hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.9.1

Browse Source
This commit is contained in:
github-actions[bot]
2022-04-28 11:59:05 +00:00
parent 3c07ab59a1
commit 8e4cf190e9
67 changed files with 184 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,21 @@
## 0.2.0
### Breaking Changes
The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
### Minor Analysis Improvements
Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
* Added flow sources and steps for JMS versions 1 and 2.
* Added flow sources and steps for RabbitMQ.
* Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.
* Added data-flow models for the Spring Framework component `spring-beans`.
### Bug Fixes
* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.
## 0.1.0
### Breaking Changes

4
java/ql/lib/change-notes/2022-03-28-JumpStmt-as-superclass.md
View File

@@ -1,4 +0,0 @@
---
category: fix
---
* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.

4
java/ql/lib/change-notes/2022-04-01-spring-models-improvements.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added data-flow models for the Spring Framework component `spring-beans`.

6
java/ql/lib/change-notes/2022-04-17-jms.md
View File

@@ -1,6 +0,0 @@
---
category: minorAnalysis
---
* Added flow sources and steps for JMS versions 1 and 2.
* Added flow sources and steps for RabbitMQ.
* Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.

4
java/ql/lib/change-notes/2022-04-22-sharedprefs-fluent-steps.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.

4
java/ql/lib/change-notes/2022-04-25-allow-implicit-read-signature.md
View File

@@ -1,4 +0,0 @@
---
category: breaking
---
The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.

17
java/ql/lib/change-notes/released/0.2.0.md Normal file
View File

@@ -0,0 +1,17 @@
## 0.2.0
### Breaking Changes
The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
### Minor Analysis Improvements
Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
* Added flow sources and steps for JMS versions 1 and 2.
* Added flow sources and steps for RabbitMQ.
* Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.
* Added data-flow models for the Spring Framework component `spring-beans`.
### Bug Fixes
* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.1.0
lastReleaseVersion: 0.2.0

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 0.1.1-dev
version: 0.2.0
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

10
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,11 @@
## 0.1.1
### Minor Analysis Improvements
* Query `java/insecure-cookie` no longer produces a false positive if
`cookie.setSecure(...)` is called passing a constant that always equals
`true`.
## 0.1.0
### Query Metadata Changes
@@ -20,7 +28,7 @@ this respect.
### Minor Analysis Improvements
* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
## 0.0.11

7
java/ql/src/change-notes/2022-04-26-insecure-cookie-named-constants.md → java/ql/src/change-notes/released/0.1.1.md
View File

@@ -1,6 +1,7 @@
---
category: minorAnalysis
---
## 0.1.1
### Minor Analysis Improvements
* Query `java/insecure-cookie` no longer produces a false positive if
`cookie.setSecure(...)` is called passing a constant that always equals
`true`.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.1.0
lastReleaseVersion: 0.1.1

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 0.1.1-dev
version: 0.1.1
groups:
- java
- queries