mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Merge pull request #7769 from github/release-prep/2.8.0
Release preparation for version 2.8.0
This commit is contained in:
Tamás Vajk
@@ -1,3 +1,14 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### Deprecated APIs
|
||||||
|
|
||||||
|
* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
|
||||||
|
|
||||||
|
### Minor Analysis Improvements
|
||||||
|
|
||||||
|
* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
|
||||||
|
more accurate length for integers formatted with `%x`
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|
||||||
## 0.0.6
|
## 0.0.6
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: deprecated
|
|
||||||
---
|
|
||||||
* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
|
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
|
|
||||||
more accurate length for integers formatted with `%x`
|
|
||||||
10
cpp/ql/lib/change-notes/released/0.0.8.md
Normal file
10
cpp/ql/lib/change-notes/released/0.0.8.md
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### Deprecated APIs
|
||||||
|
|
||||||
|
* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
|
||||||
|
|
||||||
|
### Minor Analysis Improvements
|
||||||
|
|
||||||
|
* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
|
||||||
|
more accurate length for integers formatted with `%x`
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.7
|
lastReleaseVersion: 0.0.8
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/cpp-all
|
name: codeql/cpp-all
|
||||||
version: 0.0.8-dev
|
version: 0.0.8
|
||||||
groups: cpp
|
groups: cpp
|
||||||
dbscheme: semmlecode.cpp.dbscheme
|
dbscheme: semmlecode.cpp.dbscheme
|
||||||
extractor: cpp
|
extractor: cpp
|
||||||
|
|||||||
@@ -1,3 +1,22 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### New Queries
|
||||||
|
|
||||||
|
* The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default.
|
||||||
|
* The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high.
|
||||||
|
* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`.
|
||||||
|
|
||||||
|
### Minor Analysis Improvements
|
||||||
|
|
||||||
|
* Fix an issue with the `cpp/declaration-hides-variable` query where it would report variables that are unnamed in a database.
|
||||||
|
* The `cpp/cleartext-storage-file` query has been upgraded with non-local taint flow and has been converted to a `path-problem` query.
|
||||||
|
* The `cpp/return-stack-allocated-memory` query has been improved to produce fewer false positives. The
|
||||||
|
query has also been converted to a `path-problem` query.
|
||||||
|
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved in several ways to reduce false positive results.
|
||||||
|
* The "Potential improper null termination" (`cpp/improper-null-termination`) query now produces fewer false positive results around control flow branches and loops.
|
||||||
|
* Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field.
|
||||||
|
This change reduces the number of false positives in the query.
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|
||||||
## 0.0.6
|
## 0.0.6
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`.
|
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field.
|
|
||||||
This change reduces the number of false positives in the query.
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high.
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* The "Potential improper null termination" (`cpp/improper-null-termination`) query now produces fewer false positive results around control flow branches and loops.
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved in several ways to reduce false positive results.
|
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* The `cpp/return-stack-allocated-memory` query has been improved to produce fewer false positives. The
|
|
||||||
query has also been converted to a `path-problem` query.
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* The `cpp/cleartext-storage-file` query has been upgraded with non-local taint flow and has been converted to a `path-problem` query.
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default.
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* Fix an issue with the `cpp/declaration-hides-variable` query where it would report variables that are unnamed in a database.
|
|
||||||
18
cpp/ql/src/change-notes/released/0.0.8.md
Normal file
18
cpp/ql/src/change-notes/released/0.0.8.md
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### New Queries
|
||||||
|
|
||||||
|
* The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default.
|
||||||
|
* The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high.
|
||||||
|
* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`.
|
||||||
|
|
||||||
|
### Minor Analysis Improvements
|
||||||
|
|
||||||
|
* Fix an issue with the `cpp/declaration-hides-variable` query where it would report variables that are unnamed in a database.
|
||||||
|
* The `cpp/cleartext-storage-file` query has been upgraded with non-local taint flow and has been converted to a `path-problem` query.
|
||||||
|
* The `cpp/return-stack-allocated-memory` query has been improved to produce fewer false positives. The
|
||||||
|
query has also been converted to a `path-problem` query.
|
||||||
|
* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved in several ways to reduce false positive results.
|
||||||
|
* The "Potential improper null termination" (`cpp/improper-null-termination`) query now produces fewer false positive results around control flow branches and loops.
|
||||||
|
* Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field.
|
||||||
|
This change reduces the number of false positives in the query.
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.7
|
lastReleaseVersion: 0.0.8
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/cpp-queries
|
name: codeql/cpp-queries
|
||||||
version: 0.0.8-dev
|
version: 0.0.8
|
||||||
groups: cpp
|
groups: cpp
|
||||||
dependencies:
|
dependencies:
|
||||||
codeql/cpp-all: "*"
|
codeql/cpp-all: "*"
|
||||||
|
|||||||
@@ -1 +1,5 @@
|
|||||||
|
## 1.0.2
|
||||||
|
|
||||||
## 1.0.0
|
## 1.0.0
|
||||||
|
|
||||||
|
## 0.0.6
|
||||||
|
|||||||
@@ -0,0 +1 @@
|
|||||||
|
## 1.0.2
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 1.0.1
|
lastReleaseVersion: 1.0.2
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/csharp-solorigate-all
|
name: codeql/csharp-solorigate-all
|
||||||
version: 1.0.2-dev
|
version: 1.0.2
|
||||||
groups:
|
groups:
|
||||||
- csharp
|
- csharp
|
||||||
- solorigate
|
- solorigate
|
||||||
|
|||||||
@@ -1 +1,5 @@
|
|||||||
|
## 1.0.2
|
||||||
|
|
||||||
## 1.0.0
|
## 1.0.0
|
||||||
|
|
||||||
|
## 0.0.6
|
||||||
|
|||||||
@@ -0,0 +1 @@
|
|||||||
|
## 1.0.2
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 1.0.1
|
lastReleaseVersion: 1.0.2
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/csharp-solorigate-queries
|
name: codeql/csharp-solorigate-queries
|
||||||
version: 1.0.2-dev
|
version: 1.0.2
|
||||||
groups:
|
groups:
|
||||||
- csharp
|
- csharp
|
||||||
- solorigate
|
- solorigate
|
||||||
|
|||||||
@@ -1,3 +1,24 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### Deprecated APIs
|
||||||
|
|
||||||
|
* The `codeql/csharp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/charp-all` CodeQL pack.
|
||||||
|
|
||||||
|
### Major Analysis Improvements
|
||||||
|
|
||||||
|
Added support for the following C# 10 features.
|
||||||
|
* [Record structs](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#record-structs).
|
||||||
|
* [Improvements of structure types](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#improvements-of-structure-types).
|
||||||
|
* Instance parameterless constructor in a structure type.
|
||||||
|
* Enhance `WithExpr` in QL to support `structs` and anonymous classes.
|
||||||
|
* [Global using directives](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#global-using-directives).
|
||||||
|
* [File-scoped namespace declaration](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#file-scoped-namespace-declaration).
|
||||||
|
* [Enhanced #line pragma](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#enhanced-line-pragma).
|
||||||
|
|
||||||
|
### Minor Analysis Improvements
|
||||||
|
|
||||||
|
* The query `cs/local-shadows-member` no longer highlights parameters of `record` types.
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|
||||||
## 0.0.6
|
## 0.0.6
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: deprecated
|
|
||||||
---
|
|
||||||
* The `codeql/csharp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/charp-all` CodeQL pack.
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* The query `cs/local-shadows-member` no longer highlights parameters of `record` types.
|
|
||||||
@@ -1,6 +1,11 @@
|
|||||||
---
|
## 0.0.8
|
||||||
category: majorAnalysis
|
|
||||||
---
|
### Deprecated APIs
|
||||||
|
|
||||||
|
* The `codeql/csharp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/charp-all` CodeQL pack.
|
||||||
|
|
||||||
|
### Major Analysis Improvements
|
||||||
|
|
||||||
Added support for the following C# 10 features.
|
Added support for the following C# 10 features.
|
||||||
* [Record structs](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#record-structs).
|
* [Record structs](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#record-structs).
|
||||||
* [Improvements of structure types](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#improvements-of-structure-types).
|
* [Improvements of structure types](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#improvements-of-structure-types).
|
||||||
@@ -8,4 +13,8 @@ Added support for the following C# 10 features.
|
|||||||
* Enhance `WithExpr` in QL to support `structs` and anonymous classes.
|
* Enhance `WithExpr` in QL to support `structs` and anonymous classes.
|
||||||
* [Global using directives](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#global-using-directives).
|
* [Global using directives](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#global-using-directives).
|
||||||
* [File-scoped namespace declaration](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#file-scoped-namespace-declaration).
|
* [File-scoped namespace declaration](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#file-scoped-namespace-declaration).
|
||||||
* [Enhanced #line pragma](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#enhanced-line-pragma).
|
* [Enhanced #line pragma](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#enhanced-line-pragma).
|
||||||
|
|
||||||
|
### Minor Analysis Improvements
|
||||||
|
|
||||||
|
* The query `cs/local-shadows-member` no longer highlights parameters of `record` types.
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.7
|
lastReleaseVersion: 0.0.8
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/csharp-all
|
name: codeql/csharp-all
|
||||||
version: 0.0.8-dev
|
version: 0.0.8
|
||||||
groups: csharp
|
groups: csharp
|
||||||
dbscheme: semmlecode.csharp.dbscheme
|
dbscheme: semmlecode.csharp.dbscheme
|
||||||
extractor: csharp
|
extractor: csharp
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|
||||||
## 0.0.6
|
## 0.0.6
|
||||||
|
|||||||
1
csharp/ql/src/change-notes/released/0.0.8.md
Normal file
1
csharp/ql/src/change-notes/released/0.0.8.md
Normal file
@@ -0,0 +1 @@
|
|||||||
|
## 0.0.8
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.7
|
lastReleaseVersion: 0.0.8
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/csharp-queries
|
name: codeql/csharp-queries
|
||||||
version: 0.0.8-dev
|
version: 0.0.8
|
||||||
groups: csharp
|
groups: csharp
|
||||||
suites: codeql-suites
|
suites: codeql-suites
|
||||||
extractor: csharp
|
extractor: csharp
|
||||||
|
|||||||
@@ -1,3 +1,9 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### Deprecated APIs
|
||||||
|
|
||||||
|
* The `codeql/java-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/java-all` CodeQL pack.
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|
||||||
## 0.0.6
|
## 0.0.6
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
## 0.0.8
|
||||||
category: deprecated
|
|
||||||
---
|
### Deprecated APIs
|
||||||
|
|
||||||
* The `codeql/java-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/java-all` CodeQL pack.
|
* The `codeql/java-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/java-all` CodeQL pack.
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.7
|
lastReleaseVersion: 0.0.8
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/java-all
|
name: codeql/java-all
|
||||||
version: 0.0.8-dev
|
version: 0.0.8
|
||||||
groups: java
|
groups: java
|
||||||
dbscheme: config/semmlecode.dbscheme
|
dbscheme: config/semmlecode.dbscheme
|
||||||
extractor: java
|
extractor: java
|
||||||
|
|||||||
@@ -1,3 +1,26 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### New Queries
|
||||||
|
|
||||||
|
* A new query "Use of implicit PendingIntents" (`java/android/pending-intents`) has been added.
|
||||||
|
This query finds implicit and mutable `PendingIntents` sent to an unspecified third party
|
||||||
|
component, which may provide an attacker with access to internal components of the application
|
||||||
|
or cause other unintended effects.
|
||||||
|
* Two new queries, "Android fragment injection" (`java/android/fragment-injection`) and "Android fragment injection in PreferenceActivity" (`java/android/fragment-injection-preference-activity`) have been added.
|
||||||
|
These queries find exported Android activities that instantiate and host fragments created from user-provided data. Such activities are vulnerable to access control bypass and expose the Android application to unintended effects.
|
||||||
|
* The query "`TrustManager` that accepts all certificates" (`java/insecure-trustmanager`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @intrigus-lgtm](https://github.com/github/codeql/pull/4879).
|
||||||
|
* The query "Log Injection" (`java/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @porcupineyhairs and @dellalibera](https://github.com/github/codeql/pull/5099).
|
||||||
|
* A new query "Intent URI permission manipulation" (`java/android/intent-uri-permission-manipulation`) has been added.
|
||||||
|
This query finds Android components that return unmodified, received Intents to the calling applications, which
|
||||||
|
can provide unintended access to internal content providers of the victim application.
|
||||||
|
* A new query "Cleartext storage of sensitive information in the Android filesystem" (`java/android/cleartext-storage-filesystem`) has been added. This query finds instances of sensitive data being stored in local files without encryption, which may expose it to attackers or malicious applications.
|
||||||
|
* The query "Cleartext storage of sensitive information using `SharedPreferences` on Android" (`java/android/cleartext-storage-shared-prefs`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4675).
|
||||||
|
* The query "Unsafe certificate trust" (`java/unsafe-cert-trust`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3550).
|
||||||
|
|
||||||
|
### Query Metadata Changes
|
||||||
|
|
||||||
|
* The "Random used only once" (`java/random-used-once`) query no longer has a `security-severity` score. This has been causing some tools to categorise it as a security query, when it is more useful as a code-quality query.
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|
||||||
## 0.0.6
|
## 0.0.6
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* The query "Unsafe certificate trust" (`java/unsafe-cert-trust`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3550).
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* The query "Cleartext storage of sensitive information using `SharedPreferences` on Android" (`java/android/cleartext-storage-shared-prefs`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4675).
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* A new query "Cleartext storage of sensitive information in the Android filesystem" (`java/android/cleartext-storage-filesystem`) has been added. This query finds instances of sensitive data being stored in local files without encryption, which may expose it to attackers or malicious applications.
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* A new query "Intent URI permission manipulation" (`java/android/intent-uri-permission-manipulation`) has been added.
|
|
||||||
This query finds Android components that return unmodified, received Intents to the calling applications, which
|
|
||||||
can provide unintended access to internal content providers of the victim application.
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* The query "Log Injection" (`java/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @porcupineyhairs and @dellalibera](https://github.com/github/codeql/pull/5099).
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* The query "`TrustManager` that accepts all certificates" (`java/insecure-trustmanager`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @intrigus-lgtm](https://github.com/github/codeql/pull/4879).
|
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* Two new queries, "Android fragment injection" (`java/android/fragment-injection`) and "Android fragment injection in PreferenceActivity" (`java/android/fragment-injection-preference-activity`) have been added.
|
|
||||||
These queries find exported Android activities that instantiate and host fragments created from user-provided data. Such activities are vulnerable to access control bypass and expose the Android application to unintended effects.
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* A new query "Use of implicit PendingIntents" (`java/android/pending-intents`) has been added.
|
|
||||||
This query finds implicit and mutable `PendingIntents` sent to an unspecified third party
|
|
||||||
component, which may provide an attacker with access to internal components of the application
|
|
||||||
or cause other unintended effects.
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: queryMetadata
|
|
||||||
---
|
|
||||||
* The "Random used only once" (`java/random-used-once`) query no longer has a `security-severity` score. This has been causing some tools to categorise it as a security query, when it is more useful as a code-quality query.
|
|
||||||
22
java/ql/src/change-notes/released/0.0.8.md
Normal file
22
java/ql/src/change-notes/released/0.0.8.md
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### New Queries
|
||||||
|
|
||||||
|
* A new query "Use of implicit PendingIntents" (`java/android/pending-intents`) has been added.
|
||||||
|
This query finds implicit and mutable `PendingIntents` sent to an unspecified third party
|
||||||
|
component, which may provide an attacker with access to internal components of the application
|
||||||
|
or cause other unintended effects.
|
||||||
|
* Two new queries, "Android fragment injection" (`java/android/fragment-injection`) and "Android fragment injection in PreferenceActivity" (`java/android/fragment-injection-preference-activity`) have been added.
|
||||||
|
These queries find exported Android activities that instantiate and host fragments created from user-provided data. Such activities are vulnerable to access control bypass and expose the Android application to unintended effects.
|
||||||
|
* The query "`TrustManager` that accepts all certificates" (`java/insecure-trustmanager`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @intrigus-lgtm](https://github.com/github/codeql/pull/4879).
|
||||||
|
* The query "Log Injection" (`java/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @porcupineyhairs and @dellalibera](https://github.com/github/codeql/pull/5099).
|
||||||
|
* A new query "Intent URI permission manipulation" (`java/android/intent-uri-permission-manipulation`) has been added.
|
||||||
|
This query finds Android components that return unmodified, received Intents to the calling applications, which
|
||||||
|
can provide unintended access to internal content providers of the victim application.
|
||||||
|
* A new query "Cleartext storage of sensitive information in the Android filesystem" (`java/android/cleartext-storage-filesystem`) has been added. This query finds instances of sensitive data being stored in local files without encryption, which may expose it to attackers or malicious applications.
|
||||||
|
* The query "Cleartext storage of sensitive information using `SharedPreferences` on Android" (`java/android/cleartext-storage-shared-prefs`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4675).
|
||||||
|
* The query "Unsafe certificate trust" (`java/unsafe-cert-trust`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3550).
|
||||||
|
|
||||||
|
### Query Metadata Changes
|
||||||
|
|
||||||
|
* The "Random used only once" (`java/random-used-once`) query no longer has a `security-severity` score. This has been causing some tools to categorise it as a security query, when it is more useful as a code-quality query.
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.7
|
lastReleaseVersion: 0.0.8
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/java-queries
|
name: codeql/java-queries
|
||||||
version: 0.0.8-dev
|
version: 0.0.8
|
||||||
groups: java
|
groups: java
|
||||||
suites: codeql-suites
|
suites: codeql-suites
|
||||||
extractor: java
|
extractor: java
|
||||||
|
|||||||
@@ -1,3 +1,9 @@
|
|||||||
|
## 0.0.9
|
||||||
|
|
||||||
|
### Deprecated APIs
|
||||||
|
|
||||||
|
* The `codeql/javascript-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/javascript-all` CodeQL pack.
|
||||||
|
|
||||||
## 0.0.8
|
## 0.0.8
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
## 0.0.9
|
||||||
category: deprecated
|
|
||||||
---
|
### Deprecated APIs
|
||||||
|
|
||||||
* The `codeql/javascript-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/javascript-all` CodeQL pack.
|
* The `codeql/javascript-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/javascript-all` CodeQL pack.
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.8
|
lastReleaseVersion: 0.0.9
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/javascript-all
|
name: codeql/javascript-all
|
||||||
version: 0.0.9-dev
|
version: 0.0.9
|
||||||
groups: javascript
|
groups: javascript
|
||||||
dbscheme: semmlecode.javascript.dbscheme
|
dbscheme: semmlecode.javascript.dbscheme
|
||||||
extractor: javascript
|
extractor: javascript
|
||||||
|
|||||||
@@ -1,3 +1,10 @@
|
|||||||
|
## 0.0.9
|
||||||
|
|
||||||
|
### New Queries
|
||||||
|
|
||||||
|
* A new query `js/samesite-none-cookie` has been added. The query detects when the SameSite attribute is set to None on a sensitive cookie.
|
||||||
|
* A new query `js/empty-password-in-configuration-file` has been added. The query detects empty passwords in configuration files. The query is not run by default.
|
||||||
|
|
||||||
## 0.0.8
|
## 0.0.8
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* A new query `js/empty-password-in-configuration-file` has been added. The query detects empty passwords in configuration files. The query is not run by default.
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
* A new query `js/samesite-none-cookie` has been added. The query detects when the SameSite attribute is set to None on a sensitive cookie.
|
|
||||||
6
javascript/ql/src/change-notes/released/0.0.9.md
Normal file
6
javascript/ql/src/change-notes/released/0.0.9.md
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
## 0.0.9
|
||||||
|
|
||||||
|
### New Queries
|
||||||
|
|
||||||
|
* A new query `js/samesite-none-cookie` has been added. The query detects when the SameSite attribute is set to None on a sensitive cookie.
|
||||||
|
* A new query `js/empty-password-in-configuration-file` has been added. The query detects empty passwords in configuration files. The query is not run by default.
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.8
|
lastReleaseVersion: 0.0.9
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/javascript-queries
|
name: codeql/javascript-queries
|
||||||
version: 0.0.9-dev
|
version: 0.0.9
|
||||||
groups: javascript
|
groups: javascript
|
||||||
suites: codeql-suites
|
suites: codeql-suites
|
||||||
extractor: javascript
|
extractor: javascript
|
||||||
|
|||||||
@@ -1,3 +1,10 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### Deprecated APIs
|
||||||
|
|
||||||
|
* Moved the files defining regex injection configuration and customization, instead of `import semmle.python.security.injection.RegexInjection` please use `import semmle.python.security.dataflow.RegexInjection` (the same for `RegexInjectionCustomizations`).
|
||||||
|
* The `codeql/python-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/python-all` CodeQL pack.
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|
||||||
## 0.0.6
|
## 0.0.6
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: deprecated
|
|
||||||
---
|
|
||||||
* The `codeql/python-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/python-all` CodeQL pack.
|
|
||||||
@@ -1,4 +1,6 @@
|
|||||||
---
|
## 0.0.8
|
||||||
category: deprecated
|
|
||||||
---
|
### Deprecated APIs
|
||||||
|
|
||||||
* Moved the files defining regex injection configuration and customization, instead of `import semmle.python.security.injection.RegexInjection` please use `import semmle.python.security.dataflow.RegexInjection` (the same for `RegexInjectionCustomizations`).
|
* Moved the files defining regex injection configuration and customization, instead of `import semmle.python.security.injection.RegexInjection` please use `import semmle.python.security.dataflow.RegexInjection` (the same for `RegexInjectionCustomizations`).
|
||||||
|
* The `codeql/python-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/python-all` CodeQL pack.
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.7
|
lastReleaseVersion: 0.0.8
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/python-all
|
name: codeql/python-all
|
||||||
version: 0.0.8-dev
|
version: 0.0.8
|
||||||
groups: python
|
groups: python
|
||||||
dbscheme: semmlecode.python.dbscheme
|
dbscheme: semmlecode.python.dbscheme
|
||||||
extractor: python
|
extractor: python
|
||||||
|
|||||||
@@ -1,3 +1,9 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### Major Analysis Improvements
|
||||||
|
|
||||||
|
* User names and other account information is no longer considered to be sensitive data for the queries `py/clear-text-logging-sensitive-data` and `py/clear-text-storage-sensitive-data`, since this lead to many false positives.
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|
||||||
## 0.0.6
|
## 0.0.6
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
---
|
## 0.0.8
|
||||||
category: majorAnalysis
|
|
||||||
---
|
### Major Analysis Improvements
|
||||||
|
|
||||||
* User names and other account information is no longer considered to be sensitive data for the queries `py/clear-text-logging-sensitive-data` and `py/clear-text-storage-sensitive-data`, since this lead to many false positives.
|
* User names and other account information is no longer considered to be sensitive data for the queries `py/clear-text-logging-sensitive-data` and `py/clear-text-storage-sensitive-data`, since this lead to many false positives.
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.7
|
lastReleaseVersion: 0.0.8
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/python-queries
|
name: codeql/python-queries
|
||||||
version: 0.0.8-dev
|
version: 0.0.8
|
||||||
groups: python
|
groups: python
|
||||||
dependencies:
|
dependencies:
|
||||||
codeql/python-all: "*"
|
codeql/python-all: "*"
|
||||||
|
|||||||
@@ -1,3 +1,5 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|
||||||
## 0.0.6
|
## 0.0.6
|
||||||
|
|||||||
1
ruby/ql/lib/change-notes/released/0.0.8.md
Normal file
1
ruby/ql/lib/change-notes/released/0.0.8.md
Normal file
@@ -0,0 +1 @@
|
|||||||
|
## 0.0.8
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.7
|
lastReleaseVersion: 0.0.8
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/ruby-all
|
name: codeql/ruby-all
|
||||||
version: 0.0.8-dev
|
version: 0.0.8
|
||||||
groups: ruby
|
groups: ruby
|
||||||
extractor: ruby
|
extractor: ruby
|
||||||
dbscheme: ruby.dbscheme
|
dbscheme: ruby.dbscheme
|
||||||
|
|||||||
@@ -1,3 +1,13 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### New Queries
|
||||||
|
|
||||||
|
* Added a new query, `rb/weak-cookie-configuration`. The query finds cases where cookie configuration options are set to values that may make an application more vulnerable to certain attacks.
|
||||||
|
|
||||||
|
### Minor Analysis Improvements
|
||||||
|
|
||||||
|
* The query `rb/csrf-protection-disabled` has been extended to find calls to the Rails method `protect_from_forgery` that may weaken CSRF protection.
|
||||||
|
|
||||||
## 0.0.7
|
## 0.0.7
|
||||||
|
|
||||||
## 0.0.6
|
## 0.0.6
|
||||||
|
|||||||
@@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
category: newQuery
|
|
||||||
---
|
|
||||||
lgtm,codescanning
|
|
||||||
* Added a new query, `rb/weak-cookie-configuration`. The query finds cases where cookie configuration options are set to values that may make an application more vulnerable to certain attacks.
|
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
lgtm,codescanning
|
|
||||||
* The query `rb/csrf-protection-disabled` has been extended to find calls to the Rails method `protect_from_forgery` that may weaken CSRF protection.
|
|
||||||
9
ruby/ql/src/change-notes/released/0.0.8.md
Normal file
9
ruby/ql/src/change-notes/released/0.0.8.md
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
## 0.0.8
|
||||||
|
|
||||||
|
### New Queries
|
||||||
|
|
||||||
|
* Added a new query, `rb/weak-cookie-configuration`. The query finds cases where cookie configuration options are set to values that may make an application more vulnerable to certain attacks.
|
||||||
|
|
||||||
|
### Minor Analysis Improvements
|
||||||
|
|
||||||
|
* The query `rb/csrf-protection-disabled` has been extended to find calls to the Rails method `protect_from_forgery` that may weaken CSRF protection.
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
lastReleaseVersion: 0.0.7
|
lastReleaseVersion: 0.0.8
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/ruby-queries
|
name: codeql/ruby-queries
|
||||||
version: 0.0.8-dev
|
version: 0.0.8
|
||||||
groups: ruby
|
groups: ruby
|
||||||
suites: codeql-suites
|
suites: codeql-suites
|
||||||
defaultSuiteFile: codeql-suites/ruby-code-scanning.qls
|
defaultSuiteFile: codeql-suites/ruby-code-scanning.qls
|
||||||
|
|||||||
Reference in New Issue
Block a user