hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.7.4

Browse Source
This commit is contained in:
github-actions[bot]
2021-12-14 21:35:09 +00:00
parent 6664a3814a
commit 59da2cdf69
83 changed files with 167 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
python/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,14 @@
## 0.0.5
### Minor Analysis Improvements
* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on.
* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`.
* Extended the modeling of FastAPI such that custom subclasses of `fastapi.APIRouter` are recognized.
* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`.
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks.
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.
## 0.0.4
### Major Analysis Improvements

5
python/ql/lib/change-notes/2021-11-15-model-wsgiref-simple-server-app.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.

5
python/ql/lib/change-notes/2021-11-16-posixpath.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks.

5
python/ql/lib/change-notes/2021-11-24-FastAPI-Custom-APIRouter-Subclass.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Extended the modeling of FastAPI such that custom subclasses of `fastapi.APIRouter` are recognized.

5
python/ql/lib/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`.

5
python/ql/lib/change-notes/2021-11-26-os-file-access.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on.

5
python/ql/lib/change-notes/2021-11-26-tempfile-file-access.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`.

10
python/ql/lib/change-notes/released/0.0.5.md Normal file
View File

@@ -0,0 +1,10 @@
## 0.0.5
### Minor Analysis Improvements
* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on.
* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`.
* Extended the modeling of FastAPI such that custom subclasses of `fastapi.APIRouter` are recognized.
* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`.
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks.
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.

2
python/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.4
lastReleaseVersion: 0.0.5

2
python/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-all
version: 0.0.5-dev
version: 0.0.5
groups: python
dbscheme: semmlecode.python.dbscheme
extractor: python

10
python/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,13 @@
## 0.0.5
### Minor Analysis Improvements
* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. All of these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. The `suffix`, `prefix`, and `dir` arguments are all vulnerable to path-injection, and these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`, making them sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.
## 0.0.4
### Query Metadata Changes

5
python/ql/src/change-notes/2021-11-15-model-wsgiref-simple-server-app.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.

5
python/ql/src/change-notes/2021-11-16-posixpath.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

5
python/ql/src/change-notes/2021-11-24-FastAPI-FileResponse-FileSystemAccess.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`, making them sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

5
python/ql/src/change-notes/2021-11-26-os-file-access.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. All of these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

5
python/ql/src/change-notes/2021-11-26-tempfile-file-access.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
tags: [lgtm,codescanning]
---
* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. The `suffix`, `prefix`, and `dir` arguments are all vulnerable to path-injection, and these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.

9
python/ql/src/change-notes/released/0.0.5.md Normal file
View File

@@ -0,0 +1,9 @@
## 0.0.5
### Minor Analysis Improvements
* Added modeling of many functions from the `os` module that uses file system paths, such as `os.stat`, `os.chdir`, `os.mkdir`, and so on. All of these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Added modeling of the `tempfile` module for creating temporary files and directories, such as the functions `tempfile.NamedTemporaryFile` and `tempfile.TemporaryDirectory`. The `suffix`, `prefix`, and `dir` arguments are all vulnerable to path-injection, and these are new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Extended the modeling of FastAPI such that `fastapi.responses.FileResponse` are considered `FileSystemAccess`, making them sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Added modeling of the `posixpath`, `ntpath`, and `genericpath` modules for path operations (although these are not supposed to be used), resulting in new sinks for the _Uncontrolled data used in path expression_ (`py/path-injection`) query.
* Added modeling of `wsgiref.simple_server` applications, leading to new remote flow sources.

2
python/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.4
lastReleaseVersion: 0.0.5

2
python/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-queries
version: 0.0.5-dev
version: 0.0.5
groups: python
dependencies:
codeql/python-all: "*"

2
python/upgrades/CHANGELOG.md
View File

@@ -1 +1,3 @@
## 0.0.5
## 0.0.4

1
python/upgrades/change-notes/released/0.0.5.md Normal file
View File

@@ -0,0 +1 @@
## 0.0.5

2
python/upgrades/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.4
lastReleaseVersion: 0.0.5

2
python/upgrades/qlpack.yml
View File

@@ -2,4 +2,4 @@ name: codeql/python-upgrades
groups: python
upgrades: .
library: true
version: 0.0.5-dev
version: 0.0.5