diff --git a/external-packs/codeql/suite-helpers/0.0.2/code-scanning-selectors.yml b/external-packs/codeql/suite-helpers/0.0.2/code-scanning-selectors.yml new file mode 100644 index 00000000000..116d7288ddf --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/code-scanning-selectors.yml @@ -0,0 +1,27 @@ +- description: Selectors for selecting the Code-Scanning-relevant queries for a language +- include: + kind: + - problem + - path-problem + - alert + - path-alert + precision: + - high + - very-high + problem.severity: + - error + - warning + tags contain: + - security +- include: + kind: + - diagnostic +- include: + kind: + - metric + tags contain: + - summary +- exclude: + deprecated: // +- exclude: + query path: /^experimental\/.*/ diff --git a/external-packs/codeql/suite-helpers/0.0.2/lgtm-displayed-only.yml b/external-packs/codeql/suite-helpers/0.0.2/lgtm-displayed-only.yml new file mode 100644 index 00000000000..1b7237495e2 --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/lgtm-displayed-only.yml @@ -0,0 +1,12 @@ +- description: Selectors for excluding queries that LGTM doesn't display by default +- exclude: + kind: + - problem + - path-problem + precision: medium +- exclude: + kind: + - problem + - path-problem + precision: high + problem.severity: recommendation diff --git a/external-packs/codeql/suite-helpers/0.0.2/lgtm-selectors.yml b/external-packs/codeql/suite-helpers/0.0.2/lgtm-selectors.yml new file mode 100644 index 00000000000..c83484cb1a4 --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/lgtm-selectors.yml @@ -0,0 +1,25 @@ +- description: Selectors for selecting the LGTM-relevant queries for a language +- include: + kind: + - problem + - path-problem + precision: + - high + - very-high +- include: + kind: + - problem + - path-problem + precision: medium + problem.severity: + - error + - warning +- include: + kind: + - definitions + - alert-suppression + - file-classifier +- exclude: + deprecated: // +- exclude: + query path: /^experimental\/.*/ diff --git a/external-packs/codeql/suite-helpers/0.0.2/qlpack.yml b/external-packs/codeql/suite-helpers/0.0.2/qlpack.yml new file mode 100644 index 00000000000..ca0a6732f5a --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/qlpack.yml @@ -0,0 +1,3 @@ +name: codeql/suite-helpers +version: 0.0.2 +library: true diff --git a/external-packs/codeql/suite-helpers/0.0.2/security-and-quality-selectors.yml b/external-packs/codeql/suite-helpers/0.0.2/security-and-quality-selectors.yml new file mode 100644 index 00000000000..61466f53886 --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/security-and-quality-selectors.yml @@ -0,0 +1,29 @@ +- description: Selectors for selecting the security-and-quality queries for a language +- include: + kind: + - problem + - path-problem + precision: + - high + - very-high +- include: + kind: + - problem + - path-problem + precision: medium + problem.severity: + - error + - warning +- include: + kind: + - diagnostic +- include: + kind: + - metric + tags contain: + - summary +- exclude: + deprecated: // +- exclude: + query path: /^experimental\/.*/ + diff --git a/external-packs/codeql/suite-helpers/0.0.2/security-extended-selectors.yml b/external-packs/codeql/suite-helpers/0.0.2/security-extended-selectors.yml new file mode 100644 index 00000000000..c3a82de14f2 --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/security-extended-selectors.yml @@ -0,0 +1,34 @@ +- description: Selectors for selecting the security-extended queries for a language +- include: + kind: + - problem + - path-problem + precision: + - high + - very-high + tags contain: + - security +- include: + kind: + - problem + - path-problem + precision: + - medium + problem.severity: + - error + - warning + tags contain: + - security +- include: + kind: + - diagnostic +- include: + kind: + - metric + tags contain: + - summary +- exclude: + deprecated: // +- exclude: + query path: /^experimental\/.*/ + diff --git a/ql/lib/CHANGELOG.md b/ql/lib/CHANGELOG.md new file mode 100644 index 00000000000..e47c9f5700e --- /dev/null +++ b/ql/lib/CHANGELOG.md @@ -0,0 +1 @@ +## 0.0.3 diff --git a/ql/lib/change-notes/released/0.0.3.md b/ql/lib/change-notes/released/0.0.3.md new file mode 100644 index 00000000000..e47c9f5700e --- /dev/null +++ b/ql/lib/change-notes/released/0.0.3.md @@ -0,0 +1 @@ +## 0.0.3 diff --git a/ql/lib/codeql-pack.release.yml b/ql/lib/codeql-pack.release.yml new file mode 100644 index 00000000000..a24b693d1e7 --- /dev/null +++ b/ql/lib/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.3 diff --git a/ql/lib/qlpack.yml b/ql/lib/qlpack.yml index b61c85d98a9..b5d746fbfa7 100644 --- a/ql/lib/qlpack.yml +++ b/ql/lib/qlpack.yml @@ -1,7 +1,8 @@ name: codeql/go-all -version: 0.0.2 +version: 0.0.4-dev +groups: go dbscheme: go.dbscheme extractor: go library: true dependencies: - codeql/go-upgrades: ^0.0.2 + codeql/go-upgrades: ~0.0.3 diff --git a/ql/src/CHANGELOG.md b/ql/src/CHANGELOG.md new file mode 100644 index 00000000000..10b325caa46 --- /dev/null +++ b/ql/src/CHANGELOG.md @@ -0,0 +1,11 @@ +## 0.0.3 + +### New Queries + +* A new query "Log entries created from user input" (`go/log-injection`) has been added. The query reports user-provided data reaching calls to logging methods. + +### Major Analysis Improvements + +* The query "Incorrect conversion between integer types" has been improved to + treat `math.MaxUint` and `math.MaxInt` as the values they would be on a + 32-bit architecture. This should lead to fewer false positive results. diff --git a/ql/src/change-notes/released/0.0.3.md b/ql/src/change-notes/released/0.0.3.md new file mode 100644 index 00000000000..10b325caa46 --- /dev/null +++ b/ql/src/change-notes/released/0.0.3.md @@ -0,0 +1,11 @@ +## 0.0.3 + +### New Queries + +* A new query "Log entries created from user input" (`go/log-injection`) has been added. The query reports user-provided data reaching calls to logging methods. + +### Major Analysis Improvements + +* The query "Incorrect conversion between integer types" has been improved to + treat `math.MaxUint` and `math.MaxInt` as the values they would be on a + 32-bit architecture. This should lead to fewer false positive results. diff --git a/ql/src/codeql-pack.release.yml b/ql/src/codeql-pack.release.yml new file mode 100644 index 00000000000..a24b693d1e7 --- /dev/null +++ b/ql/src/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.3 diff --git a/ql/src/qlpack.yml b/ql/src/qlpack.yml index 80fccebad76..a5e8769426b 100644 --- a/ql/src/qlpack.yml +++ b/ql/src/qlpack.yml @@ -1,8 +1,9 @@ name: codeql/go-queries -version: 0.0.2 +version: 0.0.4-dev +groups: go suites: codeql-suites extractor: go defaultSuiteFile: codeql-suites/go-code-scanning.qls dependencies: codeql/go-all: "*" - codeql/suite-helpers: "*" + codeql/suite-helpers: ~0.0.2 diff --git a/ql/test/qlpack.yml b/ql/test/qlpack.yml index 12006b13b99..7176de10996 100644 --- a/ql/test/qlpack.yml +++ b/ql/test/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/go-tests -version: 0.0.2 +groups: [go,test] dependencies: - codeql/go-queries: ^0.0.2 - codeql/go-all: ^0.0.2 - codeql/go-examples: ^0.0.2 + codeql/go-queries: "*" + codeql/go-all: "*" + codeql/go-examples: "*" extractor: go diff --git a/upgrades/CHANGELOG.md b/upgrades/CHANGELOG.md new file mode 100644 index 00000000000..e47c9f5700e --- /dev/null +++ b/upgrades/CHANGELOG.md @@ -0,0 +1 @@ +## 0.0.3 diff --git a/upgrades/change-notes/released/0.0.3.md b/upgrades/change-notes/released/0.0.3.md new file mode 100644 index 00000000000..e47c9f5700e --- /dev/null +++ b/upgrades/change-notes/released/0.0.3.md @@ -0,0 +1 @@ +## 0.0.3 diff --git a/upgrades/codeql-pack.release.yml b/upgrades/codeql-pack.release.yml new file mode 100644 index 00000000000..a24b693d1e7 --- /dev/null +++ b/upgrades/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.3 diff --git a/upgrades/qlpack.yml b/upgrades/qlpack.yml index fe2cbfcf322..a43167296d7 100644 --- a/upgrades/qlpack.yml +++ b/upgrades/qlpack.yml @@ -1,4 +1,5 @@ name: codeql/go-upgrades -version: 0.0.2 +version: 0.0.4-dev +groups: go upgrades: . library: true