mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Release preparation for version 2.15.0
This commit is contained in:
github-actions[bot]
@@ -1,3 +1,13 @@
|
||||
## 0.10.0
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as
|
||||
non-returning in the IR and dataflow.
|
||||
* Treat functions that reach the end of the function as returning in the IR.
|
||||
They used to be treated as unreachable but it is allowed in C.
|
||||
* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly.
|
||||
|
||||
## 0.9.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Treat functions that reach the end of the function as returning in the IR.
|
||||
They used to be treated as unreachable but it is allowed in C.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as
|
||||
non-returning in the IR and dataflow.
|
||||
9
cpp/ql/lib/change-notes/released/0.10.0.md
Normal file
9
cpp/ql/lib/change-notes/released/0.10.0.md
Normal file
@@ -0,0 +1,9 @@
|
||||
## 0.10.0
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as
|
||||
non-returning in the IR and dataflow.
|
||||
* Treat functions that reach the end of the function as returning in the IR.
|
||||
They used to be treated as unreachable but it is allowed in C.
|
||||
* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.9.3
|
||||
lastReleaseVersion: 0.10.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 0.10.0-dev
|
||||
version: 0.10.0
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,3 +1,16 @@
|
||||
## 0.8.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`.
|
||||
* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives
|
||||
in cases where a non-returning function is called.
|
||||
* The number of duplicated dataflow paths reported by queries has been significantly reduced.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The number of duplicated dataflow paths reported by queries has been significantly reduced.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives
|
||||
in cases where a non-returning function is called.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`.
|
||||
12
cpp/ql/src/change-notes/released/0.8.0.md
Normal file
12
cpp/ql/src/change-notes/released/0.8.0.md
Normal file
@@ -0,0 +1,12 @@
|
||||
## 0.8.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`.
|
||||
* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives
|
||||
in cases where a non-returning function is called.
|
||||
* The number of duplicated dataflow paths reported by queries has been significantly reduced.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.8.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 0.8.0-dev
|
||||
version: 0.8.0
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.0
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.6.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.0
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.5
|
||||
lastReleaseVersion: 1.7.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.0-dev
|
||||
version: 1.7.0
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.0
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.6.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.0
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.5
|
||||
lastReleaseVersion: 1.7.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.0-dev
|
||||
version: 1.7.0
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.8.0
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
csharp/ql/lib/change-notes/released/0.8.0.md
Normal file
3
csharp/ql/lib/change-notes/released/0.8.0.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.8.0
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.8.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 0.8.0-dev
|
||||
version: 0.8.0
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.8.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter.
|
||||
## 0.8.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.8.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 0.8.0-dev
|
||||
version: 0.8.0
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.7.0
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added Numeric and Boolean types to SQL injection sanitzers.
|
||||
|
||||
## 0.6.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added Numeric and Boolean types to SQL injection sanitzers.
|
||||
5
go/ql/lib/change-notes/released/0.7.0.md
Normal file
5
go/ql/lib/change-notes/released/0.7.0.md
Normal file
@@ -0,0 +1,5 @@
|
||||
## 0.7.0
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added Numeric and Boolean types to SQL injection sanitzers.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.5
|
||||
lastReleaseVersion: 0.7.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 0.7.0-dev
|
||||
version: 0.7.0
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.7.0
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
go/ql/src/change-notes/released/0.7.0.md
Normal file
3
go/ql/src/change-notes/released/0.7.0.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.7.0
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.5
|
||||
lastReleaseVersion: 0.7.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 0.7.0-dev
|
||||
version: 0.7.0
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
java/ql/automodel/src/change-notes/released/0.0.5.md
Normal file
3
java/ql/automodel/src/change-notes/released/0.0.5.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.0.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.0.4
|
||||
lastReleaseVersion: 0.0.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-automodel-queries
|
||||
version: 0.0.5-dev
|
||||
version: 0.0.5
|
||||
groups:
|
||||
- java
|
||||
- automodel
|
||||
|
||||
@@ -1,3 +1,21 @@
|
||||
## 0.8.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Kotlin versions up to 1.9.20 are now supported.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge.
|
||||
* Added support for default cases as proper guards in switch expressions to match switch statements.
|
||||
* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows.
|
||||
* Added new dataflow models for the Apache CXF framework.
|
||||
* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The regular expressions library no longer incorrectly matches mode flag characters against the input.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added new dataflow models for the Apache CXF framework.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Kotlin versions up to 1.9.20 are now supported.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* The regular expressions library no longer incorrectly matches mode flag characters against the input.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge.
|
||||
* Added support for default cases as proper guards in switch expressions to match switch statements.
|
||||
17
java/ql/lib/change-notes/released/0.8.0.md
Normal file
17
java/ql/lib/change-notes/released/0.8.0.md
Normal file
@@ -0,0 +1,17 @@
|
||||
## 0.8.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Kotlin versions up to 1.9.20 are now supported.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge.
|
||||
* Added support for default cases as proper guards in switch expressions to match switch statements.
|
||||
* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows.
|
||||
* Added new dataflow models for the Apache CXF framework.
|
||||
* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The regular expressions library no longer incorrectly matches mode flag characters against the input.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.8.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 0.8.0-dev
|
||||
version: 0.8.0
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.8.0
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
java/ql/src/change-notes/released/0.8.0.md
Normal file
3
java/ql/src/change-notes/released/0.8.0.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.8.0
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.8.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 0.8.0-dev
|
||||
version: 0.8.0
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.8.0
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
javascript/ql/lib/change-notes/released/0.8.0.md
Normal file
3
javascript/ql/lib/change-notes/released/0.8.0.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.8.0
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.8.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 0.8.0-dev
|
||||
version: 0.8.0
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.8.0
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
3
javascript/ql/src/change-notes/released/0.8.0.md
Normal file
3
javascript/ql/src/change-notes/released/0.8.0.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.8.0
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.8.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 0.8.0-dev
|
||||
version: 0.8.0
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.7.0
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
misc/suite-helpers/change-notes/released/0.7.0.md
Normal file
3
misc/suite-helpers/change-notes/released/0.7.0.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.7.0
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.5
|
||||
lastReleaseVersion: 0.7.0
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: codeql/suite-helpers
|
||||
version: 0.7.0-dev
|
||||
version: 0.7.0
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 0.11.0
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Django Rest Framework better handles custom `ModelViewSet` classes functions
|
||||
* Regular expression fragments residing inside implicitly concatenated strings now have better location information.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Subterms of regular expressions encoded as single-line string literals now have better source-location information.
|
||||
|
||||
## 0.10.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Subterms of regular expressions encoded as single-line string literals now have better source-location information.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Regular expression fragments residing inside implicitly concatenated strings now have better location information.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Django Rest Framework better handles custom `ModelViewSet` classes functions
|
||||
10
python/ql/lib/change-notes/released/0.11.0.md
Normal file
10
python/ql/lib/change-notes/released/0.11.0.md
Normal file
@@ -0,0 +1,10 @@
|
||||
## 0.11.0
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Django Rest Framework better handles custom `ModelViewSet` classes functions
|
||||
* Regular expression fragments residing inside implicitly concatenated strings now have better location information.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Subterms of regular expressions encoded as single-line string literals now have better source-location information.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.10.5
|
||||
lastReleaseVersion: 0.11.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 0.11.0-dev
|
||||
version: 0.11.0
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 0.9.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`.
|
||||
* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module.
|
||||
|
||||
## 0.8.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite.
|
||||
10
python/ql/src/change-notes/released/0.9.0.md
Normal file
10
python/ql/src/change-notes/released/0.9.0.md
Normal file
@@ -0,0 +1,10 @@
|
||||
## 0.9.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`.
|
||||
* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.8.5
|
||||
lastReleaseVersion: 0.9.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-queries
|
||||
version: 0.9.0-dev
|
||||
version: 0.9.0
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.8.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
|
||||
5
ruby/ql/lib/change-notes/released/0.8.0.md
Normal file
5
ruby/ql/lib/change-notes/released/0.8.0.md
Normal file
@@ -0,0 +1,5 @@
|
||||
## 0.8.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Improved support for flow through captured variables that properly adheres to inter-procedural control flow.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.8.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-all
|
||||
version: 0.8.0-dev
|
||||
version: 0.8.0
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 0.8.0
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Built-in Ruby queries now use the new DataFlow API.
|
||||
|
||||
## 0.7.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.8.0
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Built-in Ruby queries now use the new DataFlow API.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.7.5
|
||||
lastReleaseVersion: 0.8.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/ruby-queries
|
||||
version: 0.8.0-dev
|
||||
version: 0.8.0
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.1.0
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
shared/controlflow/change-notes/released/0.1.0.md
Normal file
3
shared/controlflow/change-notes/released/0.1.0.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.1.0
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.0.4
|
||||
lastReleaseVersion: 0.1.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/controlflow
|
||||
version: 0.1.0-dev
|
||||
version: 0.1.0
|
||||
groups: shared
|
||||
library: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 0.1.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added support for type-based call edge pruning. This removes data flow call edges that are incompatible with the set of flow paths that reach it based on type information. This improves dispatch precision for constructs like lambdas, `Object.toString()` calls, and the visitor pattern. For now this is only enabled for Java and C#.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `isBarrierIn` and `isBarrierOut` predicates in `DataFlow::StateConfigSig` now have overloaded variants that block a specific `FlowState`.
|
||||
|
||||
## 0.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `isBarrierIn` and `isBarrierOut` predicates in `DataFlow::StateConfigSig` now have overloaded variants that block a specific `FlowState`.
|
||||
@@ -1,4 +1,9 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
## 0.1.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added support for type-based call edge pruning. This removes data flow call edges that are incompatible with the set of flow paths that reach it based on type information. This improves dispatch precision for constructs like lambdas, `Object.toString()` calls, and the visitor pattern. For now this is only enabled for Java and C#.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `isBarrierIn` and `isBarrierOut` predicates in `DataFlow::StateConfigSig` now have overloaded variants that block a specific `FlowState`.
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user