hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Release preparation for version 2.17.0"

Browse Source
This commit is contained in:
Chuan-kai Lin
2024-04-02 10:06:20 -07:00
committed by GitHub
parent 48f93438d8
commit 6c649c898e
173 changed files with 249 additions and 478 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/automodel/src/CHANGELOG.md
View File

@@ -1,7 +1,3 @@
## 0.0.20
No user-facing changes.
## 0.0.19
No user-facing changes.

3
java/ql/automodel/src/change-notes/released/0.0.20.md
View File

@@ -1,3 +0,0 @@
## 0.0.20
No user-facing changes.

2
java/ql/automodel/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.20
lastReleaseVersion: 0.0.19

2
java/ql/automodel/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-automodel-queries
version: 0.0.20
version: 0.0.20-dev
groups:
- java
- automodel

13
java/ql/lib/CHANGELOG.md
View File

@@ -1,16 +1,3 @@
## 0.9.0
### Breaking Changes
* The Java extractor no longer supports the `ODASA_SNAPSHOT` legacy environment variable.
### Minor Analysis Improvements
* Increased the precision of some dataflow models of the class `java.net.URL` by distinguishing the parts of a URL.
* The Java extractor and QL libraries now support Java 22, including support for anonymous variables, lambda parameters and patterns.
* Pattern cases with multiple patterns and that fall through to or from other pattern cases are now supported. The `PatternCase` class gains the new `getPatternAtIndex` and `getAPattern` predicates, and deprecates `getPattern`.
* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class.
## 0.8.12
No user-facing changes.

4
java/ql/lib/change-notes/2024-03-11-add-parcelfiledescriptor-open-model.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class.

4
java/ql/lib/change-notes/2024-03-21-env-vars.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: breaking
---
* The Java extractor no longer supports the `ODASA_SNAPSHOT` legacy environment variable.

5
java/ql/lib/change-notes/2024-03-22-anonymous-variables.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
* The Java extractor and QL libraries now support Java 22, including support for anonymous variables, lambda parameters and patterns.
* Pattern cases with multiple patterns and that fall through to or from other pattern cases are now supported. The `PatternCase` class gains the new `getPatternAtIndex` and `getAPattern` predicates, and deprecates `getPattern`.

4
java/ql/lib/change-notes/2024-03-26-url-models-precision.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Increased the precision of some dataflow models of the class `java.net.URL` by distinguishing the parts of a URL.

12
java/ql/lib/change-notes/released/0.9.0.md
View File

@@ -1,12 +0,0 @@
## 0.9.0
### Breaking Changes
* The Java extractor no longer supports the `ODASA_SNAPSHOT` legacy environment variable.
### Minor Analysis Improvements
* Increased the precision of some dataflow models of the class `java.net.URL` by distinguishing the parts of a URL.
* The Java extractor and QL libraries now support Java 22, including support for anonymous variables, lambda parameters and patterns.
* Pattern cases with multiple patterns and that fall through to or from other pattern cases are now supported. The `PatternCase` class gains the new `getPatternAtIndex` and `getAPattern` predicates, and deprecates `getPattern`.
* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.9.0
lastReleaseVersion: 0.8.12

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 0.9.0
version: 0.8.13-dev
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

15
java/ql/src/CHANGELOG.md
View File

@@ -1,18 +1,3 @@
## 0.8.13
### New Queries
* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286).
### Major Analysis Improvements
* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.
### Minor Analysis Improvements
* Variables named `tokenImage` are no longer sources for the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.
* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries.
## 0.8.12
No user-facing changes.

4
java/ql/src/change-notes/2024-03-06-url-forward-query.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: newQuery
---
* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286).

4
java/ql/src/change-notes/2024-03-12-request-sanitizers.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries.

4
java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Variables named `tokenImage` are no longer sources for the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.

4
java/ql/src/change-notes/2024-03-27-MissingEnumInSwitch.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.

14
java/ql/src/change-notes/released/0.8.13.md
View File

@@ -1,14 +0,0 @@
## 0.8.13
### New Queries
* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286).
### Major Analysis Improvements
* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.
### Minor Analysis Improvements
* Variables named `tokenImage` are no longer sources for the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.
* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.8.13
lastReleaseVersion: 0.8.12

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 0.8.13
version: 0.8.13-dev
groups:
- java
- queries