hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.7.3

Browse Source
This commit is contained in:
github-actions[bot]
2021-11-30 20:39:35 +00:00
parent 9f6c0991cf
commit 337ce65fe5
81 changed files with 149 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
python/ql/lib/CHANGELOG.md Normal file
View File

@@ -0,0 +1,10 @@
## 0.0.4
### Major Analysis Improvements
* Added modeling of `os.stat`, `os.lstat`, `os.statvfs`, `os.fstat`, and `os.fstatvfs`, which are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.
* Added modeling of `aiopg` for sinks executing SQL.
* Added modeling of HTTP requests and responses when using `flask_admin` (`Flask-Admin` PyPI package), which leads to additional remote flow sources.
* Added modeling of the PyPI package `toml`, which provides encoding/decoding of TOML documents, leading to new taint-tracking steps.

5
python/ql/lib/change-notes/2021-11-02-flask_admin.md
View File

@@ -1,5 +0,0 @@
---
category: majorAnalysis
tags: [lgtm, codescanning]
---
* Added modeling of HTTP requests and responses when using `flask_admin` (`Flask-Admin` PyPI package), which leads to additional remote flow sources.

5
python/ql/lib/change-notes/2021-11-02-toml.md
View File

@@ -1,5 +0,0 @@
---
category: majorAnalysis
tags: [lgtm, codescanning]
---
* Added modeling of the PyPI package `toml`, which provides encoding/decoding of TOML documents, leading to new taint-tracking steps.

5
python/ql/lib/change-notes/2021-11-09-model-aiopg.md
View File

@@ -1,5 +0,0 @@
---
category: majorAnalysis
tags: [lgtm, codescanning]
---
* Added modeling of `aiopg` for sinks executing SQL.

5
python/ql/lib/change-notes/2021-11-15-model-wsgiref-simple-server-app.md
View File

@@ -1,5 +0,0 @@
---
category: majorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.

5
python/ql/lib/change-notes/2021-11-16-os-stat.md
View File

@@ -1,5 +0,0 @@
---
category: majorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of `os.stat`, `os.lstat`, `os.statvfs`, `os.fstat`, and `os.fstatvfs`, which are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

5
python/ql/lib/change-notes/2021-11-16-posixpath.md
View File

@@ -1,5 +0,0 @@
---
category: majorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

10
python/ql/lib/change-notes/released/0.0.4.md Normal file
View File

@@ -0,0 +1,10 @@
## 0.0.4
### Major Analysis Improvements
* Added modeling of `os.stat`, `os.lstat`, `os.statvfs`, `os.fstat`, and `os.fstatvfs`, which are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.
* Added modeling of `aiopg` for sinks executing SQL.
* Added modeling of HTTP requests and responses when using `flask_admin` (`Flask-Admin` PyPI package), which leads to additional remote flow sources.
* Added modeling of the PyPI package `toml`, which provides encoding/decoding of TOML documents, leading to new taint-tracking steps.

2
python/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.3
lastReleaseVersion: 0.0.4

2
python/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-all
version: 0.0.3
version: 0.0.4
groups: python
dbscheme: semmlecode.python.dbscheme
extractor: python

8
python/ql/src/change-notes/2021-11-12-fix-pyhton-query-ids.md → python/ql/src/CHANGELOG.md
View File

@@ -1,5 +1,5 @@
---
category: queryMetadata
tags: [lgtm,codescanning]
---
## 0.0.4
### Query Metadata Changes
* Fixed the query ids of two queries that are meant for manual exploration: `python/count-untrusted-data-external-api` and `python/untrusted-data-to-external-api` have been changed to `py/count-untrusted-data-external-api` and `py/untrusted-data-to-external-api`.

5
python/ql/src/change-notes/released/0.0.4.md Normal file
View File

@@ -0,0 +1,5 @@
## 0.0.4
### Query Metadata Changes
* Fixed the query ids of two queries that are meant for manual exploration: `python/count-untrusted-data-external-api` and `python/untrusted-data-to-external-api` have been changed to `py/count-untrusted-data-external-api` and `py/untrusted-data-to-external-api`.

2
python/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.3
lastReleaseVersion: 0.0.4

2
python/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-queries
version: 0.0.3
version: 0.0.4
groups: python
dependencies:
codeql/python-all: "*"

1
python/upgrades/CHANGELOG.md Normal file
View File

@@ -0,0 +1 @@
## 0.0.4

1
python/upgrades/change-notes/released/0.0.4.md Normal file
View File

@@ -0,0 +1 @@
## 0.0.4

2
python/upgrades/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.3
lastReleaseVersion: 0.0.4

2
python/upgrades/qlpack.yml
View File

@@ -2,4 +2,4 @@ name: codeql/python-upgrades
groups: python
upgrades: .
library: true
version: 0.0.3
version: 0.0.4