMethod` and `BurlapInputReadObjectMethod` in the module `semmle.code.java.frameworks.HessianBurlap` have been deprecated and will be removed in a future release.
|
||||
* The class `YamlBeansReaderReadMethod` in the module `semmle.code.java.frameworks.YamlBeans` has been deprecated and will be removed in a future release.
|
||||
* The class `MethodApacheSerializationUtilsDeserialize` in the module `semmle.code.java.frameworks.apache.Lang` has been deprecated and will be removed in a future release.
|
||||
|
||||
### New Features
|
||||
|
||||
* You can now add sinks for the query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#extensible-predicates-used-to-create-custom-models-in-java-and-kotlin) by extending `sinkModel` and using the kind "unsafe-deserialization". The existing sinks that do not require extra logic to determine if they are unsafe are now defined in this way.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The qualifiers of a calls to `readObject` on any classes that implement `java.io.ObjectInput` are now recognised as sinks for `java/unsafe-deserialization`. Previously this was only the case for classes which extend `java.io.ObjectInputStream`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.3.2
|
||||
lastReleaseVersion: 7.4.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 7.3.3-dev
|
||||
version: 7.4.0
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.6.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Java analysis of guards has been switched to use the new and improved shared guards library. This improves precision of a number of queries, in particular `java/dereferenced-value-may-be-null`, which now has fewer false positives, and `java/useless-null-check` and `java/constant-comparison`, which gain additional true positives.
|
||||
|
||||
## 1.6.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.6.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Java analysis of guards has been switched to use the new and improved shared guards library. This improves precision of a number of queries, in particular `java/dereferenced-value-may-be-null`, which now has fewer false positives, and `java/useless-null-check` and `java/constant-comparison`, which gain additional true positives.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.0
|
||||
lastReleaseVersion: 1.6.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 1.6.1-dev
|
||||
version: 1.6.1
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 2.6.7
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Enhanced modeling for the `execa` library, adding support for command execution methods `execaCommand`, `execaCommandSync`, `$`, and `$.sync`, as well as file system operations through `inputFile`, `pipeStdout`, `pipeAll`, and `pipeStderr`.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The JavaScript extractor no longer ignores source files specified in the `tsconfig.json` compiler options `outDir` if doing so would result in excluding all source code.
|
||||
|
||||
## 2.6.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* The JavaScript extractor no longer ignores source files specified in the `tsconfig.json` compiler options `outDir` if doing so would result in excluding all source code.
|
||||
@@ -1,4 +1,9 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 2.6.7
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Enhanced modeling for the `execa` library, adding support for command execution methods `execaCommand`, `execaCommandSync`, `$`, and `$.sync`, as well as file system operations through `inputFile`, `pipeStdout`, `pipeAll`, and `pipeStderr`.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The JavaScript extractor no longer ignores source files specified in the `tsconfig.json` compiler options `outDir` if doing so would result in excluding all source code.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.6.6
|
||||
lastReleaseVersion: 2.6.7
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 2.6.7-dev
|
||||
version: 2.6.7
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,29 @@
|
||||
## 2.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The `Type` and `Symbol` classes have been deprecated and will be empty in newly extracted databases, since the TypeScript extractor no longer populates them.
|
||||
This is a breaking change for custom queries that explicitly relied on these classes.
|
||||
Such queries will still compile, but with deprecation warnings, and may have different query results due to type information no longer being available.
|
||||
We expect most custom queries will not be affected, however. If a custom query has no deprecation warnings, it should not be affected by this change.
|
||||
Uses of `getType()` should be rewritten to use the new `getTypeBinding()` or `getNameBinding()` APIs instead.
|
||||
If the new API is not sufficient, please consider opening an issue in `github/codeql` describing your use-case.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The TypeScript extractor no longer relies on the TypeScript compiler for extracting type information.
|
||||
Instead, the information we need from types is now derived by an algorithm written in QL.
|
||||
This results in more robust extraction with faster extraction times, in some cases significantly faster.
|
||||
* Taint is now tracked through the React `use` function.
|
||||
* Parameters of React server functions, marked with the `"use server"` directive, are now seen as taint sources.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Removed three queries from the JS qlpack, which have been superseded by newer queries that are part of the Actions qlpack:
|
||||
* `js/actions/pull-request-target` has been superseded by `actions/untrusted-checkout/{medium,high,critical}`
|
||||
* `js/actions/actions-artifact-leak` has been superseded by `actions/secrets-in-artifacts`
|
||||
* `js/actions/command-injection` has been superseded by `actions/command-injection/{medium,critical}`
|
||||
|
||||
## 1.7.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* Taint is now tracked through the React `use` function.
|
||||
* Parameters of React server functions, marked with the `"use server"` directive, are now seen as taint sources.
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Removed three queries from the JS qlpack, which have been superseded by newer queries that are part of the Actions qlpack:
|
||||
* `js/actions/pull-request-target` has been superseded by `actions/untrusted-checkout/{medium,high,critical}`
|
||||
* `js/actions/actions-artifact-leak` has been superseded by `actions/secrets-in-artifacts`
|
||||
* `js/actions/command-injection` has been superseded by `actions/command-injection/{medium,critical}`
|
||||
@@ -1,9 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* The `Type` and `Symbol` classes have been deprecated and will be empty in newly extracted databases, since the TypeScript extractor no longer populates them.
|
||||
This is a breaking change for custom queries that explicitly relied on these classes.
|
||||
Such queries will still compile, but with deprecation warnings, and may have different query results due to type information no longer being available.
|
||||
We expect most custom queries will not be affected, however. If a custom query has no deprecation warnings, it should not be affected by this change.
|
||||
Uses of `getType()` should be rewritten to use the new `getTypeBinding()` or `getNameBinding()` APIs instead.
|
||||
If the new API is not sufficient, please consider opening an issue in `github/codeql` describing your use-case.
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* The TypeScript extractor no longer relies on the TypeScript compiler for extracting type information.
|
||||
Instead, the information we need from types is now derived by an algorithm written in QL.
|
||||
This results in more robust extraction with faster extraction times, in some cases significantly faster.
|
||||
25
javascript/ql/src/change-notes/released/2.0.0.md
Normal file
25
javascript/ql/src/change-notes/released/2.0.0.md
Normal file
@@ -0,0 +1,25 @@
|
||||
## 2.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The `Type` and `Symbol` classes have been deprecated and will be empty in newly extracted databases, since the TypeScript extractor no longer populates them.
|
||||
This is a breaking change for custom queries that explicitly relied on these classes.
|
||||
Such queries will still compile, but with deprecation warnings, and may have different query results due to type information no longer being available.
|
||||
We expect most custom queries will not be affected, however. If a custom query has no deprecation warnings, it should not be affected by this change.
|
||||
Uses of `getType()` should be rewritten to use the new `getTypeBinding()` or `getNameBinding()` APIs instead.
|
||||
If the new API is not sufficient, please consider opening an issue in `github/codeql` describing your use-case.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The TypeScript extractor no longer relies on the TypeScript compiler for extracting type information.
|
||||
Instead, the information we need from types is now derived by an algorithm written in QL.
|
||||
This results in more robust extraction with faster extraction times, in some cases significantly faster.
|
||||
* Taint is now tracked through the React `use` function.
|
||||
* Parameters of React server functions, marked with the `"use server"` directive, are now seen as taint sources.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Removed three queries from the JS qlpack, which have been superseded by newer queries that are part of the Actions qlpack:
|
||||
* `js/actions/pull-request-target` has been superseded by `actions/untrusted-checkout/{medium,high,critical}`
|
||||
* `js/actions/actions-artifact-leak` has been superseded by `actions/secrets-in-artifacts`
|
||||
* `js/actions/command-injection` has been superseded by `actions/command-injection/{medium,critical}`
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.0
|
||||
lastReleaseVersion: 2.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 1.7.1-dev
|
||||
version: 2.0.0
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.27
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.26
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
misc/suite-helpers/change-notes/released/1.0.27.md
Normal file
3
misc/suite-helpers/change-notes/released/1.0.27.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.27
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.26
|
||||
lastReleaseVersion: 1.0.27
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: codeql/suite-helpers
|
||||
version: 1.0.27-dev
|
||||
version: 1.0.27
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 4.0.11
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Type annotations such as `foo : Bar` are now treated by the call graph as an indication that `foo` may be an instance of `Bar`.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- The Python parser is now able to correctly parse expressions such as `match[1]` and `match()` where `match` is not used as a keyword.
|
||||
|
||||
## 4.0.10
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Type annotations such as `foo : Bar` are now treated by the call graph as an indication that `foo` may be an instance of `Bar`.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
|
||||
- The Python parser is now able to correctly parse expressions such as `match[1]` and `match()` where `match` is not used as a keyword.
|
||||
9
python/ql/lib/change-notes/released/4.0.11.md
Normal file
9
python/ql/lib/change-notes/released/4.0.11.md
Normal file
@@ -0,0 +1,9 @@
|
||||
## 4.0.11
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Type annotations such as `foo : Bar` are now treated by the call graph as an indication that `foo` may be an instance of `Bar`.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- The Python parser is now able to correctly parse expressions such as `match[1]` and `match()` where `match` is not used as a keyword.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 4.0.10
|
||||
lastReleaseVersion: 4.0.11
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 4.0.11-dev
|
||||
version: 4.0.11
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.6.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.6.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user