hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 22:44:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Release preparation for version 2.18.2"

Browse Source
This commit is contained in:
Alexander Eyers-Taylor
2024-08-07 14:24:37 +01:00
committed by GitHub
parent 26444cb0cd
commit 46577b585e
163 changed files with 180 additions and 425 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/src/CHANGELOG.md
View File

@@ -1,12 +1,3 @@
## 1.1.2
### Minor Analysis Improvements
* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.
* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.
* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.
* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.
## 1.1.1
### Minor Analysis Improvements
@@ -334,7 +325,7 @@ No user-facing changes.
### New Queries
* Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions.
* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization.
* A new query "Uncontrolled data used in content resolution" (`java/android/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization.
## 0.4.1

4
java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.

4
java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.

4
java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.

4
java/ql/src/change-notes/2024-07-30-unused.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.

8
java/ql/src/change-notes/released/1.1.2.md
View File

@@ -1,8 +0,0 @@
## 1.1.2
### Minor Analysis Improvements
* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.
* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.
* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.
* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.2
lastReleaseVersion: 1.1.1

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 1.1.2
version: 1.1.2-dev
groups:
- java
- queries