hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0

Browse Source 
Post-release preparation for codeql-cli-2.16.0
This commit is contained in:
Alexander Eyers-Taylor
2024-01-16 14:50:40 +00:00
committed by GitHub
parent e18ee790f2 57df8b92df
commit 934474681d
171 changed files with 496 additions and 333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
python/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,19 @@
## 0.11.6
### Major Analysis Improvements
* Added support for global data-flow through captured variables.
### Minor Analysis Improvements
* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler.
* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated.
### Bug Fixes
- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly.
- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected.
## 0.11.5
No user-facing changes.

5
python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md
View File

@@ -1,5 +0,0 @@
---
category: fix
---
- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected.

4
python/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated.

4
python/ql/lib/change-notes/2023-12-08-automated-subclass-models.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler.

4
python/ql/lib/change-notes/2023-12-18-support-variable-capture.md
View File

@@ -1,4 +0,0 @@
---
category: majorAnalysis
---
* Added support for global data-flow through captured variables.

5
python/ql/lib/change-notes/2023-12-20-add-scope-entry-definition-nodes.md
View File

@@ -1,5 +0,0 @@
---
category: fix
---
- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly.

15
python/ql/lib/change-notes/released/0.11.6.md Normal file
View File

@@ -0,0 +1,15 @@
## 0.11.6
### Major Analysis Improvements
* Added support for global data-flow through captured variables.
### Minor Analysis Improvements
* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler.
* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated.
### Bug Fixes
- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly.
- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected.

2
python/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.11.5
lastReleaseVersion: 0.11.6

2
python/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-all
version: 0.11.6-dev
version: 0.11.7-dev
groups: python
dbscheme: semmlecode.python.dbscheme
extractor: python

4
python/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.9.6
No user-facing changes.
## 0.9.5
No user-facing changes.

3
python/ql/src/change-notes/released/0.9.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.9.6
No user-facing changes.

2
python/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.9.5
lastReleaseVersion: 0.9.6

2
python/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-queries
version: 0.9.6-dev
version: 0.9.7-dev
groups:
- python
- queries