upgrade query to detect redash CVE too

2026-05-04 13:15:21 +02:00 · 2023-06-30 22:14:50 +10:00
parent 7a17b99c17
commit 816799c4ba
436 changed files with 13346 additions and 1089 deletions
--- a/shared/regex/CHANGELOG.md
+++ b/shared/regex/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.14
+
+No user-facing changes.
+
 ## 0.0.13

 No user-facing changes.
--- a/shared/regex/change-notes/released/0.0.14.md
+++ b/shared/regex/change-notes/released/0.0.14.md
@@ -0,0 +1,3 @@
+## 0.0.14
+
+No user-facing changes.
--- a/shared/regex/codeql-pack.release.yml
+++ b/shared/regex/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.13
+lastReleaseVersion: 0.0.14
--- a/shared/regex/codeql/regex/nfa/NfaUtils.qll
+++ b/shared/regex/codeql/regex/nfa/NfaUtils.qll
@@ -864,6 +864,9 @@ module Make<RegexTreeViewSig TreeImpl> {
     */
    RegExpTerm getRepr() { result = repr }

+    /**
+     * Holds if the term represented by this state is found at the specified location offsets.
+     */
    predicate hasLocationInfo(string file, int line, int column, int endline, int endcolumn) {
      repr.hasLocationInfo(file, line, column, endline, endcolumn)
    }
--- a/shared/regex/qlpack.yml
+++ b/shared/regex/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/regex
-version: 0.0.14-dev
+version: 0.0.15-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/ssa/CHANGELOG.md
+++ b/shared/ssa/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.18
+
+No user-facing changes.
+
 ## 0.0.17

 No user-facing changes.
--- a/shared/ssa/change-notes/released/0.0.18.md
+++ b/shared/ssa/change-notes/released/0.0.18.md
@@ -0,0 +1,3 @@
+## 0.0.18
+
+No user-facing changes.
--- a/shared/ssa/codeql-pack.release.yml
+++ b/shared/ssa/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.17
+lastReleaseVersion: 0.0.18
--- a/shared/ssa/qlpack.yml
+++ b/shared/ssa/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ssa
-version: 0.0.18-dev
+version: 0.0.19-dev
 groups: shared
 library: true
 warnOnImplicitThis: true
--- a/shared/tutorial/CHANGELOG.md
+++ b/shared/tutorial/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.11
+
+No user-facing changes.
+
 ## 0.0.10

 No user-facing changes.
--- a/shared/tutorial/change-notes/released/0.0.11.md
+++ b/shared/tutorial/change-notes/released/0.0.11.md
@@ -0,0 +1,3 @@
+## 0.0.11
+
+No user-facing changes.
--- a/shared/tutorial/codeql-pack.release.yml
+++ b/shared/tutorial/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.10
+lastReleaseVersion: 0.0.11
--- a/shared/tutorial/qlpack.yml
+++ b/shared/tutorial/qlpack.yml
@@ -1,6 +1,6 @@
 name: codeql/tutorial
 description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries.
-version: 0.0.11-dev
+version: 0.0.12-dev
 groups: shared
 library: true
 warnOnImplicitThis: true
--- a/shared/typetracking/CHANGELOG.md
+++ b/shared/typetracking/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.11
+
+No user-facing changes.
+
 ## 0.0.10

 No user-facing changes.
--- a/shared/typetracking/change-notes/released/0.0.11.md
+++ b/shared/typetracking/change-notes/released/0.0.11.md
@@ -0,0 +1,3 @@
+## 0.0.11
+
+No user-facing changes.
--- a/shared/typetracking/codeql-pack.release.yml
+++ b/shared/typetracking/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.10
+lastReleaseVersion: 0.0.11
--- a/shared/typetracking/qlpack.yml
+++ b/shared/typetracking/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/typetracking
-version: 0.0.11-dev
+version: 0.0.12-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/typos/CHANGELOG.md
+++ b/shared/typos/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.18
+
+No user-facing changes.
+
 ## 0.0.17

 No user-facing changes.
--- a/shared/typos/change-notes/released/0.0.18.md
+++ b/shared/typos/change-notes/released/0.0.18.md
@@ -0,0 +1,3 @@
+## 0.0.18
+
+No user-facing changes.
--- a/shared/typos/codeql-pack.release.yml
+++ b/shared/typos/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.17
+lastReleaseVersion: 0.0.18
--- a/shared/typos/qlpack.yml
+++ b/shared/typos/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/typos
-version: 0.0.18-dev
+version: 0.0.19-dev
 groups: shared
 library: true
 warnOnImplicitThis: true
--- a/shared/util/CHANGELOG.md
+++ b/shared/util/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.11
+
+No user-facing changes.
+
 ## 0.0.10

 No user-facing changes.
--- a/shared/util/change-notes/released/0.0.11.md
+++ b/shared/util/change-notes/released/0.0.11.md
@@ -0,0 +1,3 @@
+## 0.0.11
+
+No user-facing changes.
--- a/shared/util/codeql-pack.release.yml
+++ b/shared/util/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.10
+lastReleaseVersion: 0.0.11
--- a/shared/util/codeql/util/test/InlineExpectationsTest.qll
+++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll
@@ -396,6 +396,63 @@ module Make<InlineExpectationsTestSig Impl> {
    }
  }

+  /**
+   * A module that merges three test signatures.
+   */
+  module MergeTests3<TestSig TestImpl1, TestSig TestImpl2, TestSig TestImpl3> implements TestSig {
+    private module M = MergeTests<MergeTests<TestImpl1, TestImpl2>, TestImpl3>;
+
+    string getARelevantTag() { result = M::getARelevantTag() }
+
+    predicate hasActualResult(Impl::Location location, string element, string tag, string value) {
+      M::hasActualResult(location, element, tag, value)
+    }
+
+    predicate hasOptionalResult(Impl::Location location, string element, string tag, string value) {
+      M::hasOptionalResult(location, element, tag, value)
+    }
+  }
+
+  /**
+   * A module that merges four test signatures.
+   */
+  module MergeTests4<TestSig TestImpl1, TestSig TestImpl2, TestSig TestImpl3, TestSig TestImpl4>
+    implements TestSig
+  {
+    private module M = MergeTests<MergeTests3<TestImpl1, TestImpl2, TestImpl3>, TestImpl4>;
+
+    string getARelevantTag() { result = M::getARelevantTag() }
+
+    predicate hasActualResult(Impl::Location location, string element, string tag, string value) {
+      M::hasActualResult(location, element, tag, value)
+    }
+
+    predicate hasOptionalResult(Impl::Location location, string element, string tag, string value) {
+      M::hasOptionalResult(location, element, tag, value)
+    }
+  }
+
+  /**
+   * A module that merges five test signatures.
+   */
+  module MergeTests5<
+    TestSig TestImpl1, TestSig TestImpl2, TestSig TestImpl3, TestSig TestImpl4, TestSig TestImpl5>
+    implements TestSig
+  {
+    private module M =
+      MergeTests<MergeTests4<TestImpl1, TestImpl2, TestImpl3, TestImpl4>, TestImpl5>;
+
+    string getARelevantTag() { result = M::getARelevantTag() }
+
+    predicate hasActualResult(Impl::Location location, string element, string tag, string value) {
+      M::hasActualResult(location, element, tag, value)
+    }
+
+    predicate hasOptionalResult(Impl::Location location, string element, string tag, string value) {
+      M::hasOptionalResult(location, element, tag, value)
+    }
+  }
+
  private module LegacyImpl implements TestSig {
    string getARelevantTag() { result = any(InlineExpectationsTest t).getARelevantTag() }

--- a/shared/util/qlpack.yml
+++ b/shared/util/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/util
-version: 0.0.11-dev
+version: 0.0.12-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/yaml/CHANGELOG.md
+++ b/shared/yaml/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.3
+
+No user-facing changes.
+
 ## 0.0.2

 No user-facing changes.
--- a/shared/yaml/change-notes/released/0.0.3.md
+++ b/shared/yaml/change-notes/released/0.0.3.md
@@ -0,0 +1,3 @@
+## 0.0.3
+
+No user-facing changes.
--- a/shared/yaml/codeql-pack.release.yml
+++ b/shared/yaml/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.2
+lastReleaseVersion: 0.0.3
--- a/shared/yaml/qlpack.yml
+++ b/shared/yaml/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/yaml
-version: 0.0.3-dev
+version: 0.0.4-dev
 groups: shared
 library: true
 warnOnImplicitThis: true