mirror of
https://github.com/github/codeql.git
synced 2026-04-24 16:25:15 +02:00
Merge pull request #16926 from github/post-release-prep/codeql-cli-2.18.0
Post-release preparation for codeql-cli-2.18.0
This commit is contained in:
Angela P Wen
5
.github/workflows/compile-queries.yml
vendored
5
.github/workflows/compile-queries.yml
vendored
@@ -29,6 +29,8 @@ jobs:
|
||||
key: all-queries
|
||||
- name: check formatting
|
||||
run: find shared */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only
|
||||
- name: Omit DatabaseQualityDiagnostics.ql from compile checking # Remove me once CodeQL 2.18.0 is released!
|
||||
run: mv java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql{,.hidden}
|
||||
- name: compile queries - check-only
|
||||
# run with --check-only if running in a PR (github.sha != main)
|
||||
if : ${{ github.event_name == 'pull_request' }}
|
||||
@@ -39,3 +41,6 @@ jobs:
|
||||
if : ${{ github.event_name != 'pull_request' }}
|
||||
shell: bash
|
||||
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500
|
||||
- name: Restore DatabaseQualityDiagnostics.ql after compile checking # Remove me once CodeQL 2.18.0 is released
|
||||
run: mv java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql{.hidden,}
|
||||
|
||||
|
||||
@@ -1,3 +1,15 @@
|
||||
## 1.2.0
|
||||
|
||||
### New Features
|
||||
|
||||
* The syntax for models-as-data rows has been extended to make it easier to select sources, sinks, and summaries that involve templated functions and classes. Additionally, the syntax has also been extended to make it easier to specify models with arbitrary levels of indirection. See `dataflow/ExternalFlow.qll` for the updated documentation and specification for the model format.
|
||||
* It is now possible to extend the classes `AllocationFunction` and `DeallocationFunction` via data extensions. Extensions of these classes should be added to the `lib/ext/allocation` and `lib/ext/deallocation` directories respectively.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The queries "Potential double free" (`cpp/double-free`) and "Potential use after free" (`cpp/use-after-free`) now produce fewer false positives.
|
||||
* The "Guards" library (`semmle.code.cpp.controlflow.Guards`) now also infers guards from calls to the builtin operation `__builtin_expect`. As a result, some queries may produce fewer false positives.
|
||||
|
||||
## 1.1.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "Guards" library (`semmle.code.cpp.controlflow.Guards`) now also infers guards from calls to the builtin operation `__builtin_expect`. As a result, some queries may produce fewer false positives.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The queries "Potential double free" (`cpp/double-free`) and "Potential use after free" (`cpp/use-after-free`) now produce fewer false positives.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* It is now possible to extend the classes `AllocationFunction` and `DeallocationFunction` via data extensions. Extensions of these classes should be added to the `lib/ext/allocation` and `lib/ext/deallocation` directories respectively.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* The syntax for models-as-data rows has been extended to make it easier to select sources, sinks, and summaries that involve templated functions and classes. Additionally, the syntax has also been extended to make it easier to specify models with arbitrary levels of indirection. See `dataflow/ExternalFlow.qll` for the updated documentation and specification for the model format.
|
||||
11
cpp/ql/lib/change-notes/released/1.2.0.md
Normal file
11
cpp/ql/lib/change-notes/released/1.2.0.md
Normal file
@@ -0,0 +1,11 @@
|
||||
## 1.2.0
|
||||
|
||||
### New Features
|
||||
|
||||
* The syntax for models-as-data rows has been extended to make it easier to select sources, sinks, and summaries that involve templated functions and classes. Additionally, the syntax has also been extended to make it easier to specify models with arbitrary levels of indirection. See `dataflow/ExternalFlow.qll` for the updated documentation and specification for the model format.
|
||||
* It is now possible to extend the classes `AllocationFunction` and `DeallocationFunction` via data extensions. Extensions of these classes should be added to the `lib/ext/allocation` and `lib/ext/deallocation` directories respectively.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The queries "Potential double free" (`cpp/double-free`) and "Potential use after free" (`cpp/use-after-free`) now produce fewer false positives.
|
||||
* The "Guards" library (`semmle.code.cpp.controlflow.Guards`) now also infers guards from calls to the builtin operation `__builtin_expect`. As a result, some queries may produce fewer false positives.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.1
|
||||
lastReleaseVersion: 1.2.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 1.1.2-dev
|
||||
version: 1.2.1-dev
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
cpp/ql/src/change-notes/released/1.0.3.md
Normal file
3
cpp/ql/src/change-notes/released/1.0.3.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.20
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.19
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.20
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.19
|
||||
lastReleaseVersion: 1.7.20
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.20-dev
|
||||
version: 1.7.21-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.20
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.19
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.20
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.19
|
||||
lastReleaseVersion: 1.7.20
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.20-dev
|
||||
version: 1.7.21-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
csharp/ql/lib/change-notes/released/1.0.3.md
Normal file
3
csharp/ql/lib/change-notes/released/1.0.3.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
csharp/ql/src/change-notes/released/1.0.3.md
Normal file
3
csharp/ql/src/change-notes/released/1.0.3.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
go/ql/consistency-queries/change-notes/released/1.0.3.md
Normal file
3
go/ql/consistency-queries/change-notes/released/1.0.3.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 1.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* DataFlow queries which previously used `RemoteFlowSource` to define their sources have been modified to instead use `ThreatModelFlowSource`. This means these queries will now respect threat model configurations. The default threat model configuration is equivalent to `RemoteFlowSource`, so there should be no change in results for users using the default.
|
||||
* Added the `ThreatModelFlowSource` class to `FlowSources.qll`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. This is the first step in supporting threat modeling for Go.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed dataflow via global variables other than via a direct write: for example, via a side-effect on a global, such as `io.copy(SomeGlobal, ...)` or via assignment to a field or array or slice cell of a global. This means that any data-flow query may return more results where global variables are involved.
|
||||
|
||||
## 1.1.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added the `ThreatModelFlowSource` class to `FlowSources.qll`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. This is the first step in supporting threat modeling for Go.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* DataFlow queries which previously used `RemoteFlowSource` to define their sources have been modified to instead use `ThreatModelFlowSource`. This means these queries will now respect threat model configurations. The default threat model configuration is equivalent to `RemoteFlowSource`, so there should be no change in results for users using the default.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed dataflow via global variables other than via a direct write: for example, via a side-effect on a global, such as `io.copy(SomeGlobal, ...)` or via assignment to a field or array or slice cell of a global. This means that any data-flow query may return more results where global variables are involved.
|
||||
10
go/ql/lib/change-notes/released/1.1.2.md
Normal file
10
go/ql/lib/change-notes/released/1.1.2.md
Normal file
@@ -0,0 +1,10 @@
|
||||
## 1.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* DataFlow queries which previously used `RemoteFlowSource` to define their sources have been modified to instead use `ThreatModelFlowSource`. This means these queries will now respect threat model configurations. The default threat model configuration is equivalent to `RemoteFlowSource`, so there should be no change in results for users using the default.
|
||||
* Added the `ThreatModelFlowSource` class to `FlowSources.qll`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. This is the first step in supporting threat modeling for Go.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed dataflow via global variables other than via a direct write: for example, via a side-effect on a global, such as `io.copy(SomeGlobal, ...)` or via assignment to a field or array or slice cell of a global. This means that any data-flow query may return more results where global variables are involved.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.1
|
||||
lastReleaseVersion: 1.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 1.1.2-dev
|
||||
version: 1.1.3-dev
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
go/ql/src/change-notes/released/1.0.3.md
Normal file
3
go/ql/src/change-notes/released/1.0.3.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
java/ql/automodel/src/change-notes/released/1.0.3.md
Normal file
3
java/ql/automodel/src/change-notes/released/1.0.3.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-automodel-queries
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups:
|
||||
- java
|
||||
- automodel
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
diagnosticAttributes
|
||||
| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityCliSummaryTable | true |
|
||||
| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityStatusPage | true |
|
||||
| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityTelemetry | true |
|
||||
#select
|
||||
| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | 1 |
|
||||
@@ -0,0 +1 @@
|
||||
Telemetry/DatabaseQualityDiagnostics.ql
|
||||
@@ -1,3 +1,25 @@
|
||||
## 1.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models for the following packages:
|
||||
|
||||
* io.undertow.server.handlers.resource
|
||||
* jakarta.faces.context
|
||||
* javax.faces.context
|
||||
* javax.servlet
|
||||
* org.jboss.vfs
|
||||
* org.springframework.core.io
|
||||
* A bug has been fixed in the heuristic identification of uncertain control
|
||||
flow, which is used to filter data flow in order to improve performance and
|
||||
reduce false positives. This fix means that slightly more code is identified
|
||||
and hence pruned from data flow.
|
||||
* Excluded reverse DNS from the loopback address as a source of untrusted data.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Support for `codeql test run` for Kotlin sources has been fixed.
|
||||
|
||||
## 1.1.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
|
||||
* Support for `codeql test run` for Kotlin sources has been fixed.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Excluded reverse DNS from the loopback address as a source of untrusted data.
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* A bug has been fixed in the heuristic identification of uncertain control
|
||||
flow, which is used to filter data flow in order to improve performance and
|
||||
reduce false positives. This fix means that slightly more code is identified
|
||||
and hence pruned from data flow.
|
||||
4
java/ql/lib/change-notes/2024-06-25-java-tools-status.md
Normal file
4
java/ql/lib/change-notes/2024-06-25-java-tools-status.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Java build-mode `none` analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.
|
||||
@@ -1,11 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
|
||||
* io.undertow.server.handlers.resource
|
||||
* jakarta.faces.context
|
||||
* javax.faces.context
|
||||
* javax.servlet
|
||||
* org.jboss.vfs
|
||||
* org.springframework.core.io
|
||||
21
java/ql/lib/change-notes/released/1.1.2.md
Normal file
21
java/ql/lib/change-notes/released/1.1.2.md
Normal file
@@ -0,0 +1,21 @@
|
||||
## 1.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models for the following packages:
|
||||
|
||||
* io.undertow.server.handlers.resource
|
||||
* jakarta.faces.context
|
||||
* javax.faces.context
|
||||
* javax.servlet
|
||||
* org.jboss.vfs
|
||||
* org.springframework.core.io
|
||||
* A bug has been fixed in the heuristic identification of uncertain control
|
||||
flow, which is used to filter data flow in order to improve performance and
|
||||
reduce false positives. This fix means that slightly more code is identified
|
||||
and hence pruned from data flow.
|
||||
* Excluded reverse DNS from the loopback address as a source of untrusted data.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Support for `codeql test run` for Kotlin sources has been fixed.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.1
|
||||
lastReleaseVersion: 1.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 1.1.2-dev
|
||||
version: 1.1.3-dev
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 1.1.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The query `java/weak-cryptographic-algorithm` no longer alerts about `RSA/ECB` algorithm strings.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The query `java/tainted-permissions-check` now uses threat models. This means that `local` sources are no longer included by default for this query, but can be added by enabling the `local` threat model.
|
||||
* Added more `org.apache.commons.io.FileUtils`-related sinks to the path injection query.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
65
java/ql/src/Telemetry/DatabaseQuality.qll
Normal file
65
java/ql/src/Telemetry/DatabaseQuality.qll
Normal file
@@ -0,0 +1,65 @@
|
||||
/**
|
||||
* Provides database quality statistics that are reported by java/telemetry/extractor-information
|
||||
* and perhaps warned about by java/diagnostics/database-quality.
|
||||
*/
|
||||
|
||||
import java
|
||||
|
||||
signature module StatsSig {
|
||||
int getNumberOfOk();
|
||||
|
||||
int getNumberOfNotOk();
|
||||
|
||||
string getOkText();
|
||||
|
||||
string getNotOkText();
|
||||
}
|
||||
|
||||
module ReportStats<StatsSig Stats> {
|
||||
predicate numberOfOk(string key, int value) {
|
||||
value = Stats::getNumberOfOk() and
|
||||
key = "Number of " + Stats::getOkText()
|
||||
}
|
||||
|
||||
predicate numberOfNotOk(string key, int value) {
|
||||
value = Stats::getNumberOfNotOk() and
|
||||
key = "Number of " + Stats::getNotOkText()
|
||||
}
|
||||
|
||||
predicate percentageOfOk(string key, float value) {
|
||||
value = Stats::getNumberOfOk() * 100.0 / (Stats::getNumberOfOk() + Stats::getNumberOfNotOk()) and
|
||||
key = "Percentage of " + Stats::getOkText()
|
||||
}
|
||||
}
|
||||
|
||||
module CallTargetStats implements StatsSig {
|
||||
int getNumberOfOk() { result = count(Call c | exists(c.getCallee())) }
|
||||
|
||||
int getNumberOfNotOk() { result = count(Call c | not exists(c.getCallee())) }
|
||||
|
||||
string getOkText() { result = "calls with call target" }
|
||||
|
||||
string getNotOkText() { result = "calls with missing call target" }
|
||||
}
|
||||
|
||||
private class SourceExpr extends Expr {
|
||||
SourceExpr() { this.getFile().isSourceFile() }
|
||||
}
|
||||
|
||||
private predicate hasGoodType(Expr e) {
|
||||
exists(e.getType()) and not e.getType() instanceof ErrorType
|
||||
}
|
||||
|
||||
module ExprTypeStats implements StatsSig {
|
||||
int getNumberOfOk() { result = count(SourceExpr e | hasGoodType(e)) }
|
||||
|
||||
int getNumberOfNotOk() { result = count(SourceExpr e | not hasGoodType(e)) }
|
||||
|
||||
string getOkText() { result = "expressions with known type" }
|
||||
|
||||
string getNotOkText() { result = "expressions with unknown type" }
|
||||
}
|
||||
|
||||
module CallTargetStatsReport = ReportStats<CallTargetStats>;
|
||||
|
||||
module ExprTypeStatsReport = ReportStats<ExprTypeStats>;
|
||||
44
java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
Normal file
44
java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
Normal file
@@ -0,0 +1,44 @@
|
||||
/**
|
||||
* @name Low Java analysis quality
|
||||
* @description Low Java analysis quality
|
||||
* @kind diagnostic
|
||||
* @id java/diagnostic/database-quality
|
||||
*/
|
||||
|
||||
import java
|
||||
import DatabaseQuality
|
||||
|
||||
private newtype TDbQualityDiagnostic =
|
||||
TTheDbQualityDiagnostic() {
|
||||
exists(float percentageGood |
|
||||
CallTargetStatsReport::percentageOfOk(_, percentageGood)
|
||||
or
|
||||
ExprTypeStatsReport::percentageOfOk(_, percentageGood)
|
||||
|
|
||||
percentageGood < 95
|
||||
)
|
||||
}
|
||||
|
||||
class DbQualityDiagnostic extends TDbQualityDiagnostic {
|
||||
string toString() {
|
||||
result =
|
||||
"Scanning Java code completed successfully, but the scan encountered issues. " +
|
||||
"This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- "
|
||||
+
|
||||
"see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. "
|
||||
+
|
||||
"Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java "
|
||||
+
|
||||
"using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes)."
|
||||
}
|
||||
}
|
||||
|
||||
query predicate diagnosticAttributes(DbQualityDiagnostic e, string key, string value) {
|
||||
e = e and // Quieten warning about unconstrained 'e'
|
||||
key = ["visibilityCliSummaryTable", "visibilityTelemetry", "visibilityStatusPage"] and
|
||||
value = "true"
|
||||
}
|
||||
|
||||
from DbQualityDiagnostic d
|
||||
select d, d.toString(), 1
|
||||
/* Warning severity */
|
||||
@@ -8,6 +8,7 @@
|
||||
|
||||
import java
|
||||
import semmle.code.java.Diagnostics
|
||||
import DatabaseQuality
|
||||
|
||||
extensible predicate extractorInformationSkipKey(string key);
|
||||
|
||||
@@ -85,65 +86,6 @@ predicate extractorTotalDiagnostics(string key, int value) {
|
||||
)
|
||||
}
|
||||
|
||||
signature module StatsSig {
|
||||
int getNumberOfOk();
|
||||
|
||||
int getNumberOfNotOk();
|
||||
|
||||
string getOkText();
|
||||
|
||||
string getNotOkText();
|
||||
}
|
||||
|
||||
module ReportStats<StatsSig Stats> {
|
||||
predicate numberOfOk(string key, int value) {
|
||||
value = Stats::getNumberOfOk() and
|
||||
key = "Number of " + Stats::getOkText()
|
||||
}
|
||||
|
||||
predicate numberOfNotOk(string key, int value) {
|
||||
value = Stats::getNumberOfNotOk() and
|
||||
key = "Number of " + Stats::getNotOkText()
|
||||
}
|
||||
|
||||
predicate percentageOfOk(string key, float value) {
|
||||
value = Stats::getNumberOfOk() * 100.0 / (Stats::getNumberOfOk() + Stats::getNumberOfNotOk()) and
|
||||
key = "Percentage of " + Stats::getOkText()
|
||||
}
|
||||
}
|
||||
|
||||
module CallTargetStats implements StatsSig {
|
||||
int getNumberOfOk() { result = count(Call c | exists(c.getCallee())) }
|
||||
|
||||
int getNumberOfNotOk() { result = count(Call c | not exists(c.getCallee())) }
|
||||
|
||||
string getOkText() { result = "calls with call target" }
|
||||
|
||||
string getNotOkText() { result = "calls with missing call target" }
|
||||
}
|
||||
|
||||
private class SourceExpr extends Expr {
|
||||
SourceExpr() { this.getFile().isSourceFile() }
|
||||
}
|
||||
|
||||
private predicate hasGoodType(Expr e) {
|
||||
exists(e.getType()) and not e.getType() instanceof ErrorType
|
||||
}
|
||||
|
||||
module ExprTypeStats implements StatsSig {
|
||||
int getNumberOfOk() { result = count(SourceExpr e | hasGoodType(e)) }
|
||||
|
||||
int getNumberOfNotOk() { result = count(SourceExpr e | not hasGoodType(e)) }
|
||||
|
||||
string getOkText() { result = "expressions with known type" }
|
||||
|
||||
string getNotOkText() { result = "expressions with unknown type" }
|
||||
}
|
||||
|
||||
module CallTargetStatsReport = ReportStats<CallTargetStats>;
|
||||
|
||||
module ExprTypeStatsReport = ReportStats<ExprTypeStats>;
|
||||
|
||||
from string key, int value
|
||||
where
|
||||
not exists(string pattern | extractorInformationSkipKey(pattern) and key.matches(pattern)) and
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* The query `java/weak-cryptographic-algorithm` no longer alerts about `RSA/ECB` algorithm strings.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more `org.apache.commons.io.FileUtils`-related sinks to the path injection query.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The query `java/tainted-permissions-check` now uses threat models. This means that `local` sources are no longer included by default for this query, but can be added by enabling the `local` threat model.
|
||||
10
java/ql/src/change-notes/released/1.1.0.md
Normal file
10
java/ql/src/change-notes/released/1.1.0.md
Normal file
@@ -0,0 +1,10 @@
|
||||
## 1.1.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The query `java/weak-cryptographic-algorithm` no longer alerts about `RSA/ECB` algorithm strings.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The query `java/tainted-permissions-check` now uses threat models. This means that `local` sources are no longer included by default for this query, but can be added by enabling the `local` threat model.
|
||||
* Added more `org.apache.commons.io.FileUtils`-related sinks to the path injection query.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.1.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 1.0.3-dev
|
||||
version: 1.1.1-dev
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 1.1.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added support for TypeScript 5.5.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Enabled type-tracking to follow content through array methods
|
||||
* Improved modeling of `Array.prototype.splice` for when it is called with more than two arguments
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* Added support for TypeScript 5.5.
|
||||
@@ -1,5 +1,10 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.1.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added support for TypeScript 5.5.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Enabled type-tracking to follow content through array methods
|
||||
* Improved modeling of `Array.prototype.splice` for when it is called with more than two arguments
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.1.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 1.0.3-dev
|
||||
version: 1.1.1-dev
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.0.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added a new experimental query, `js/cors-misconfiguration`, which detects misconfigured CORS HTTP headers in the `cors` and `apollo` libraries.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added a new experimental query, `js/cors-misconfiguration`, which detects misconfigured CORS HTTP headers in the `cors` and `apollo` libraries.
|
||||
## 1.0.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added a new experimental query, `js/cors-misconfiguration`, which detects misconfigured CORS HTTP headers in the `cors` and `apollo` libraries.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
misc/suite-helpers/change-notes/released/1.0.3.md
Normal file
3
misc/suite-helpers/change-notes/released/1.0.3.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: codeql/suite-helpers
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.0.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* A number of Python queries now support sinks defined using data extensions. The format of data extensions for Python has been documented.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* A number of Python queries now support sinks defined using data extensions. The format of data extensions for Python has been documented.
|
||||
## 1.0.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* A number of Python queries now support sinks defined using data extensions. The format of data extensions for Python has been documented.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 1.0.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Adding Python support for Hardcoded Credentials as Models as Data
|
||||
* Additional sanitizers have been added to the `py/full-ssrf` and `py/partial-ssrf` queries for methods that verify a string contains only a certain set of characters, such as `.isalnum()` as well as regular expression tests.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Adding Python support for Hardcoded Credentials as Models as Data
|
||||
@@ -1,4 +1,6 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Additional sanitizers have been added to the `py/full-ssrf` and `py/partial-ssrf` queries for methods that verify a string contains only a certain set of characters, such as `.isalnum()` as well as regular expression tests.
|
||||
## 1.0.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Adding Python support for Hardcoded Credentials as Models as Data
|
||||
* Additional sanitizers have been added to the `py/full-ssrf` and `py/partial-ssrf` queries for methods that verify a string contains only a certain set of characters, such as `.isalnum()` as well as regular expression tests.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-queries
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 1.0.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Element references with blocks, such as `foo[:bar] { |x| puts x}`, are now parsed correctly.
|
||||
* The `CleartextSources.qll` library, used by `rb/clear-text-logging-sensitive-data` and `rb/clear-text-logging-sensitive-data`, has been updated to consider heuristics for additional categories of sensitive data.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Element references with blocks, such as `foo[:bar] { |x| puts x}`, are now parsed correctly.
|
||||
@@ -1,4 +1,6 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `CleartextSources.qll` library, used by `rb/clear-text-logging-sensitive-data` and `rb/clear-text-logging-sensitive-data`, has been updated to consider heuristics for additional categories of sensitive data.
|
||||
## 1.0.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Element references with blocks, such as `foo[:bar] { |x| puts x}`, are now parsed correctly.
|
||||
* The `CleartextSources.qll` library, used by `rb/clear-text-logging-sensitive-data` and `rb/clear-text-logging-sensitive-data`, has been updated to consider heuristics for additional categories of sensitive data.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-all
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
ruby/ql/src/change-notes/released/1.0.3.md
Normal file
3
ruby/ql/src/change-notes/released/1.0.3.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.3
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.2
|
||||
lastReleaseVersion: 1.0.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-queries
|
||||
version: 1.0.3-dev
|
||||
version: 1.0.4-dev
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user