From 52b68963d28036ce6c7aa34a38a5d312b1eeee41 Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Mon, 29 Nov 2021 16:46:56 -0500 Subject: [PATCH 1/7] Prepare for automatic release prep --- ql/lib/qlpack.yml | 5 +++-- ql/src/qlpack.yml | 5 +++-- ql/test/qlpack.yml | 8 ++++---- upgrades/qlpack.yml | 3 ++- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/ql/lib/qlpack.yml b/ql/lib/qlpack.yml index b61c85d98a9..e610cefde64 100644 --- a/ql/lib/qlpack.yml +++ b/ql/lib/qlpack.yml @@ -1,7 +1,8 @@ name: codeql/go-all -version: 0.0.2 +version: 0.0.3 +groups: go dbscheme: go.dbscheme extractor: go library: true dependencies: - codeql/go-upgrades: ^0.0.2 + codeql/go-upgrades: ^0.0.3 diff --git a/ql/src/qlpack.yml b/ql/src/qlpack.yml index 80fccebad76..1cf5f82cae0 100644 --- a/ql/src/qlpack.yml +++ b/ql/src/qlpack.yml @@ -1,8 +1,9 @@ name: codeql/go-queries -version: 0.0.2 +version: 0.0.3 +groups: go suites: codeql-suites extractor: go defaultSuiteFile: codeql-suites/go-code-scanning.qls dependencies: codeql/go-all: "*" - codeql/suite-helpers: "*" + codeql/suite-helpers: ^0.0.3 diff --git a/ql/test/qlpack.yml b/ql/test/qlpack.yml index 12006b13b99..7176de10996 100644 --- a/ql/test/qlpack.yml +++ b/ql/test/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/go-tests -version: 0.0.2 +groups: [go,test] dependencies: - codeql/go-queries: ^0.0.2 - codeql/go-all: ^0.0.2 - codeql/go-examples: ^0.0.2 + codeql/go-queries: "*" + codeql/go-all: "*" + codeql/go-examples: "*" extractor: go diff --git a/upgrades/qlpack.yml b/upgrades/qlpack.yml index fe2cbfcf322..5ff2ed7d000 100644 --- a/upgrades/qlpack.yml +++ b/upgrades/qlpack.yml @@ -1,4 +1,5 @@ name: codeql/go-upgrades -version: 0.0.2 +version: 0.0.3 +groups: go upgrades: . library: true From 8367fdbec479a59434676d30c2355418ee15307f Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Mon, 29 Nov 2021 16:47:56 -0500 Subject: [PATCH 2/7] Change notes --- .../2021-11-02-incorrect-integer-conversion-updated.md | 7 +++++++ ql/src/change-notes/2021-11-19-log-injection-query.md | 5 +++++ 2 files changed, 12 insertions(+) create mode 100644 ql/src/change-notes/2021-11-02-incorrect-integer-conversion-updated.md create mode 100644 ql/src/change-notes/2021-11-19-log-injection-query.md diff --git a/ql/src/change-notes/2021-11-02-incorrect-integer-conversion-updated.md b/ql/src/change-notes/2021-11-02-incorrect-integer-conversion-updated.md new file mode 100644 index 00000000000..6c8a94ba8c2 --- /dev/null +++ b/ql/src/change-notes/2021-11-02-incorrect-integer-conversion-updated.md @@ -0,0 +1,7 @@ +--- +category: majorAnalysis +tags: [lgtm,codescanning] +--- +* The query "Incorrect conversion between integer types" has been improved to + treat `math.MaxUint` and `math.MaxInt` as the values they would be on a + 32-bit architecture. This should lead to fewer false positive results. diff --git a/ql/src/change-notes/2021-11-19-log-injection-query.md b/ql/src/change-notes/2021-11-19-log-injection-query.md new file mode 100644 index 00000000000..d47dec057cb --- /dev/null +++ b/ql/src/change-notes/2021-11-19-log-injection-query.md @@ -0,0 +1,5 @@ +--- +category: newQuery +tags: [lgtm,codescanning] +--- +* A new query "Log entries created from user input" (`go/log-injection`) has been added. The query reports user-provided data reaching calls to logging methods. From 9373bdc206b36b48817b66c21b74824ee3aa86e7 Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Tue, 30 Nov 2021 11:35:26 -0500 Subject: [PATCH 3/7] Fix `suite-helpers` dependency --- ql/src/qlpack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ql/src/qlpack.yml b/ql/src/qlpack.yml index 1cf5f82cae0..ff483dee4f5 100644 --- a/ql/src/qlpack.yml +++ b/ql/src/qlpack.yml @@ -6,4 +6,4 @@ extractor: go defaultSuiteFile: codeql-suites/go-code-scanning.qls dependencies: codeql/go-all: "*" - codeql/suite-helpers: ^0.0.3 + codeql/suite-helpers: ^0.0.2 From e4b5dceb14c12793696ff79eb18cdc1fd62a7707 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 30 Nov 2021 20:39:28 +0000 Subject: [PATCH 4/7] Release preparation for version 2.7.3 --- ql/lib/CHANGELOG.md | 1 + ql/lib/change-notes/released/0.0.3.md | 1 + ql/lib/codeql-pack.release.yml | 2 ++ ...ct-integer-conversion-updated.md => CHANGELOG.md} | 12 ++++++++---- .../change-notes/2021-11-19-log-injection-query.md | 5 ----- ql/src/change-notes/released/0.0.3.md | 11 +++++++++++ ql/src/codeql-pack.release.yml | 2 ++ upgrades/CHANGELOG.md | 1 + upgrades/change-notes/released/0.0.3.md | 1 + upgrades/codeql-pack.release.yml | 2 ++ 10 files changed, 29 insertions(+), 9 deletions(-) create mode 100644 ql/lib/CHANGELOG.md create mode 100644 ql/lib/change-notes/released/0.0.3.md create mode 100644 ql/lib/codeql-pack.release.yml rename ql/src/{change-notes/2021-11-02-incorrect-integer-conversion-updated.md => CHANGELOG.md} (50%) delete mode 100644 ql/src/change-notes/2021-11-19-log-injection-query.md create mode 100644 ql/src/change-notes/released/0.0.3.md create mode 100644 ql/src/codeql-pack.release.yml create mode 100644 upgrades/CHANGELOG.md create mode 100644 upgrades/change-notes/released/0.0.3.md create mode 100644 upgrades/codeql-pack.release.yml diff --git a/ql/lib/CHANGELOG.md b/ql/lib/CHANGELOG.md new file mode 100644 index 00000000000..e47c9f5700e --- /dev/null +++ b/ql/lib/CHANGELOG.md @@ -0,0 +1 @@ +## 0.0.3 diff --git a/ql/lib/change-notes/released/0.0.3.md b/ql/lib/change-notes/released/0.0.3.md new file mode 100644 index 00000000000..e47c9f5700e --- /dev/null +++ b/ql/lib/change-notes/released/0.0.3.md @@ -0,0 +1 @@ +## 0.0.3 diff --git a/ql/lib/codeql-pack.release.yml b/ql/lib/codeql-pack.release.yml new file mode 100644 index 00000000000..a24b693d1e7 --- /dev/null +++ b/ql/lib/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.3 diff --git a/ql/src/change-notes/2021-11-02-incorrect-integer-conversion-updated.md b/ql/src/CHANGELOG.md similarity index 50% rename from ql/src/change-notes/2021-11-02-incorrect-integer-conversion-updated.md rename to ql/src/CHANGELOG.md index 6c8a94ba8c2..10b325caa46 100644 --- a/ql/src/change-notes/2021-11-02-incorrect-integer-conversion-updated.md +++ b/ql/src/CHANGELOG.md @@ -1,7 +1,11 @@ ---- -category: majorAnalysis -tags: [lgtm,codescanning] ---- +## 0.0.3 + +### New Queries + +* A new query "Log entries created from user input" (`go/log-injection`) has been added. The query reports user-provided data reaching calls to logging methods. + +### Major Analysis Improvements + * The query "Incorrect conversion between integer types" has been improved to treat `math.MaxUint` and `math.MaxInt` as the values they would be on a 32-bit architecture. This should lead to fewer false positive results. diff --git a/ql/src/change-notes/2021-11-19-log-injection-query.md b/ql/src/change-notes/2021-11-19-log-injection-query.md deleted file mode 100644 index d47dec057cb..00000000000 --- a/ql/src/change-notes/2021-11-19-log-injection-query.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: newQuery -tags: [lgtm,codescanning] ---- -* A new query "Log entries created from user input" (`go/log-injection`) has been added. The query reports user-provided data reaching calls to logging methods. diff --git a/ql/src/change-notes/released/0.0.3.md b/ql/src/change-notes/released/0.0.3.md new file mode 100644 index 00000000000..10b325caa46 --- /dev/null +++ b/ql/src/change-notes/released/0.0.3.md @@ -0,0 +1,11 @@ +## 0.0.3 + +### New Queries + +* A new query "Log entries created from user input" (`go/log-injection`) has been added. The query reports user-provided data reaching calls to logging methods. + +### Major Analysis Improvements + +* The query "Incorrect conversion between integer types" has been improved to + treat `math.MaxUint` and `math.MaxInt` as the values they would be on a + 32-bit architecture. This should lead to fewer false positive results. diff --git a/ql/src/codeql-pack.release.yml b/ql/src/codeql-pack.release.yml new file mode 100644 index 00000000000..a24b693d1e7 --- /dev/null +++ b/ql/src/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.3 diff --git a/upgrades/CHANGELOG.md b/upgrades/CHANGELOG.md new file mode 100644 index 00000000000..e47c9f5700e --- /dev/null +++ b/upgrades/CHANGELOG.md @@ -0,0 +1 @@ +## 0.0.3 diff --git a/upgrades/change-notes/released/0.0.3.md b/upgrades/change-notes/released/0.0.3.md new file mode 100644 index 00000000000..e47c9f5700e --- /dev/null +++ b/upgrades/change-notes/released/0.0.3.md @@ -0,0 +1 @@ +## 0.0.3 diff --git a/upgrades/codeql-pack.release.yml b/upgrades/codeql-pack.release.yml new file mode 100644 index 00000000000..a24b693d1e7 --- /dev/null +++ b/upgrades/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.3 From b2ca04ce1b0b9296b790f621d976f61170ec19ca Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Wed, 1 Dec 2021 11:40:10 -0500 Subject: [PATCH 5/7] Temporarily vendor `codeql/suite-helpers` --- .../0.0.2/code-scanning-selectors.yml | 27 +++++++++++++++ .../0.0.2/lgtm-displayed-only.yml | 12 +++++++ .../suite-helpers/0.0.2/lgtm-selectors.yml | 25 ++++++++++++++ .../codeql/suite-helpers/0.0.2/qlpack.yml | 3 ++ .../0.0.2/security-and-quality-selectors.yml | 29 ++++++++++++++++ .../0.0.2/security-extended-selectors.yml | 34 +++++++++++++++++++ 6 files changed, 130 insertions(+) create mode 100644 external-packs/codeql/suite-helpers/0.0.2/code-scanning-selectors.yml create mode 100644 external-packs/codeql/suite-helpers/0.0.2/lgtm-displayed-only.yml create mode 100644 external-packs/codeql/suite-helpers/0.0.2/lgtm-selectors.yml create mode 100644 external-packs/codeql/suite-helpers/0.0.2/qlpack.yml create mode 100644 external-packs/codeql/suite-helpers/0.0.2/security-and-quality-selectors.yml create mode 100644 external-packs/codeql/suite-helpers/0.0.2/security-extended-selectors.yml diff --git a/external-packs/codeql/suite-helpers/0.0.2/code-scanning-selectors.yml b/external-packs/codeql/suite-helpers/0.0.2/code-scanning-selectors.yml new file mode 100644 index 00000000000..116d7288ddf --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/code-scanning-selectors.yml @@ -0,0 +1,27 @@ +- description: Selectors for selecting the Code-Scanning-relevant queries for a language +- include: + kind: + - problem + - path-problem + - alert + - path-alert + precision: + - high + - very-high + problem.severity: + - error + - warning + tags contain: + - security +- include: + kind: + - diagnostic +- include: + kind: + - metric + tags contain: + - summary +- exclude: + deprecated: // +- exclude: + query path: /^experimental\/.*/ diff --git a/external-packs/codeql/suite-helpers/0.0.2/lgtm-displayed-only.yml b/external-packs/codeql/suite-helpers/0.0.2/lgtm-displayed-only.yml new file mode 100644 index 00000000000..1b7237495e2 --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/lgtm-displayed-only.yml @@ -0,0 +1,12 @@ +- description: Selectors for excluding queries that LGTM doesn't display by default +- exclude: + kind: + - problem + - path-problem + precision: medium +- exclude: + kind: + - problem + - path-problem + precision: high + problem.severity: recommendation diff --git a/external-packs/codeql/suite-helpers/0.0.2/lgtm-selectors.yml b/external-packs/codeql/suite-helpers/0.0.2/lgtm-selectors.yml new file mode 100644 index 00000000000..c83484cb1a4 --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/lgtm-selectors.yml @@ -0,0 +1,25 @@ +- description: Selectors for selecting the LGTM-relevant queries for a language +- include: + kind: + - problem + - path-problem + precision: + - high + - very-high +- include: + kind: + - problem + - path-problem + precision: medium + problem.severity: + - error + - warning +- include: + kind: + - definitions + - alert-suppression + - file-classifier +- exclude: + deprecated: // +- exclude: + query path: /^experimental\/.*/ diff --git a/external-packs/codeql/suite-helpers/0.0.2/qlpack.yml b/external-packs/codeql/suite-helpers/0.0.2/qlpack.yml new file mode 100644 index 00000000000..ca0a6732f5a --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/qlpack.yml @@ -0,0 +1,3 @@ +name: codeql/suite-helpers +version: 0.0.2 +library: true diff --git a/external-packs/codeql/suite-helpers/0.0.2/security-and-quality-selectors.yml b/external-packs/codeql/suite-helpers/0.0.2/security-and-quality-selectors.yml new file mode 100644 index 00000000000..61466f53886 --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/security-and-quality-selectors.yml @@ -0,0 +1,29 @@ +- description: Selectors for selecting the security-and-quality queries for a language +- include: + kind: + - problem + - path-problem + precision: + - high + - very-high +- include: + kind: + - problem + - path-problem + precision: medium + problem.severity: + - error + - warning +- include: + kind: + - diagnostic +- include: + kind: + - metric + tags contain: + - summary +- exclude: + deprecated: // +- exclude: + query path: /^experimental\/.*/ + diff --git a/external-packs/codeql/suite-helpers/0.0.2/security-extended-selectors.yml b/external-packs/codeql/suite-helpers/0.0.2/security-extended-selectors.yml new file mode 100644 index 00000000000..c3a82de14f2 --- /dev/null +++ b/external-packs/codeql/suite-helpers/0.0.2/security-extended-selectors.yml @@ -0,0 +1,34 @@ +- description: Selectors for selecting the security-extended queries for a language +- include: + kind: + - problem + - path-problem + precision: + - high + - very-high + tags contain: + - security +- include: + kind: + - problem + - path-problem + precision: + - medium + problem.severity: + - error + - warning + tags contain: + - security +- include: + kind: + - diagnostic +- include: + kind: + - metric + tags contain: + - summary +- exclude: + deprecated: // +- exclude: + query path: /^experimental\/.*/ + From b714988d7cd6ff8d97fed2945999d6ab59eb0015 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Wed, 1 Dec 2021 14:34:07 -0800 Subject: [PATCH 6/7] Post release 2.7.3 --- ql/lib/qlpack.yml | 2 +- ql/src/qlpack.yml | 2 +- upgrades/qlpack.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ql/lib/qlpack.yml b/ql/lib/qlpack.yml index e610cefde64..3124e8ff8c1 100644 --- a/ql/lib/qlpack.yml +++ b/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.0.3 +version: 0.0.4-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/ql/src/qlpack.yml b/ql/src/qlpack.yml index ff483dee4f5..556549ad3da 100644 --- a/ql/src/qlpack.yml +++ b/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.0.3 +version: 0.0.4-dev groups: go suites: codeql-suites extractor: go diff --git a/upgrades/qlpack.yml b/upgrades/qlpack.yml index 5ff2ed7d000..a43167296d7 100644 --- a/upgrades/qlpack.yml +++ b/upgrades/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-upgrades -version: 0.0.3 +version: 0.0.4-dev groups: go upgrades: . library: true From cedf55c46e30822702daa72ba322a89375c6f57d Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Wed, 8 Dec 2021 19:18:39 -0800 Subject: [PATCH 7/7] Update pack dependency --- ql/lib/qlpack.yml | 2 +- ql/src/qlpack.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ql/lib/qlpack.yml b/ql/lib/qlpack.yml index 3124e8ff8c1..b5d746fbfa7 100644 --- a/ql/lib/qlpack.yml +++ b/ql/lib/qlpack.yml @@ -5,4 +5,4 @@ dbscheme: go.dbscheme extractor: go library: true dependencies: - codeql/go-upgrades: ^0.0.3 + codeql/go-upgrades: ~0.0.3 diff --git a/ql/src/qlpack.yml b/ql/src/qlpack.yml index 556549ad3da..a5e8769426b 100644 --- a/ql/src/qlpack.yml +++ b/ql/src/qlpack.yml @@ -6,4 +6,4 @@ extractor: go defaultSuiteFile: codeql-suites/go-code-scanning.qls dependencies: codeql/go-all: "*" - codeql/suite-helpers: ^0.0.2 + codeql/suite-helpers: ~0.0.2