mirror of
https://github.com/github/codeql.git
synced 2025-12-21 19:26:31 +01:00
Merge pull request #12847 from github/post-release-prep/codeql-cli-2.13.0
Post-release preparation for codeql-cli-2.13.0
This commit is contained in:
Alex Ford
@@ -1,3 +1,69 @@
|
||||
## 0.6.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `execTainted` predicate in `CommandLineQuery.qll` has been deprecated and replaced with the predicate `execIsTainted`.
|
||||
* The recently introduced new data flow and taint tracking APIs have had a
|
||||
number of module and predicate renamings. The old APIs remain in place for
|
||||
now.
|
||||
* The `WebViewDubuggingQuery` library has been renamed to `WebViewDebuggingQuery` to fix the typo in the file name. `WebViewDubuggingQuery` is now deprecated.
|
||||
|
||||
### New Features
|
||||
|
||||
* Predicates `Compilation.getExpandedArgument` and `Compilation.getAnExpandedArgument` has been added.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed a bug in the regular expression used to identify sensitive information in `SensitiveActions::getCommonSensitiveInfoRegex`. This may affect the results of the queries `java/android/sensitive-communication`, `java/android/sensitive-keyboard-cache`, and `java/sensitive-log`.
|
||||
* Added a summary model for the `java.lang.UnsupportedOperationException(String)` constructor.
|
||||
* The filenames embedded in `Compilation.toString()` now use `/` as the path separator on all platforms.
|
||||
* Added models for the following packages:
|
||||
* `java.lang`
|
||||
* `java.net`
|
||||
* `java.nio.file`
|
||||
* `java.io`
|
||||
* `java.lang.module`
|
||||
* `org.apache.commons.httpclient.util`
|
||||
* `org.apache.commons.io`
|
||||
* `org.apache.http.client`
|
||||
* `org.eclipse.jetty.client`
|
||||
* `com.google.common.io`
|
||||
* `kotlin.io`
|
||||
* Added the `TaintedPathQuery.qll` library to provide the `TaintedPathFlow` and `TaintedPathLocalFlow` taint-tracking modules to reason about tainted path vulnerabilities.
|
||||
* Added the `ZipSlipQuery.qll` library to provide the `ZipSlipFlow` taint-tracking module to reason about zip-slip vulnerabilities.
|
||||
* Added the `InsecureBeanValidationQuery.qll` library to provide the `BeanValidationFlow` taint-tracking module to reason about bean validation vulnerabilities.
|
||||
* Added the `XssQuery.qll` library to provide the `XssFlow` taint-tracking module to reason about cross site scripting vulnerabilities.
|
||||
* Added the `LdapInjectionQuery.qll` library to provide the `LdapInjectionFlow` taint-tracking module to reason about LDAP injection vulnerabilities.
|
||||
* Added the `ResponseSplittingQuery.qll` library to provide the `ResponseSplittingFlow` taint-tracking module to reason about response splitting vulnerabilities.
|
||||
* Added the `ExternallyControlledFormatStringQuery.qll` library to provide the `ExternallyControlledFormatStringFlow` taint-tracking module to reason about externally controlled format string vulnerabilities.
|
||||
* Improved the handling of addition in the range analysis. This can cause in minor changes to the results produced by `java/index-out-of-bounds` and `java/constant-comparison`.
|
||||
* A new models as data sink kind `command-injection` has been added.
|
||||
* The queries `java/command-line-injection` and `java/concatenated-command-line` now can be extended using the `command-injection` models as data sink kind.
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `java.net`
|
||||
* `java.nio.file`
|
||||
* `javax.imageio.stream`
|
||||
* `javax.naming`
|
||||
* `javax.servlet`
|
||||
* `org.geogebra.web.full.main`
|
||||
* `hudson`
|
||||
* `hudson.cli`
|
||||
* `hudson.lifecycle`
|
||||
* `hudson.model`
|
||||
* `hudson.scm`
|
||||
* `hudson.util`
|
||||
* `hudson.util.io`
|
||||
* Added the extensible abstract class `JndiInjectionSanitizer`. Now this class can be extended to add more sanitizers to the `java/jndi-injection` query.
|
||||
* Added a summary model for the `nativeSQL` method of the `java.sql.Connection` interface.
|
||||
* Added sink and summary dataflow models for the Jenkins and Netty frameworks.
|
||||
* The Models as Data syntax for selecting the qualifier has been changed from `-1` to `this` (e.g. `Argument[-1]` is now written as `Argument[this]`).
|
||||
* Added sources and flow step models for the Netty framework up to version 4.1.
|
||||
* Added more dataflow models for frequently-used JDK APIs.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
|
||||
|
||||
## 0.5.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more dataflow models for frequently-used JDK APIs.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added sources and flow step models for the Netty framework up to version 4.1.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The Models as Data syntax for selecting the qualifier has been changed from `-1` to `this` (e.g. `Argument[-1]` is now written as `Argument[this]`).
|
||||
@@ -1,10 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `java.net`
|
||||
* `java.nio.file`
|
||||
* `javax.imageio.stream`
|
||||
* `javax.naming`
|
||||
* `javax.servlet`
|
||||
* `org.geogebra.web.full.main`
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added a summary model for the `nativeSQL` method of the `java.sql.Connection` interface.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added sink and summary dataflow models for the Jenkins and Netty frameworks.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `WebViewDubuggingQuery` library has been renamed to `WebViewDebuggingQuery` to fix the typo in the file name. `WebViewDubuggingQuery` is now deprecated.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Predicates `Compilation.getExpandedArgument` and `Compilation.getAnExpandedArgument` has been added.
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The recently introduced new data flow and taint tracking APIs have had a
|
||||
number of module and predicate renamings. The old APIs remain in place for
|
||||
now.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added the extensible abstract class `JndiInjectionSanitizer`. Now this class can be extended to add more sanitizers to the `java/jndi-injection` query.
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `hudson.model`
|
||||
* `hudson.scm`
|
||||
* `hudson.util`
|
||||
@@ -1,8 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `hudson.cli`
|
||||
* `hudson.lifecycle`
|
||||
* `hudson`
|
||||
* `hudson.util.io`
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* A new models as data sink kind `command-injection` has been added.
|
||||
* The queries `java/command-line-injection` and `java/concatenated-command-line` now can be extended using the `command-injection` models as data sink kind.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `execTainted` predicate in `CommandLineQuery.qll` has been deprecated and replaced with the predicate `execIsTainted`.
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.google.common.io
|
||||
* java.lang
|
||||
* java.nio.file
|
||||
* kotlin.io
|
||||
* org.apache.commons.httpclient.util
|
||||
* org.apache.http.client
|
||||
* org.eclipse.jetty.client
|
||||
@@ -1,10 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added the `TaintedPathQuery.qll` library to provide the `TaintedPathFlow` and `TaintedPathLocalFlow` taint-tracking modules to reason about tainted path vulnerabilities.
|
||||
* Added the `ZipSlipQuery.qll` library to provide the `ZipSlipFlow` taint-tracking module to reason about zip-slip vulnerabilities.
|
||||
* Added the `InsecureBeanValidationQuery.qll` library to provide the `BeanValidationFlow` taint-tracking module to reason about bean validation vulnerabilities.
|
||||
* Added the `XssQuery.qll` library to provide the `XssFlow` taint-tracking module to reason about cross site scripting vulnerabilities.
|
||||
* Added the `LdapInjectionQuery.qll` library to provide the `LdapInjectionFlow` taint-tracking module to reason about LDAP injection vulnerabilities.
|
||||
* Added the `ResponseSplittingQuery.qll` library to provide the `ResponseSplittingFlow` taint-tracking module to reason about response splitting vulnerabilities.
|
||||
* Added the `ExternallyControlledFormatStringQuery.qll` library to provide the `ExternallyControlledFormatStringFlow` taint-tracking module to reason about externally controlled format string vulnerabilities.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved the handling of addition in the range analysis. This can cause in minor changes to the results produced by `java/index-out-of-bounds` and `java/constant-comparison`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The filenames embedded in `Compilation.toString()` now use `/` as the path separator on all platforms.
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
* java.io
|
||||
* java.lang.module
|
||||
* org.apache.commons.io
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
* java.lang
|
||||
* java.net
|
||||
* java.nio.file
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added a summary model for the `java.lang.UnsupportedOperationException(String)` constructor.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed a bug in the regular expression used to identify sensitive information in `SensitiveActions::getCommonSensitiveInfoRegex`. This may affect the results of the queries `java/android/sensitive-communication`, `java/android/sensitive-keyboard-cache`, and `java/sensitive-log`.
|
||||
65
java/ql/lib/change-notes/released/0.6.0.md
Normal file
65
java/ql/lib/change-notes/released/0.6.0.md
Normal file
@@ -0,0 +1,65 @@
|
||||
## 0.6.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `execTainted` predicate in `CommandLineQuery.qll` has been deprecated and replaced with the predicate `execIsTainted`.
|
||||
* The recently introduced new data flow and taint tracking APIs have had a
|
||||
number of module and predicate renamings. The old APIs remain in place for
|
||||
now.
|
||||
* The `WebViewDubuggingQuery` library has been renamed to `WebViewDebuggingQuery` to fix the typo in the file name. `WebViewDubuggingQuery` is now deprecated.
|
||||
|
||||
### New Features
|
||||
|
||||
* Predicates `Compilation.getExpandedArgument` and `Compilation.getAnExpandedArgument` has been added.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed a bug in the regular expression used to identify sensitive information in `SensitiveActions::getCommonSensitiveInfoRegex`. This may affect the results of the queries `java/android/sensitive-communication`, `java/android/sensitive-keyboard-cache`, and `java/sensitive-log`.
|
||||
* Added a summary model for the `java.lang.UnsupportedOperationException(String)` constructor.
|
||||
* The filenames embedded in `Compilation.toString()` now use `/` as the path separator on all platforms.
|
||||
* Added models for the following packages:
|
||||
* `java.lang`
|
||||
* `java.net`
|
||||
* `java.nio.file`
|
||||
* `java.io`
|
||||
* `java.lang.module`
|
||||
* `org.apache.commons.httpclient.util`
|
||||
* `org.apache.commons.io`
|
||||
* `org.apache.http.client`
|
||||
* `org.eclipse.jetty.client`
|
||||
* `com.google.common.io`
|
||||
* `kotlin.io`
|
||||
* Added the `TaintedPathQuery.qll` library to provide the `TaintedPathFlow` and `TaintedPathLocalFlow` taint-tracking modules to reason about tainted path vulnerabilities.
|
||||
* Added the `ZipSlipQuery.qll` library to provide the `ZipSlipFlow` taint-tracking module to reason about zip-slip vulnerabilities.
|
||||
* Added the `InsecureBeanValidationQuery.qll` library to provide the `BeanValidationFlow` taint-tracking module to reason about bean validation vulnerabilities.
|
||||
* Added the `XssQuery.qll` library to provide the `XssFlow` taint-tracking module to reason about cross site scripting vulnerabilities.
|
||||
* Added the `LdapInjectionQuery.qll` library to provide the `LdapInjectionFlow` taint-tracking module to reason about LDAP injection vulnerabilities.
|
||||
* Added the `ResponseSplittingQuery.qll` library to provide the `ResponseSplittingFlow` taint-tracking module to reason about response splitting vulnerabilities.
|
||||
* Added the `ExternallyControlledFormatStringQuery.qll` library to provide the `ExternallyControlledFormatStringFlow` taint-tracking module to reason about externally controlled format string vulnerabilities.
|
||||
* Improved the handling of addition in the range analysis. This can cause in minor changes to the results produced by `java/index-out-of-bounds` and `java/constant-comparison`.
|
||||
* A new models as data sink kind `command-injection` has been added.
|
||||
* The queries `java/command-line-injection` and `java/concatenated-command-line` now can be extended using the `command-injection` models as data sink kind.
|
||||
* Added more sink and summary dataflow models for the following packages:
|
||||
* `java.net`
|
||||
* `java.nio.file`
|
||||
* `javax.imageio.stream`
|
||||
* `javax.naming`
|
||||
* `javax.servlet`
|
||||
* `org.geogebra.web.full.main`
|
||||
* `hudson`
|
||||
* `hudson.cli`
|
||||
* `hudson.lifecycle`
|
||||
* `hudson.model`
|
||||
* `hudson.scm`
|
||||
* `hudson.util`
|
||||
* `hudson.util.io`
|
||||
* Added the extensible abstract class `JndiInjectionSanitizer`. Now this class can be extended to add more sanitizers to the `java/jndi-injection` query.
|
||||
* Added a summary model for the `nativeSQL` method of the `java.sql.Connection` interface.
|
||||
* Added sink and summary dataflow models for the Jenkins and Netty frameworks.
|
||||
* The Models as Data syntax for selecting the qualifier has been changed from `-1` to `this` (e.g. `Argument[-1]` is now written as `Argument[this]`).
|
||||
* Added sources and flow step models for the Netty framework up to version 4.1.
|
||||
* Added more dataflow models for frequently-used JDK APIs.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.5.6
|
||||
lastReleaseVersion: 0.6.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 0.6.0-dev
|
||||
version: 0.6.1-dev
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.6.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* The query `java/insecure-ldap-auth` has been promoted from experimental to the main query pack. This query detects transmission of cleartext credentials in LDAP authentication. Insecure LDAP authentication causes sensitive information to be vulnerable to remote attackers. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4854)
|
||||
|
||||
## 0.5.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* The query `java/insecure-ldap-auth` has been promoted from experimental to the main query pack. This query detects transmission of cleartext credentials in LDAP authentication. Insecure LDAP authentication causes sensitive information to be vulnerable to remote attackers. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4854)
|
||||
## 0.6.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* The query `java/insecure-ldap-auth` has been promoted from experimental to the main query pack. This query detects transmission of cleartext credentials in LDAP authentication. Insecure LDAP authentication causes sensitive information to be vulnerable to remote attackers. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4854)
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.5.6
|
||||
lastReleaseVersion: 0.6.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 0.6.0-dev
|
||||
version: 0.6.1-dev
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
Reference in New Issue
Block a user