From 634134f2837379828405b7c5fdca6b74dd73ea7e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 27 Jan 2022 10:40:20 +0000 Subject: [PATCH] Release preparation for version 2.8.0 --- cpp/ql/lib/CHANGELOG.md | 11 +++++++++ .../2022-01-11-remove-upgrades-packs.md | 4 ---- .../2022-01-14-hex-format-range-analysis.md | 5 ---- cpp/ql/lib/change-notes/released/0.0.8.md | 10 ++++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 19 +++++++++++++++ .../2021-12-14-overruning-write-split.md | 4 ---- ...2021-12-30-ambiguously-signed-bit-field.md | 5 ---- ...2-01-05-promote-uncontrolled-arithmetic.md | 4 ---- .../2022-01-18-improper-null-termination.md | 4 ---- .../2022-01-19-cleartext-transmission.md | 4 ---- ...022-01-20-return-stack-allocated-memory.md | 5 ---- .../2022-01-24-cleartext-storage-file.md | 4 ---- ...022-01-24-return-stack-allocated-memory.md | 4 ---- ...-26-unnamed-variable-declaration-hiding.md | 4 ---- cpp/ql/src/change-notes/released/0.0.8.md | 18 +++++++++++++++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../lib/change-notes/released/1.0.2.md | 1 + .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.0.2.md | 1 + .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 21 +++++++++++++++++ .../2022-01-11-remove-upgrades-packs.md | 4 ---- .../2022-01-18-local-shadows-member.md | 4 ---- .../0.0.8.md} | 17 ++++++++++---- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 2 ++ csharp/ql/src/change-notes/released/0.0.8.md | 1 + csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 6 +++++ .../0.0.8.md} | 7 +++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 23 +++++++++++++++++++ .../2021-06-28-unsafe-cert-trust-query.md | 4 ---- ...-10-cleartext-storage-sharedprefs-query.md | 4 ---- ...9-01-cleartext-storage-filesystem-query.md | 4 ---- ...ntent-uri-permission-manipulation-query.md | 6 ----- .../2021-11-04-log-injection-query.md | 4 ---- .../2021-11-15-insecure-trustamanger-query.md | 4 ---- ...-12-15-android-fragment-injection-query.md | 5 ---- ...1-12-21-android-implicit-pendingintents.md | 7 ------ .../2022-01-19-random-used-once.md | 4 ---- java/ql/src/change-notes/released/0.0.8.md | 22 ++++++++++++++++++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 6 +++++ .../0.0.9.md} | 7 +++--- javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 7 ++++++ ...18-empty-password-in-configuration-file.md | 4 ---- .../2022-01-24-samesite-cookie.md | 4 ---- .../ql/src/change-notes/released/0.0.9.md | 6 +++++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 7 ++++++ .../2022-01-11-remove-upgrades-packs.md | 4 ---- .../0.0.8.md} | 8 ++++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 6 +++++ .../0.0.8.md} | 7 +++--- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 2 ++ ruby/ql/lib/change-notes/released/0.0.8.md | 1 + ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 12 ++++++++++ ...1-12-06-weak-cookie-configuration-query.md | 5 ---- .../2022-01-19-csrf-protection-weakened.md | 5 ---- ruby/ql/src/change-notes/released/0.0.8.md | 11 +++++++++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- 83 files changed, 259 insertions(+), 163 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md delete mode 100644 cpp/ql/lib/change-notes/2022-01-14-hex-format-range-analysis.md create mode 100644 cpp/ql/lib/change-notes/released/0.0.8.md delete mode 100644 cpp/ql/src/change-notes/2021-12-14-overruning-write-split.md delete mode 100644 cpp/ql/src/change-notes/2021-12-30-ambiguously-signed-bit-field.md delete mode 100644 cpp/ql/src/change-notes/2022-01-05-promote-uncontrolled-arithmetic.md delete mode 100644 cpp/ql/src/change-notes/2022-01-18-improper-null-termination.md delete mode 100644 cpp/ql/src/change-notes/2022-01-19-cleartext-transmission.md delete mode 100644 cpp/ql/src/change-notes/2022-01-20-return-stack-allocated-memory.md delete mode 100644 cpp/ql/src/change-notes/2022-01-24-cleartext-storage-file.md delete mode 100644 cpp/ql/src/change-notes/2022-01-24-return-stack-allocated-memory.md delete mode 100644 cpp/ql/src/change-notes/2022-01-26-unnamed-variable-declaration-hiding.md create mode 100644 cpp/ql/src/change-notes/released/0.0.8.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.2.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.2.md delete mode 100644 csharp/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md delete mode 100644 csharp/ql/lib/change-notes/2022-01-18-local-shadows-member.md rename csharp/ql/lib/change-notes/{2022-01-25-csharp10-features.md => released/0.0.8.md} (66%) create mode 100644 csharp/ql/src/change-notes/released/0.0.8.md rename java/ql/lib/change-notes/{2022-01-11-remove-upgrades-packs.md => released/0.0.8.md} (81%) delete mode 100644 java/ql/src/change-notes/2021-06-28-unsafe-cert-trust-query.md delete mode 100644 java/ql/src/change-notes/2021-08-10-cleartext-storage-sharedprefs-query.md delete mode 100644 java/ql/src/change-notes/2021-09-01-cleartext-storage-filesystem-query.md delete mode 100644 java/ql/src/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md delete mode 100644 java/ql/src/change-notes/2021-11-04-log-injection-query.md delete mode 100644 java/ql/src/change-notes/2021-11-15-insecure-trustamanger-query.md delete mode 100644 java/ql/src/change-notes/2021-12-15-android-fragment-injection-query.md delete mode 100644 java/ql/src/change-notes/2021-12-21-android-implicit-pendingintents.md delete mode 100644 java/ql/src/change-notes/2022-01-19-random-used-once.md create mode 100644 java/ql/src/change-notes/released/0.0.8.md rename javascript/ql/lib/change-notes/{2022-01-11-remove-upgrades-packs.md => released/0.0.9.md} (82%) delete mode 100644 javascript/ql/src/change-notes/2022-01-18-empty-password-in-configuration-file.md delete mode 100644 javascript/ql/src/change-notes/2022-01-24-samesite-cookie.md create mode 100644 javascript/ql/src/change-notes/released/0.0.9.md delete mode 100644 python/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md rename python/ql/lib/change-notes/{2022-01-19-move-regex-injection.md => released/0.0.8.md} (60%) rename python/ql/src/change-notes/{2021-01-19-remove-cleartext-fps.md => released/0.0.8.md} (84%) create mode 100644 ruby/ql/lib/change-notes/released/0.0.8.md delete mode 100644 ruby/ql/src/change-notes/2021-12-06-weak-cookie-configuration-query.md delete mode 100644 ruby/ql/src/change-notes/2022-01-19-csrf-protection-weakened.md create mode 100644 ruby/ql/src/change-notes/released/0.0.8.md diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 061b9a94609..5c3f318239b 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.0.8 + +### Deprecated APIs + +* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack. + +### Minor Analysis Improvements + +* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a + more accurate length for integers formatted with `%x` + ## 0.0.7 ## 0.0.6 diff --git a/cpp/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md b/cpp/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md deleted file mode 100644 index 6ebf0d81141..00000000000 --- a/cpp/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack. diff --git a/cpp/ql/lib/change-notes/2022-01-14-hex-format-range-analysis.md b/cpp/ql/lib/change-notes/2022-01-14-hex-format-range-analysis.md deleted file mode 100644 index a2adcf41ad4..00000000000 --- a/cpp/ql/lib/change-notes/2022-01-14-hex-format-range-analysis.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a - more accurate length for integers formatted with `%x` \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/released/0.0.8.md b/cpp/ql/lib/change-notes/released/0.0.8.md new file mode 100644 index 00000000000..4ff1205563f --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.0.8.md @@ -0,0 +1,10 @@ +## 0.0.8 + +### Deprecated APIs + +* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack. + +### Minor Analysis Improvements + +* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a + more accurate length for integers formatted with `%x` diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 34c14fcd78c..f9e76a39e0e 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.0.8-dev +version: 0.0.8 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index cab85d12b8b..0a550c7e9e3 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,22 @@ +## 0.0.8 + +### New Queries + +* The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default. +* The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high. +* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`. + +### Minor Analysis Improvements + +* Fix an issue with the `cpp/declaration-hides-variable` query where it would report variables that are unnamed in a database. +* The `cpp/cleartext-storage-file` query has been upgraded with non-local taint flow and has been converted to a `path-problem` query. +* The `cpp/return-stack-allocated-memory` query has been improved to produce fewer false positives. The + query has also been converted to a `path-problem` query. +* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved in several ways to reduce false positive results. +* The "Potential improper null termination" (`cpp/improper-null-termination`) query now produces fewer false positive results around control flow branches and loops. +* Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field. + This change reduces the number of false positives in the query. + ## 0.0.7 ## 0.0.6 diff --git a/cpp/ql/src/change-notes/2021-12-14-overruning-write-split.md b/cpp/ql/src/change-notes/2021-12-14-overruning-write-split.md deleted file mode 100644 index bab10eaad3c..00000000000 --- a/cpp/ql/src/change-notes/2021-12-14-overruning-write-split.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`. diff --git a/cpp/ql/src/change-notes/2021-12-30-ambiguously-signed-bit-field.md b/cpp/ql/src/change-notes/2021-12-30-ambiguously-signed-bit-field.md deleted file mode 100644 index 520165eeeec..00000000000 --- a/cpp/ql/src/change-notes/2021-12-30-ambiguously-signed-bit-field.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field. - This change reduces the number of false positives in the query. diff --git a/cpp/ql/src/change-notes/2022-01-05-promote-uncontrolled-arithmetic.md b/cpp/ql/src/change-notes/2022-01-05-promote-uncontrolled-arithmetic.md deleted file mode 100644 index b722527d8b2..00000000000 --- a/cpp/ql/src/change-notes/2022-01-05-promote-uncontrolled-arithmetic.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2022-01-18-improper-null-termination.md b/cpp/ql/src/change-notes/2022-01-18-improper-null-termination.md deleted file mode 100644 index 19d5b950037..00000000000 --- a/cpp/ql/src/change-notes/2022-01-18-improper-null-termination.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Potential improper null termination" (`cpp/improper-null-termination`) query now produces fewer false positive results around control flow branches and loops. diff --git a/cpp/ql/src/change-notes/2022-01-19-cleartext-transmission.md b/cpp/ql/src/change-notes/2022-01-19-cleartext-transmission.md deleted file mode 100644 index 4d89ad2eeaf..00000000000 --- a/cpp/ql/src/change-notes/2022-01-19-cleartext-transmission.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved in several ways to reduce false positive results. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2022-01-20-return-stack-allocated-memory.md b/cpp/ql/src/change-notes/2022-01-20-return-stack-allocated-memory.md deleted file mode 100644 index ff51d88a94e..00000000000 --- a/cpp/ql/src/change-notes/2022-01-20-return-stack-allocated-memory.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/return-stack-allocated-memory` query has been improved to produce fewer false positives. The - query has also been converted to a `path-problem` query. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2022-01-24-cleartext-storage-file.md b/cpp/ql/src/change-notes/2022-01-24-cleartext-storage-file.md deleted file mode 100644 index a1ade7f231c..00000000000 --- a/cpp/ql/src/change-notes/2022-01-24-cleartext-storage-file.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/cleartext-storage-file` query has been upgraded with non-local taint flow and has been converted to a `path-problem` query. diff --git a/cpp/ql/src/change-notes/2022-01-24-return-stack-allocated-memory.md b/cpp/ql/src/change-notes/2022-01-24-return-stack-allocated-memory.md deleted file mode 100644 index ba1ff91a243..00000000000 --- a/cpp/ql/src/change-notes/2022-01-24-return-stack-allocated-memory.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default. diff --git a/cpp/ql/src/change-notes/2022-01-26-unnamed-variable-declaration-hiding.md b/cpp/ql/src/change-notes/2022-01-26-unnamed-variable-declaration-hiding.md deleted file mode 100644 index af64813fbcf..00000000000 --- a/cpp/ql/src/change-notes/2022-01-26-unnamed-variable-declaration-hiding.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fix an issue with the `cpp/declaration-hides-variable` query where it would report variables that are unnamed in a database. diff --git a/cpp/ql/src/change-notes/released/0.0.8.md b/cpp/ql/src/change-notes/released/0.0.8.md new file mode 100644 index 00000000000..268d87d92a7 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.0.8.md @@ -0,0 +1,18 @@ +## 0.0.8 + +### New Queries + +* The `security` tag has been added to the `cpp/return-stack-allocated-memory` query. As a result, its results will now appear by default. +* The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high. +* A new `cpp/very-likely-overruning-write` query has been added to the default query suite for C/C++. The query reports some results that were formerly flagged by `cpp/overruning-write`. + +### Minor Analysis Improvements + +* Fix an issue with the `cpp/declaration-hides-variable` query where it would report variables that are unnamed in a database. +* The `cpp/cleartext-storage-file` query has been upgraded with non-local taint flow and has been converted to a `path-problem` query. +* The `cpp/return-stack-allocated-memory` query has been improved to produce fewer false positives. The + query has also been converted to a `path-problem` query. +* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved in several ways to reduce false positive results. +* The "Potential improper null termination" (`cpp/improper-null-termination`) query now produces fewer false positive results around control flow branches and loops. +* Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field. + This change reduces the number of false positives in the query. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 7d431c9eb47..85f4e82d092 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.0.8-dev +version: 0.0.8 groups: cpp dependencies: codeql/cpp-all: "*" diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 6c51f3c8ac7..e547c8d2088 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1 +1,5 @@ +## 1.0.2 + ## 1.0.0 + +## 0.0.6 diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.2.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.2.md new file mode 100644 index 00000000000..382d5a73279 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.2.md @@ -0,0 +1 @@ +## 1.0.2 diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 2f5886268c6..71f311e736a 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.1 +lastReleaseVersion: 1.0.2 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 1eb2b7c4ed7..0e79bbd87aa 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.0.2-dev +version: 1.0.2 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 6c51f3c8ac7..e547c8d2088 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1 +1,5 @@ +## 1.0.2 + ## 1.0.0 + +## 0.0.6 diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.2.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.2.md new file mode 100644 index 00000000000..382d5a73279 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.2.md @@ -0,0 +1 @@ +## 1.0.2 diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 2f5886268c6..71f311e736a 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.1 +lastReleaseVersion: 1.0.2 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index aa421871afd..1c7c18c71b3 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.0.2-dev +version: 1.0.2 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 299d8880abc..1bc640030c4 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,24 @@ +## 0.0.8 + +### Deprecated APIs + +* The `codeql/csharp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/charp-all` CodeQL pack. + +### Major Analysis Improvements + +Added support for the following C# 10 features. +* [Record structs](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#record-structs). +* [Improvements of structure types](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#improvements-of-structure-types). + * Instance parameterless constructor in a structure type. + * Enhance `WithExpr` in QL to support `structs` and anonymous classes. +* [Global using directives](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#global-using-directives). +* [File-scoped namespace declaration](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#file-scoped-namespace-declaration). +* [Enhanced #line pragma](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#enhanced-line-pragma). + +### Minor Analysis Improvements + +* The query `cs/local-shadows-member` no longer highlights parameters of `record` types. + ## 0.0.7 ## 0.0.6 diff --git a/csharp/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md b/csharp/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md deleted file mode 100644 index d73fb9519c0..00000000000 --- a/csharp/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `codeql/csharp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/charp-all` CodeQL pack. diff --git a/csharp/ql/lib/change-notes/2022-01-18-local-shadows-member.md b/csharp/ql/lib/change-notes/2022-01-18-local-shadows-member.md deleted file mode 100644 index dad981966ba..00000000000 --- a/csharp/ql/lib/change-notes/2022-01-18-local-shadows-member.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `cs/local-shadows-member` no longer highlights parameters of `record` types. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2022-01-25-csharp10-features.md b/csharp/ql/lib/change-notes/released/0.0.8.md similarity index 66% rename from csharp/ql/lib/change-notes/2022-01-25-csharp10-features.md rename to csharp/ql/lib/change-notes/released/0.0.8.md index abc5b224c59..2cda4c90ad0 100644 --- a/csharp/ql/lib/change-notes/2022-01-25-csharp10-features.md +++ b/csharp/ql/lib/change-notes/released/0.0.8.md @@ -1,6 +1,11 @@ ---- -category: majorAnalysis ---- +## 0.0.8 + +### Deprecated APIs + +* The `codeql/csharp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/charp-all` CodeQL pack. + +### Major Analysis Improvements + Added support for the following C# 10 features. * [Record structs](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#record-structs). * [Improvements of structure types](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#improvements-of-structure-types). @@ -8,4 +13,8 @@ Added support for the following C# 10 features. * Enhance `WithExpr` in QL to support `structs` and anonymous classes. * [Global using directives](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#global-using-directives). * [File-scoped namespace declaration](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#file-scoped-namespace-declaration). -* [Enhanced #line pragma](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#enhanced-line-pragma). \ No newline at end of file +* [Enhanced #line pragma](https://docs.microsoft.com/en-us/dotnet/csharp/whats-new/csharp-10#enhanced-line-pragma). + +### Minor Analysis Improvements + +* The query `cs/local-shadows-member` no longer highlights parameters of `record` types. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 06acac17e3a..b45fedea00a 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.0.8-dev +version: 0.0.8 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 299d8880abc..081b73c7685 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.0.8 + ## 0.0.7 ## 0.0.6 diff --git a/csharp/ql/src/change-notes/released/0.0.8.md b/csharp/ql/src/change-notes/released/0.0.8.md new file mode 100644 index 00000000000..bc5efa50ee2 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.0.8.md @@ -0,0 +1 @@ +## 0.0.8 diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index e136de05277..d9490351fdd 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.0.8-dev +version: 0.0.8 groups: csharp suites: codeql-suites extractor: csharp diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index b30e54908d5..311bd61da9c 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.8 + +### Deprecated APIs + +* The `codeql/java-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/java-all` CodeQL pack. + ## 0.0.7 ## 0.0.6 diff --git a/java/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md b/java/ql/lib/change-notes/released/0.0.8.md similarity index 81% rename from java/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md rename to java/ql/lib/change-notes/released/0.0.8.md index c5442373daf..4b6d72cccde 100644 --- a/java/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md +++ b/java/ql/lib/change-notes/released/0.0.8.md @@ -1,4 +1,5 @@ ---- -category: deprecated ---- +## 0.0.8 + +### Deprecated APIs + * The `codeql/java-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/java-all` CodeQL pack. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index a210d35c140..ec7fc3a4ab6 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.0.8-dev +version: 0.0.8 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index f93a0d457dc..c4200f891c7 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,26 @@ +## 0.0.8 + +### New Queries + +* A new query "Use of implicit PendingIntents" (`java/android/pending-intents`) has been added. +This query finds implicit and mutable `PendingIntents` sent to an unspecified third party +component, which may provide an attacker with access to internal components of the application +or cause other unintended effects. +* Two new queries, "Android fragment injection" (`java/android/fragment-injection`) and "Android fragment injection in PreferenceActivity" (`java/android/fragment-injection-preference-activity`) have been added. +These queries find exported Android activities that instantiate and host fragments created from user-provided data. Such activities are vulnerable to access control bypass and expose the Android application to unintended effects. +* The query "`TrustManager` that accepts all certificates" (`java/insecure-trustmanager`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @intrigus-lgtm](https://github.com/github/codeql/pull/4879). +* The query "Log Injection" (`java/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @porcupineyhairs and @dellalibera](https://github.com/github/codeql/pull/5099). +* A new query "Intent URI permission manipulation" (`java/android/intent-uri-permission-manipulation`) has been added. +This query finds Android components that return unmodified, received Intents to the calling applications, which +can provide unintended access to internal content providers of the victim application. +* A new query "Cleartext storage of sensitive information in the Android filesystem" (`java/android/cleartext-storage-filesystem`) has been added. This query finds instances of sensitive data being stored in local files without encryption, which may expose it to attackers or malicious applications. +* The query "Cleartext storage of sensitive information using `SharedPreferences` on Android" (`java/android/cleartext-storage-shared-prefs`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4675). +* The query "Unsafe certificate trust" (`java/unsafe-cert-trust`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3550). + +### Query Metadata Changes + +* The "Random used only once" (`java/random-used-once`) query no longer has a `security-severity` score. This has been causing some tools to categorise it as a security query, when it is more useful as a code-quality query. + ## 0.0.7 ## 0.0.6 diff --git a/java/ql/src/change-notes/2021-06-28-unsafe-cert-trust-query.md b/java/ql/src/change-notes/2021-06-28-unsafe-cert-trust-query.md deleted file mode 100644 index bde0c9d0249..00000000000 --- a/java/ql/src/change-notes/2021-06-28-unsafe-cert-trust-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query "Unsafe certificate trust" (`java/unsafe-cert-trust`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3550). diff --git a/java/ql/src/change-notes/2021-08-10-cleartext-storage-sharedprefs-query.md b/java/ql/src/change-notes/2021-08-10-cleartext-storage-sharedprefs-query.md deleted file mode 100644 index 472b083e7e1..00000000000 --- a/java/ql/src/change-notes/2021-08-10-cleartext-storage-sharedprefs-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query "Cleartext storage of sensitive information using `SharedPreferences` on Android" (`java/android/cleartext-storage-shared-prefs`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4675). diff --git a/java/ql/src/change-notes/2021-09-01-cleartext-storage-filesystem-query.md b/java/ql/src/change-notes/2021-09-01-cleartext-storage-filesystem-query.md deleted file mode 100644 index 7c60c03ebf4..00000000000 --- a/java/ql/src/change-notes/2021-09-01-cleartext-storage-filesystem-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* A new query "Cleartext storage of sensitive information in the Android filesystem" (`java/android/cleartext-storage-filesystem`) has been added. This query finds instances of sensitive data being stored in local files without encryption, which may expose it to attackers or malicious applications. diff --git a/java/ql/src/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md b/java/ql/src/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md deleted file mode 100644 index fddecd1b953..00000000000 --- a/java/ql/src/change-notes/2021-10-27-android-intent-uri-permission-manipulation-query.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: newQuery ---- -* A new query "Intent URI permission manipulation" (`java/android/intent-uri-permission-manipulation`) has been added. -This query finds Android components that return unmodified, received Intents to the calling applications, which -can provide unintended access to internal content providers of the victim application. \ No newline at end of file diff --git a/java/ql/src/change-notes/2021-11-04-log-injection-query.md b/java/ql/src/change-notes/2021-11-04-log-injection-query.md deleted file mode 100644 index 6326685c86c..00000000000 --- a/java/ql/src/change-notes/2021-11-04-log-injection-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query "Log Injection" (`java/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @porcupineyhairs and @dellalibera](https://github.com/github/codeql/pull/5099). \ No newline at end of file diff --git a/java/ql/src/change-notes/2021-11-15-insecure-trustamanger-query.md b/java/ql/src/change-notes/2021-11-15-insecure-trustamanger-query.md deleted file mode 100644 index 7789ebe3c25..00000000000 --- a/java/ql/src/change-notes/2021-11-15-insecure-trustamanger-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query "`TrustManager` that accepts all certificates" (`java/insecure-trustmanager`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @intrigus-lgtm](https://github.com/github/codeql/pull/4879). diff --git a/java/ql/src/change-notes/2021-12-15-android-fragment-injection-query.md b/java/ql/src/change-notes/2021-12-15-android-fragment-injection-query.md deleted file mode 100644 index 249032b7d22..00000000000 --- a/java/ql/src/change-notes/2021-12-15-android-fragment-injection-query.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: newQuery ---- -* Two new queries, "Android fragment injection" (`java/android/fragment-injection`) and "Android fragment injection in PreferenceActivity" (`java/android/fragment-injection-preference-activity`) have been added. -These queries find exported Android activities that instantiate and host fragments created from user-provided data. Such activities are vulnerable to access control bypass and expose the Android application to unintended effects. \ No newline at end of file diff --git a/java/ql/src/change-notes/2021-12-21-android-implicit-pendingintents.md b/java/ql/src/change-notes/2021-12-21-android-implicit-pendingintents.md deleted file mode 100644 index 8549f3863a6..00000000000 --- a/java/ql/src/change-notes/2021-12-21-android-implicit-pendingintents.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -category: newQuery ---- -* A new query "Use of implicit PendingIntents" (`java/android/pending-intents`) has been added. -This query finds implicit and mutable `PendingIntents` sent to an unspecified third party -component, which may provide an attacker with access to internal components of the application -or cause other unintended effects. \ No newline at end of file diff --git a/java/ql/src/change-notes/2022-01-19-random-used-once.md b/java/ql/src/change-notes/2022-01-19-random-used-once.md deleted file mode 100644 index f9a00c6528f..00000000000 --- a/java/ql/src/change-notes/2022-01-19-random-used-once.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The "Random used only once" (`java/random-used-once`) query no longer has a `security-severity` score. This has been causing some tools to categorise it as a security query, when it is more useful as a code-quality query. diff --git a/java/ql/src/change-notes/released/0.0.8.md b/java/ql/src/change-notes/released/0.0.8.md new file mode 100644 index 00000000000..a11435f0491 --- /dev/null +++ b/java/ql/src/change-notes/released/0.0.8.md @@ -0,0 +1,22 @@ +## 0.0.8 + +### New Queries + +* A new query "Use of implicit PendingIntents" (`java/android/pending-intents`) has been added. +This query finds implicit and mutable `PendingIntents` sent to an unspecified third party +component, which may provide an attacker with access to internal components of the application +or cause other unintended effects. +* Two new queries, "Android fragment injection" (`java/android/fragment-injection`) and "Android fragment injection in PreferenceActivity" (`java/android/fragment-injection-preference-activity`) have been added. +These queries find exported Android activities that instantiate and host fragments created from user-provided data. Such activities are vulnerable to access control bypass and expose the Android application to unintended effects. +* The query "`TrustManager` that accepts all certificates" (`java/insecure-trustmanager`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @intrigus-lgtm](https://github.com/github/codeql/pull/4879). +* The query "Log Injection" (`java/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @porcupineyhairs and @dellalibera](https://github.com/github/codeql/pull/5099). +* A new query "Intent URI permission manipulation" (`java/android/intent-uri-permission-manipulation`) has been added. +This query finds Android components that return unmodified, received Intents to the calling applications, which +can provide unintended access to internal content providers of the victim application. +* A new query "Cleartext storage of sensitive information in the Android filesystem" (`java/android/cleartext-storage-filesystem`) has been added. This query finds instances of sensitive data being stored in local files without encryption, which may expose it to attackers or malicious applications. +* The query "Cleartext storage of sensitive information using `SharedPreferences` on Android" (`java/android/cleartext-storage-shared-prefs`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4675). +* The query "Unsafe certificate trust" (`java/unsafe-cert-trust`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3550). + +### Query Metadata Changes + +* The "Random used only once" (`java/random-used-once`) query no longer has a `security-severity` score. This has been causing some tools to categorise it as a security query, when it is more useful as a code-quality query. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index e5ce077fa8b..74039770dcc 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.0.8-dev +version: 0.0.8 groups: java suites: codeql-suites extractor: java diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 7c18f184351..19421426c5b 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.9 + +### Deprecated APIs + +* The `codeql/javascript-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/javascript-all` CodeQL pack. + ## 0.0.8 ## 0.0.7 diff --git a/javascript/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md b/javascript/ql/lib/change-notes/released/0.0.9.md similarity index 82% rename from javascript/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md rename to javascript/ql/lib/change-notes/released/0.0.9.md index 51162736ecb..2e17351c28f 100644 --- a/javascript/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md +++ b/javascript/ql/lib/change-notes/released/0.0.9.md @@ -1,4 +1,5 @@ ---- -category: deprecated ---- +## 0.0.9 + +### Deprecated APIs + * The `codeql/javascript-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/javascript-all` CodeQL pack. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 58fdc6b45de..ecdd64fbab8 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.8 +lastReleaseVersion: 0.0.9 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 3404d696570..9be0c35ffd6 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.0.9-dev +version: 0.0.9 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 5c30c2b7504..1327d1cd8bb 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.0.9 + +### New Queries + +* A new query `js/samesite-none-cookie` has been added. The query detects when the SameSite attribute is set to None on a sensitive cookie. +* A new query `js/empty-password-in-configuration-file` has been added. The query detects empty passwords in configuration files. The query is not run by default. + ## 0.0.8 ## 0.0.7 diff --git a/javascript/ql/src/change-notes/2022-01-18-empty-password-in-configuration-file.md b/javascript/ql/src/change-notes/2022-01-18-empty-password-in-configuration-file.md deleted file mode 100644 index 4faed7eda00..00000000000 --- a/javascript/ql/src/change-notes/2022-01-18-empty-password-in-configuration-file.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* A new query `js/empty-password-in-configuration-file` has been added. The query detects empty passwords in configuration files. The query is not run by default. diff --git a/javascript/ql/src/change-notes/2022-01-24-samesite-cookie.md b/javascript/ql/src/change-notes/2022-01-24-samesite-cookie.md deleted file mode 100644 index 6bed67dafc3..00000000000 --- a/javascript/ql/src/change-notes/2022-01-24-samesite-cookie.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* A new query `js/samesite-none-cookie` has been added. The query detects when the SameSite attribute is set to None on a sensitive cookie. diff --git a/javascript/ql/src/change-notes/released/0.0.9.md b/javascript/ql/src/change-notes/released/0.0.9.md new file mode 100644 index 00000000000..976ffef98ab --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.0.9.md @@ -0,0 +1,6 @@ +## 0.0.9 + +### New Queries + +* A new query `js/samesite-none-cookie` has been added. The query detects when the SameSite attribute is set to None on a sensitive cookie. +* A new query `js/empty-password-in-configuration-file` has been added. The query detects empty passwords in configuration files. The query is not run by default. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 58fdc6b45de..ecdd64fbab8 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.8 +lastReleaseVersion: 0.0.9 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 46970a9f611..b8c0245e47f 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.0.9-dev +version: 0.0.9 groups: javascript suites: codeql-suites extractor: javascript diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 91eee68e1f4..1f762dd77ec 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.0.8 + +### Deprecated APIs + +* Moved the files defining regex injection configuration and customization, instead of `import semmle.python.security.injection.RegexInjection` please use `import semmle.python.security.dataflow.RegexInjection` (the same for `RegexInjectionCustomizations`). +* The `codeql/python-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/python-all` CodeQL pack. + ## 0.0.7 ## 0.0.6 diff --git a/python/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md b/python/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md deleted file mode 100644 index 78019c88924..00000000000 --- a/python/ql/lib/change-notes/2022-01-11-remove-upgrades-packs.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `codeql/python-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/python-all` CodeQL pack. diff --git a/python/ql/lib/change-notes/2022-01-19-move-regex-injection.md b/python/ql/lib/change-notes/released/0.0.8.md similarity index 60% rename from python/ql/lib/change-notes/2022-01-19-move-regex-injection.md rename to python/ql/lib/change-notes/released/0.0.8.md index 70f8a60a473..da643bdb889 100644 --- a/python/ql/lib/change-notes/2022-01-19-move-regex-injection.md +++ b/python/ql/lib/change-notes/released/0.0.8.md @@ -1,4 +1,6 @@ ---- -category: deprecated ---- +## 0.0.8 + +### Deprecated APIs + * Moved the files defining regex injection configuration and customization, instead of `import semmle.python.security.injection.RegexInjection` please use `import semmle.python.security.dataflow.RegexInjection` (the same for `RegexInjectionCustomizations`). +* The `codeql/python-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/python-all` CodeQL pack. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index c77c8320abc..16335df941a 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.0.8-dev +version: 0.0.8 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index e5beca94d97..a629ac4014a 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.8 + +### Major Analysis Improvements + +* User names and other account information is no longer considered to be sensitive data for the queries `py/clear-text-logging-sensitive-data` and `py/clear-text-storage-sensitive-data`, since this lead to many false positives. + ## 0.0.7 ## 0.0.6 diff --git a/python/ql/src/change-notes/2021-01-19-remove-cleartext-fps.md b/python/ql/src/change-notes/released/0.0.8.md similarity index 84% rename from python/ql/src/change-notes/2021-01-19-remove-cleartext-fps.md rename to python/ql/src/change-notes/released/0.0.8.md index 0964101a46f..9ad651d57ae 100644 --- a/python/ql/src/change-notes/2021-01-19-remove-cleartext-fps.md +++ b/python/ql/src/change-notes/released/0.0.8.md @@ -1,4 +1,5 @@ ---- -category: majorAnalysis ---- +## 0.0.8 + +### Major Analysis Improvements + * User names and other account information is no longer considered to be sensitive data for the queries `py/clear-text-logging-sensitive-data` and `py/clear-text-storage-sensitive-data`, since this lead to many false positives. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 84802b3bdbe..c4af89cbe0d 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.0.8-dev +version: 0.0.8 groups: python dependencies: codeql/python-all: "*" diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index a2635c665fd..2bda39db9ae 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.0.8 + ## 0.0.7 ## 0.0.6 diff --git a/ruby/ql/lib/change-notes/released/0.0.8.md b/ruby/ql/lib/change-notes/released/0.0.8.md new file mode 100644 index 00000000000..bc5efa50ee2 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.0.8.md @@ -0,0 +1 @@ +## 0.0.8 diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index b02be683efc..5f4346208ca 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.0.8-dev +version: 0.0.8 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 5cdd1d52c54..42575a31913 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,15 @@ +## 0.0.8 + +### New Queries + +lgtm,codescanning +* Added a new query, `rb/weak-cookie-configuration`. The query finds cases where cookie configuration options are set to values that may make an application more vulnerable to certain attacks. + +### Minor Analysis Improvements + +lgtm,codescanning +* The query `rb/csrf-protection-disabled` has been extended to find calls to the Rails method `protect_from_forgery` that may weaken CSRF protection. + ## 0.0.7 ## 0.0.6 diff --git a/ruby/ql/src/change-notes/2021-12-06-weak-cookie-configuration-query.md b/ruby/ql/src/change-notes/2021-12-06-weak-cookie-configuration-query.md deleted file mode 100644 index 872d34b15ef..00000000000 --- a/ruby/ql/src/change-notes/2021-12-06-weak-cookie-configuration-query.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: newQuery ---- -lgtm,codescanning -* Added a new query, `rb/weak-cookie-configuration`. The query finds cases where cookie configuration options are set to values that may make an application more vulnerable to certain attacks. diff --git a/ruby/ql/src/change-notes/2022-01-19-csrf-protection-weakened.md b/ruby/ql/src/change-notes/2022-01-19-csrf-protection-weakened.md deleted file mode 100644 index 55477a11cec..00000000000 --- a/ruby/ql/src/change-notes/2022-01-19-csrf-protection-weakened.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -lgtm,codescanning -* The query `rb/csrf-protection-disabled` has been extended to find calls to the Rails method `protect_from_forgery` that may weaken CSRF protection. diff --git a/ruby/ql/src/change-notes/released/0.0.8.md b/ruby/ql/src/change-notes/released/0.0.8.md new file mode 100644 index 00000000000..25d41c500f4 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.0.8.md @@ -0,0 +1,11 @@ +## 0.0.8 + +### New Queries + +lgtm,codescanning +* Added a new query, `rb/weak-cookie-configuration`. The query finds cases where cookie configuration options are set to values that may make an application more vulnerable to certain attacks. + +### Minor Analysis Improvements + +lgtm,codescanning +* The query `rb/csrf-protection-disabled` has been extended to find calls to the Rails method `protect_from_forgery` that may weaken CSRF protection. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 79c72ac1145..0823c77f851 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.0.8-dev +version: 0.0.8 groups: ruby suites: codeql-suites defaultSuiteFile: codeql-suites/ruby-code-scanning.qls