mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0
Post-release preparation for codeql-cli-2.16.0
This commit is contained in:
Alexander Eyers-Taylor
@@ -1,3 +1,24 @@
|
||||
## 0.12.3
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has.
|
||||
* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition.
|
||||
* The deprecated `DefaultTaintTracking` library has been removed.
|
||||
* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`.
|
||||
|
||||
## 0.12.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The deprecated `DefaultTaintTracking` library has been removed.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides.
|
||||
20
cpp/ql/lib/change-notes/released/0.12.3.md
Normal file
20
cpp/ql/lib/change-notes/released/0.12.3.md
Normal file
@@ -0,0 +1,20 @@
|
||||
## 0.12.3
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has.
|
||||
* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition.
|
||||
* The deprecated `DefaultTaintTracking` library has been removed.
|
||||
* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.12.2
|
||||
lastReleaseVersion: 0.12.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 0.12.3-dev
|
||||
version: 0.12.4-dev
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -7,7 +7,6 @@ import semmle.code.cpp.Location
|
||||
private import semmle.code.cpp.Enclosing
|
||||
private import semmle.code.cpp.internal.ResolveClass
|
||||
private import semmle.code.cpp.internal.ResolveGlobalVariable
|
||||
private import semmle.code.cpp.internal.ResolveFunction
|
||||
|
||||
/**
|
||||
* Get the `Element` that represents this `@element`.
|
||||
@@ -31,14 +30,11 @@ pragma[inline]
|
||||
@element unresolveElement(Element e) {
|
||||
not result instanceof @usertype and
|
||||
not result instanceof @variable and
|
||||
not result instanceof @function and
|
||||
result = e
|
||||
or
|
||||
e = resolveClass(result)
|
||||
or
|
||||
e = resolveGlobalVariable(result)
|
||||
or
|
||||
e = resolveFunction(result)
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -9,7 +9,6 @@ import semmle.code.cpp.exprs.Call
|
||||
import semmle.code.cpp.metrics.MetricFunction
|
||||
import semmle.code.cpp.Linkage
|
||||
private import semmle.code.cpp.internal.ResolveClass
|
||||
private import semmle.code.cpp.internal.ResolveFunction
|
||||
|
||||
/**
|
||||
* A C/C++ function [N4140 8.3.5]. Both member functions and non-member
|
||||
@@ -26,8 +25,6 @@ private import semmle.code.cpp.internal.ResolveFunction
|
||||
* in more detail in `Declaration.qll`.
|
||||
*/
|
||||
class Function extends Declaration, ControlFlowNode, AccessHolder, @function {
|
||||
Function() { isFunction(underlyingElement(this)) }
|
||||
|
||||
override string getName() { functions(underlyingElement(this), result, _) }
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,57 +0,0 @@
|
||||
private predicate hasDefinition(@function f) {
|
||||
exists(@fun_decl fd | fun_decls(fd, f, _, _, _) | fun_def(fd))
|
||||
}
|
||||
|
||||
private predicate onlyOneCompleteFunctionExistsWithMangledName(@mangledname name) {
|
||||
strictcount(@function f | hasDefinition(f) and mangled_name(f, name)) = 1
|
||||
}
|
||||
|
||||
/** Holds if `f` is a unique function with a definition named `name`. */
|
||||
private predicate isFunctionWithMangledNameAndWithDefinition(@mangledname name, @function f) {
|
||||
hasDefinition(f) and
|
||||
mangled_name(f, name) and
|
||||
onlyOneCompleteFunctionExistsWithMangledName(name)
|
||||
}
|
||||
|
||||
/** Holds if `f` is a function without a definition named `name`. */
|
||||
private predicate isFunctionWithMangledNameAndWithoutDefinition(@mangledname name, @function f) {
|
||||
not hasDefinition(f) and
|
||||
mangled_name(f, name)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `incomplete` is a function without a definition, and there exists
|
||||
* a unique function `complete` with the same name that does have a definition.
|
||||
*/
|
||||
private predicate hasTwinWithDefinition(@function incomplete, @function complete) {
|
||||
not function_instantiation(incomplete, complete) and
|
||||
(
|
||||
not compgenerated(incomplete) or
|
||||
not compgenerated(complete)
|
||||
) and
|
||||
exists(@mangledname name |
|
||||
isFunctionWithMangledNameAndWithoutDefinition(name, incomplete) and
|
||||
isFunctionWithMangledNameAndWithDefinition(name, complete)
|
||||
)
|
||||
}
|
||||
|
||||
import Cached
|
||||
|
||||
cached
|
||||
private module Cached {
|
||||
/**
|
||||
* If `f` is a function without a definition, and there exists a unique
|
||||
* function with the same name that does have a definition, then the
|
||||
* result is that unique function. Otherwise, the result is `f`.
|
||||
*/
|
||||
cached
|
||||
@function resolveFunction(@function f) {
|
||||
hasTwinWithDefinition(f, result)
|
||||
or
|
||||
not hasTwinWithDefinition(f, _) and
|
||||
result = f
|
||||
}
|
||||
|
||||
cached
|
||||
predicate isFunction(@function f) { f = resolveFunction(_) }
|
||||
}
|
||||
@@ -1,3 +1,14 @@
|
||||
## 0.9.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately.
|
||||
* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur.
|
||||
|
||||
## 0.9.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur.
|
||||
10
cpp/ql/src/change-notes/released/0.9.2.md
Normal file
10
cpp/ql/src/change-notes/released/0.9.2.md
Normal file
@@ -0,0 +1,10 @@
|
||||
## 0.9.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately.
|
||||
* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.9.1
|
||||
lastReleaseVersion: 0.9.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 0.9.2-dev
|
||||
version: 0.9.3-dev
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.6
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.5
|
||||
lastReleaseVersion: 1.7.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.6-dev
|
||||
version: 1.7.7-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.6
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.5
|
||||
lastReleaseVersion: 1.7.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.6-dev
|
||||
version: 1.7.7-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
## 0.8.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters.
|
||||
* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`.
|
||||
* Additional support for `Amazon.Lambda` SDK
|
||||
|
||||
## 0.8.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Additional support for `Amazon.Lambda` SDK
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
|
||||
* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters.
|
||||
@@ -1,5 +1,7 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.8.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters.
|
||||
* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`.
|
||||
* Additional support for `Amazon.Lambda` SDK
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.8.5
|
||||
lastReleaseVersion: 0.8.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 0.8.6-dev
|
||||
version: 0.8.7-dev
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 0.8.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed a Log forging false positive when using `String.Replace` to sanitize the input.
|
||||
* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()`
|
||||
|
||||
## 0.8.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()`
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed a Log forging false positive when using `String.Replace` to sanitize the input.
|
||||
6
csharp/ql/src/change-notes/released/0.8.6.md
Normal file
6
csharp/ql/src/change-notes/released/0.8.6.md
Normal file
@@ -0,0 +1,6 @@
|
||||
## 0.8.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed a Log forging false positive when using `String.Replace` to sanitize the input.
|
||||
* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()`
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.8.5
|
||||
lastReleaseVersion: 0.8.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 0.8.6-dev
|
||||
version: 0.8.7-dev
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
go/ql/consistency-queries/change-notes/released/0.0.5.md
Normal file
3
go/ql/consistency-queries/change-notes/released/0.0.5.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.0.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.0.4
|
||||
lastReleaseVersion: 0.0.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 0.0.5-dev
|
||||
version: 0.0.6-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
## 0.7.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned.
|
||||
* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package.
|
||||
* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned.
|
||||
7
go/ql/lib/change-notes/released/0.7.6.md
Normal file
7
go/ql/lib/change-notes/released/0.7.6.md
Normal file
@@ -0,0 +1,7 @@
|
||||
## 0.7.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned.
|
||||
* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package.
|
||||
* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.7.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 0.7.6-dev
|
||||
version: 0.7.7-dev
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.7.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* There was a bug in the query `go/incorrect-integer-conversion` which meant that upper bound checks using a strict inequality (`<`) and comparing against `math.MaxInt` or `math.MaxUint` were not considered correctly, which led to false positives. This has now been fixed.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.7.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* There was a bug in the query `go/incorrect-integer-conversion` which meant that upper bound checks using a strict inequality (`<`) and comparing against `math.MaxInt` or `math.MaxUint` were not considered correctly, which led to false positives. This has now been fixed.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.7.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 0.7.6-dev
|
||||
version: 0.7.7-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,38 @@
|
||||
## 0.8.6
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* Imports of the old dataflow libraries (e.g. `semmle.code.java.dataflow.DataFlow2`) have been deprecated in the libraries under the `semmle.code.java.security` namespace.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added the `Map#replace` and `Map#replaceAll` methods to the `MapMutator` class in `semmle.code.java.Maps`.
|
||||
* Taint tracking now understands Kotlin's `Array.get` and `Array.set` methods.
|
||||
* Added a sink model for the `createRelative` method of the `org.springframework.core.io.Resource` interface.
|
||||
* Added source models for methods of the `org.springframework.web.util.UrlPathHelper` class and removed their taint flow models.
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.google.common.io
|
||||
* hudson
|
||||
* hudson.console
|
||||
* java.lang
|
||||
* java.net
|
||||
* java.util.logging
|
||||
* javax.imageio.stream
|
||||
* org.apache.commons.io
|
||||
* org.apache.hadoop.hive.ql.exec
|
||||
* org.apache.hadoop.hive.ql.metadata
|
||||
* org.apache.tools.ant.taskdefs
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.alibaba.druid.sql.repository
|
||||
* jakarta.persistence
|
||||
* jakarta.persistence.criteria
|
||||
* liquibase.database.jvm
|
||||
* liquibase.statement.core
|
||||
* org.apache.ibatis.mapping
|
||||
* org.keycloak.models.map.storage
|
||||
|
||||
## 0.8.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.alibaba.druid.sql.repository
|
||||
* jakarta.persistence
|
||||
* jakarta.persistence.criteria
|
||||
* liquibase.database.jvm
|
||||
* liquibase.statement.core
|
||||
* org.apache.ibatis.mapping
|
||||
* org.keycloak.models.map.storage
|
||||
@@ -1,16 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.google.common.io
|
||||
* hudson
|
||||
* hudson.console
|
||||
* java.lang
|
||||
* java.net
|
||||
* java.util.logging
|
||||
* javax.imageio.stream
|
||||
* org.apache.commons.io
|
||||
* org.apache.hadoop.hive.ql.exec
|
||||
* org.apache.hadoop.hive.ql.metadata
|
||||
* org.apache.tools.ant.taskdefs
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added a sink model for the `createRelative` method of the `org.springframework.core.io.Resource` interface.
|
||||
* Added source models for methods of the `org.springframework.web.util.UrlPathHelper` class and removed their taint flow models.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Taint tracking now understands Kotlin's `Array.get` and `Array.set` methods.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* Imports of the old dataflow libraries (e.g. `semmle.code.java.dataflow.DataFlow2`) have been deprecated in the libraries under the `semmle.code.java.security` namespace.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added the `Map#replace` and `Map#replaceAll` methods to the `MapMutator` class in `semmle.code.java.Maps`.
|
||||
34
java/ql/lib/change-notes/released/0.8.6.md
Normal file
34
java/ql/lib/change-notes/released/0.8.6.md
Normal file
@@ -0,0 +1,34 @@
|
||||
## 0.8.6
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* Imports of the old dataflow libraries (e.g. `semmle.code.java.dataflow.DataFlow2`) have been deprecated in the libraries under the `semmle.code.java.security` namespace.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added the `Map#replace` and `Map#replaceAll` methods to the `MapMutator` class in `semmle.code.java.Maps`.
|
||||
* Taint tracking now understands Kotlin's `Array.get` and `Array.set` methods.
|
||||
* Added a sink model for the `createRelative` method of the `org.springframework.core.io.Resource` interface.
|
||||
* Added source models for methods of the `org.springframework.web.util.UrlPathHelper` class and removed their taint flow models.
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.google.common.io
|
||||
* hudson
|
||||
* hudson.console
|
||||
* java.lang
|
||||
* java.net
|
||||
* java.util.logging
|
||||
* javax.imageio.stream
|
||||
* org.apache.commons.io
|
||||
* org.apache.hadoop.hive.ql.exec
|
||||
* org.apache.hadoop.hive.ql.metadata
|
||||
* org.apache.tools.ant.taskdefs
|
||||
* Added models for the following packages:
|
||||
|
||||
* com.alibaba.druid.sql.repository
|
||||
* jakarta.persistence
|
||||
* jakarta.persistence.criteria
|
||||
* liquibase.database.jvm
|
||||
* liquibase.statement.core
|
||||
* org.apache.ibatis.mapping
|
||||
* org.keycloak.models.map.storage
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.8.5
|
||||
lastReleaseVersion: 0.8.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 0.8.6-dev
|
||||
version: 0.8.7-dev
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,19 @@
|
||||
## 0.8.6
|
||||
|
||||
### Deprecated Queries
|
||||
|
||||
* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files.
|
||||
* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem.
|
||||
* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.
|
||||
|
||||
## 0.8.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files.
|
||||
15
java/ql/src/change-notes/released/0.8.6.md
Normal file
15
java/ql/src/change-notes/released/0.8.6.md
Normal file
@@ -0,0 +1,15 @@
|
||||
## 0.8.6
|
||||
|
||||
### Deprecated Queries
|
||||
|
||||
* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files.
|
||||
* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem.
|
||||
* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.8.5
|
||||
lastReleaseVersion: 0.8.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 0.8.6-dev
|
||||
version: 0.8.7-dev
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.8.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.8.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
javascript/ql/lib/change-notes/released/0.8.6.md
Normal file
3
javascript/ql/lib/change-notes/released/0.8.6.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.8.6
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.8.5
|
||||
lastReleaseVersion: 0.8.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 0.8.6-dev
|
||||
version: 0.8.7-dev
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.8.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.8.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
javascript/ql/src/change-notes/released/0.8.6.md
Normal file
3
javascript/ql/src/change-notes/released/0.8.6.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.8.6
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.8.5
|
||||
lastReleaseVersion: 0.8.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 0.8.6-dev
|
||||
version: 0.8.7-dev
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.7.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
misc/suite-helpers/change-notes/released/0.7.6.md
Normal file
3
misc/suite-helpers/change-notes/released/0.7.6.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.7.6
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.7.6
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: codeql/suite-helpers
|
||||
version: 0.7.6-dev
|
||||
version: 0.7.7-dev
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -1,3 +1,19 @@
|
||||
## 0.11.6
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added support for global data-flow through captured variables.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler.
|
||||
* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly.
|
||||
- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected.
|
||||
|
||||
## 0.11.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
|
||||
- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* Added support for global data-flow through captured variables.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
|
||||
- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly.
|
||||
15
python/ql/lib/change-notes/released/0.11.6.md
Normal file
15
python/ql/lib/change-notes/released/0.11.6.md
Normal file
@@ -0,0 +1,15 @@
|
||||
## 0.11.6
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added support for global data-flow through captured variables.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler.
|
||||
* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly.
|
||||
- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.11.5
|
||||
lastReleaseVersion: 0.11.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 0.11.6-dev
|
||||
version: 0.11.7-dev
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.9.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.9.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
python/ql/src/change-notes/released/0.9.6.md
Normal file
3
python/ql/src/change-notes/released/0.9.6.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.9.6
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.9.5
|
||||
lastReleaseVersion: 0.9.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-queries
|
||||
version: 0.9.6-dev
|
||||
version: 0.9.7-dev
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user