hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move change notes to correct location

Browse Source 
A few change notes slipped through the cracks of my previous change. These are now in the proper locations: `old-change-notes` for older notes, and `<lang>\ql\[src|lib]\change-notes` for current change notes.
This commit is contained in:
Dave Bartolomeo
2022-01-03 18:21:16 -05:00
parent ded3c52a34
commit 5f5af4a29e
6 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
cpp/change-notes/2021-10-07-cleartext-transmission.md → cpp/old-change-notes/2021-10-07-cleartext-transmission.md
View File

4
javascript/change-notes/2021-11-08-routing-trees.md → javascript/ql/src/change-notes/2021-11-08-routing-trees.md
View File

@@ -1,3 +1,5 @@
lgtm,codescanning ---
category: minorAnalysis
---
* Data flow is now tracked across middleware functions in more cases, leading to more security results in general. Affected packages are `express` and `fastify`. * Data flow is now tracked across middleware functions in more cases, leading to more security results in general. Affected packages are `express` and `fastify`.
* `js/missing-token-validation` has been made more precise, yielding both fewer false positives and more true positives. * `js/missing-token-validation` has been made more precise, yielding both fewer false positives and more true positives.

4
javascript/change-notes/2021-12-07-handlebars-more-raw-interpolation.md → javascript/ql/src/change-notes/2021-12-07-handlebars-more-raw-interpolation.md
View File

@@ -1,3 +1,5 @@
lgtm,codescanning ---
category: minorAnalysis
---
* Support for handlebars templates has improved. Raw interpolation tags of the form `{{& ... }}` are now recognized, * Support for handlebars templates has improved. Raw interpolation tags of the form `{{& ... }}` are now recognized,
as well as whitespace-trimming tags like `{{~ ... }}`. as well as whitespace-trimming tags like `{{~ ... }}`.

4
python/ql/src/change-notes/2021-12-17-add-SSRF-analysis.md Normal file
View File

@@ -0,0 +1,4 @@
---
catgegory: minorAnalysis
---
* To support the new SSRF queries, the PyPI package `requests` has been modeled, along with `http.client.HTTP[S]Connection` from the standard library.

5
python/change-notes/2021-12-17-add-SSRF-queries.md → python/ql/src/change-notes/2021-12-17-add-SSRF-queries.md
View File

@@ -1,3 +1,4 @@
lgtm,codescanning ---
catgegory: newQuery
---
* Two new queries have been added for detecting Server-side request forgery (SSRF). _Full server-side request forgery_ (`py/full-ssrf`) will only alert when the URL is fully user-controlled, and _Partial server-side request forgery_ (`py/partial-ssrf`) will alert when any part of the URL is user-controlled. Only `py/full-ssrf` will be run by default. * Two new queries have been added for detecting Server-side request forgery (SSRF). _Full server-side request forgery_ (`py/full-ssrf`) will only alert when the URL is fully user-controlled, and _Partial server-side request forgery_ (`py/partial-ssrf`) will alert when any part of the URL is user-controlled. Only `py/full-ssrf` will be run by default.
* To support the new SSRF queries, the PyPI package `requests` have been modeled, along with `http.client.HTTP[S]Connection` from the standard library.

4
ruby/change-notes/2021-12-21-constants.md → ruby/ql/lib/change-notes/2021-12-21-constants.md
View File

@@ -1,2 +1,4 @@
lgtm,codescanning ---
category: deprecated
---
* `ConstantWriteAccess.getQualifiedName()` has been deprecated in favor of `getAQualifiedName()` which can return multiple possible qualified names for a given constant write access. * `ConstantWriteAccess.getQualifiedName()` has been deprecated in favor of `getAQualifiedName()` which can return multiple possible qualified names for a given constant write access.