diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 98666dfbbdb..827d7ded490 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.10.0 + +### Minor Analysis Improvements + +* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as + non-returning in the IR and dataflow. +* Treat functions that reach the end of the function as returning in the IR. + They used to be treated as unreachable but it is allowed in C. +* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly. + ## 0.9.3 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md b/cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md deleted file mode 100644 index 11c3b736682..00000000000 --- a/cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly. diff --git a/cpp/ql/lib/change-notes/2023-09-07-return-from-end.md b/cpp/ql/lib/change-notes/2023-09-07-return-from-end.md deleted file mode 100644 index 8f1b8e9be88..00000000000 --- a/cpp/ql/lib/change-notes/2023-09-07-return-from-end.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Treat functions that reach the end of the function as returning in the IR. - They used to be treated as unreachable but it is allowed in C. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md b/cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md deleted file mode 100644 index 6b2fff3d176..00000000000 --- a/cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as - non-returning in the IR and dataflow. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/released/0.10.0.md b/cpp/ql/lib/change-notes/released/0.10.0.md new file mode 100644 index 00000000000..9c4b95e37e0 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.10.0.md @@ -0,0 +1,9 @@ +## 0.10.0 + +### Minor Analysis Improvements + +* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as + non-returning in the IR and dataflow. +* Treat functions that reach the end of the function as returning in the IR. + They used to be treated as unreachable but it is allowed in C. +* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 7af7247cbb0..b21db623245 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.3 +lastReleaseVersion: 0.10.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 0a60a2153e9..7eabe585fa8 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.10.0-dev +version: 0.10.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 700c0e331dd..cf5256e244d 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.8.0 + +### Query Metadata Changes + +* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. +* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. + +### Minor Analysis Improvements + +* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives + in cases where a non-returning function is called. +* The number of duplicated dataflow paths reported by queries has been significantly reduced. + ## 0.7.5 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2023-09-06-deduplicated-results.md b/cpp/ql/src/change-notes/2023-09-06-deduplicated-results.md deleted file mode 100644 index e8a2160f4c2..00000000000 --- a/cpp/ql/src/change-notes/2023-09-06-deduplicated-results.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The number of duplicated dataflow paths reported by queries has been significantly reduced. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2023-09-08-unreachble-edges.md b/cpp/ql/src/change-notes/2023-09-08-unreachble-edges.md deleted file mode 100644 index 1839120619b..00000000000 --- a/cpp/ql/src/change-notes/2023-09-08-unreachble-edges.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives - in cases where a non-returning function is called. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2023-10-03-double-free.md b/cpp/ql/src/change-notes/2023-10-03-double-free.md deleted file mode 100644 index ebe6674320d..00000000000 --- a/cpp/ql/src/change-notes/2023-10-03-double-free.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2023-10-03-use-after-free.md b/cpp/ql/src/change-notes/2023-10-03-use-after-free.md deleted file mode 100644 index 6c1165edb34..00000000000 --- a/cpp/ql/src/change-notes/2023-10-03-use-after-free.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/released/0.8.0.md b/cpp/ql/src/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..664e8760f48 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.8.0.md @@ -0,0 +1,12 @@ +## 0.8.0 + +### Query Metadata Changes + +* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. +* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. + +### Minor Analysis Improvements + +* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives + in cases where a non-returning function is called. +* The number of duplicated dataflow paths reported by queries has been significantly reduced. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index b5108ee0bda..37eab3197dc 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 88e5026c939..9bdad36cc46 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.8.0-dev +version: 0.8.0 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index cc79b182da6..61606368e4c 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.0 + +No user-facing changes. + ## 1.6.5 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.0.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.0.md new file mode 100644 index 00000000000..07492eebff7 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.0.md @@ -0,0 +1,3 @@ +## 1.7.0 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 03153270557..d1184cc6750 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.5 +lastReleaseVersion: 1.7.0 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 8d400fbbaa4..7f888b9458a 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.0-dev +version: 1.7.0 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index cc79b182da6..61606368e4c 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.0 + +No user-facing changes. + ## 1.6.5 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.0.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.0.md new file mode 100644 index 00000000000..07492eebff7 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.0.md @@ -0,0 +1,3 @@ +## 1.7.0 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 03153270557..d1184cc6750 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.5 +lastReleaseVersion: 1.7.0 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index ddf6820236f..1364ecc5b30 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.0-dev +version: 1.7.0 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 1d2703e856e..de8d30425f7 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.0 + +No user-facing changes. + ## 0.7.5 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/0.8.0.md b/csharp/ql/lib/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..16ea5f60373 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.8.0.md @@ -0,0 +1,3 @@ +## 0.8.0 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index b5108ee0bda..37eab3197dc 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 1f96818bb7f..77cf000182e 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.0-dev +version: 0.8.0 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index d391679c5df..4b03f57bd9e 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.0 + +### New Queries + +* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter. + ## 0.7.5 No user-facing changes. diff --git a/csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md b/csharp/ql/src/change-notes/released/0.8.0.md similarity index 69% rename from csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md rename to csharp/ql/src/change-notes/released/0.8.0.md index edbb1134739..caef33b6a93 100644 --- a/csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md +++ b/csharp/ql/src/change-notes/released/0.8.0.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- -* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter. \ No newline at end of file +## 0.8.0 + +### New Queries + +* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index b5108ee0bda..37eab3197dc 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 7690ae016fc..3e9b759fdac 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.0-dev +version: 0.8.0 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index fba37b581ac..5b4530cd2a9 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* Added Numeric and Boolean types to SQL injection sanitzers. + ## 0.6.5 No user-facing changes. diff --git a/go/ql/lib/change-notes/2023-09-12-add-int&bool-sanitizer-for-sql.md b/go/ql/lib/change-notes/2023-09-12-add-int&bool-sanitizer-for-sql.md deleted file mode 100644 index 26751edf2fe..00000000000 --- a/go/ql/lib/change-notes/2023-09-12-add-int&bool-sanitizer-for-sql.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added Numeric and Boolean types to SQL injection sanitzers. \ No newline at end of file diff --git a/go/ql/lib/change-notes/released/0.7.0.md b/go/ql/lib/change-notes/released/0.7.0.md new file mode 100644 index 00000000000..6df2bd55237 --- /dev/null +++ b/go/ql/lib/change-notes/released/0.7.0.md @@ -0,0 +1,5 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* Added Numeric and Boolean types to SQL injection sanitzers. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 86780fb6148..c761f3e7ab4 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.5 +lastReleaseVersion: 0.7.0 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index cdacb07367d..596fddbb443 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.0-dev +version: 0.7.0 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 4b7c6babedc..0e1e2c03097 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.0 + +No user-facing changes. + ## 0.6.5 No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.7.0.md b/go/ql/src/change-notes/released/0.7.0.md new file mode 100644 index 00000000000..80d3864a0f9 --- /dev/null +++ b/go/ql/src/change-notes/released/0.7.0.md @@ -0,0 +1,3 @@ +## 0.7.0 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 86780fb6148..c761f3e7ab4 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.5 +lastReleaseVersion: 0.7.0 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 8a187f1080e..087af0984ba 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.0-dev +version: 0.7.0 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index a78acd76960..ee2610f9bd6 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.5 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.5.md b/java/ql/automodel/src/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..766ec2723b5 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index d41368cab93..12786005dc1 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.5-dev +version: 0.0.5 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index c5d72b19501..34b1f5487a9 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,21 @@ +## 0.8.0 + +### New Features + +* Kotlin versions up to 1.9.20 are now supported. + +### Minor Analysis Improvements + +* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge. +* Added support for default cases as proper guards in switch expressions to match switch statements. +* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows. +* Added new dataflow models for the Apache CXF framework. +* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. + +### Bug Fixes + +* The regular expressions library no longer incorrectly matches mode flag characters against the input. + ## 0.7.5 No user-facing changes. diff --git a/java/ql/lib/change-notes/2023-07-20-regex-parse-modes.md b/java/ql/lib/change-notes/2023-07-20-regex-parse-modes.md deleted file mode 100644 index 2d676227491..00000000000 --- a/java/ql/lib/change-notes/2023-07-20-regex-parse-modes.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. diff --git a/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md b/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md deleted file mode 100644 index fbd0fef3b7f..00000000000 --- a/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added new dataflow models for the Apache CXF framework. diff --git a/java/ql/lib/change-notes/2023-09-12-kotlin-1.9.20.md b/java/ql/lib/change-notes/2023-09-12-kotlin-1.9.20.md deleted file mode 100644 index 275c72fdf6b..00000000000 --- a/java/ql/lib/change-notes/2023-09-12-kotlin-1.9.20.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Kotlin versions up to 1.9.20 are now supported. diff --git a/java/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md b/java/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md deleted file mode 100644 index d13350726a8..00000000000 --- a/java/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* The regular expressions library no longer incorrectly matches mode flag characters against the input. diff --git a/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md b/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md deleted file mode 100644 index 38901500226..00000000000 --- a/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows. diff --git a/java/ql/lib/change-notes/2023-09-28-case-rule-stmt-cfg-fix.md b/java/ql/lib/change-notes/2023-09-28-case-rule-stmt-cfg-fix.md deleted file mode 100644 index 5e99335aba7..00000000000 --- a/java/ql/lib/change-notes/2023-09-28-case-rule-stmt-cfg-fix.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge. -* Added support for default cases as proper guards in switch expressions to match switch statements. diff --git a/java/ql/lib/change-notes/released/0.8.0.md b/java/ql/lib/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..16f020fa7df --- /dev/null +++ b/java/ql/lib/change-notes/released/0.8.0.md @@ -0,0 +1,17 @@ +## 0.8.0 + +### New Features + +* Kotlin versions up to 1.9.20 are now supported. + +### Minor Analysis Improvements + +* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge. +* Added support for default cases as proper guards in switch expressions to match switch statements. +* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows. +* Added new dataflow models for the Apache CXF framework. +* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. + +### Bug Fixes + +* The regular expressions library no longer incorrectly matches mode flag characters against the input. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index b5108ee0bda..37eab3197dc 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index df095807bd5..32d6741f829 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.0-dev +version: 0.8.0 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 956a81d7802..ea706bfd055 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.0 + +No user-facing changes. + ## 0.7.5 No user-facing changes. diff --git a/java/ql/src/change-notes/released/0.8.0.md b/java/ql/src/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..16ea5f60373 --- /dev/null +++ b/java/ql/src/change-notes/released/0.8.0.md @@ -0,0 +1,3 @@ +## 0.8.0 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index b5108ee0bda..37eab3197dc 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index f09f03cb987..c95a7deccac 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.0-dev +version: 0.8.0 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 022aebbd693..f1aac73b577 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.0 + +No user-facing changes. + ## 0.7.5 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/0.8.0.md b/javascript/ql/lib/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..16ea5f60373 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.8.0.md @@ -0,0 +1,3 @@ +## 0.8.0 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index b5108ee0bda..37eab3197dc 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 2b5b69eccf9..9be13574db5 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.0-dev +version: 0.8.0 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index c67be888c57..8c0e3b427e9 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.0 + +No user-facing changes. + ## 0.7.5 ### Bug Fixes diff --git a/javascript/ql/src/change-notes/released/0.8.0.md b/javascript/ql/src/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..16ea5f60373 --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.8.0.md @@ -0,0 +1,3 @@ +## 0.8.0 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index b5108ee0bda..37eab3197dc 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 831f4e9aa57..d1af553f05e 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.0-dev +version: 0.8.0 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 9435d172e6f..7467add73ba 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.0 + +No user-facing changes. + ## 0.6.5 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.0.md b/misc/suite-helpers/change-notes/released/0.7.0.md new file mode 100644 index 00000000000..80d3864a0f9 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.0.md @@ -0,0 +1,3 @@ +## 0.7.0 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 86780fb6148..c761f3e7ab4 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.5 +lastReleaseVersion: 0.7.0 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 820c1bfc571..696cb8eac32 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.0-dev +version: 0.7.0 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 0f7d9c29975..63030992999 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.11.0 + +### Minor Analysis Improvements + +* Django Rest Framework better handles custom `ModelViewSet` classes functions +* Regular expression fragments residing inside implicitly concatenated strings now have better location information. + +### Bug Fixes + +* Subterms of regular expressions encoded as single-line string literals now have better source-location information. + ## 0.10.5 No user-facing changes. diff --git a/python/ql/lib/change-notes/2023-09-22-regex-prefix.md b/python/ql/lib/change-notes/2023-09-22-regex-prefix.md deleted file mode 100644 index 20affaaab4e..00000000000 --- a/python/ql/lib/change-notes/2023-09-22-regex-prefix.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Subterms of regular expressions encoded as single-line string literals now have better source-location information. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-09-26-regex-locations-in-string-parts.md b/python/ql/lib/change-notes/2023-09-26-regex-locations-in-string-parts.md deleted file mode 100644 index 32bdc1db15c..00000000000 --- a/python/ql/lib/change-notes/2023-09-26-regex-locations-in-string-parts.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Regular expression fragments residing inside implicitly concatenated strings now have better location information. diff --git a/python/ql/lib/change-notes/2023-09-29-django-restframework-improvements.md b/python/ql/lib/change-notes/2023-09-29-django-restframework-improvements.md deleted file mode 100644 index cf0c93fca2b..00000000000 --- a/python/ql/lib/change-notes/2023-09-29-django-restframework-improvements.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Django Rest Framework better handles custom `ModelViewSet` classes functions \ No newline at end of file diff --git a/python/ql/lib/change-notes/released/0.11.0.md b/python/ql/lib/change-notes/released/0.11.0.md new file mode 100644 index 00000000000..bf689298b4c --- /dev/null +++ b/python/ql/lib/change-notes/released/0.11.0.md @@ -0,0 +1,10 @@ +## 0.11.0 + +### Minor Analysis Improvements + +* Django Rest Framework better handles custom `ModelViewSet` classes functions +* Regular expression fragments residing inside implicitly concatenated strings now have better location information. + +### Bug Fixes + +* Subterms of regular expressions encoded as single-line string literals now have better source-location information. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 2e5e2af8307..fce68697d68 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.10.5 +lastReleaseVersion: 0.11.0 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 9f2da148abf..272b8418d7c 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.0-dev +version: 0.11.0 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index ca2dfaae546..230f54ce645 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.9.0 + +### New Queries + +* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite. + +### Minor Analysis Improvements + +* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`. +* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module. + ## 0.8.5 No user-facing changes. diff --git a/python/ql/src/change-notes/2023-09-05-asyncio-cmdi-sinks.md b/python/ql/src/change-notes/2023-09-05-asyncio-cmdi-sinks.md deleted file mode 100644 index 6a05b201d6b..00000000000 --- a/python/ql/src/change-notes/2023-09-05-asyncio-cmdi-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module. diff --git a/python/ql/src/change-notes/2023-09-13-django-url-allowed-host.md b/python/ql/src/change-notes/2023-09-13-django-url-allowed-host.md deleted file mode 100644 index 3ba166559d2..00000000000 --- a/python/ql/src/change-notes/2023-09-13-django-url-allowed-host.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`. diff --git a/python/ql/src/change-notes/2023-09-18-promoted-nosql-injection-query.md b/python/ql/src/change-notes/2023-09-18-promoted-nosql-injection-query.md deleted file mode 100644 index 2b30fd492d5..00000000000 --- a/python/ql/src/change-notes/2023-09-18-promoted-nosql-injection-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite. diff --git a/python/ql/src/change-notes/released/0.9.0.md b/python/ql/src/change-notes/released/0.9.0.md new file mode 100644 index 00000000000..12e30a0f838 --- /dev/null +++ b/python/ql/src/change-notes/released/0.9.0.md @@ -0,0 +1,10 @@ +## 0.9.0 + +### New Queries + +* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite. + +### Minor Analysis Improvements + +* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`. +* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index cbe6bc6b7c6..8b9fc185202 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.9.0 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 7790d40858b..c4ad3ab3328 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.0-dev +version: 0.9.0 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 60cc08a923d..f44809f63d2 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.0 + +### Major Analysis Improvements + +* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. + ## 0.7.5 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2023-08-23-variable-capture-flow.md b/ruby/ql/lib/change-notes/2023-08-23-variable-capture-flow.md deleted file mode 100644 index 66ab65083dc..00000000000 --- a/ruby/ql/lib/change-notes/2023-08-23-variable-capture-flow.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/released/0.8.0.md b/ruby/ql/lib/change-notes/released/0.8.0.md new file mode 100644 index 00000000000..a139654ebbe --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.8.0.md @@ -0,0 +1,5 @@ +## 0.8.0 + +### Major Analysis Improvements + +* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index b5108ee0bda..37eab3197dc 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index d90c77225c7..e14ffb64092 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.0-dev +version: 0.8.0 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index f69f774d171..6694814c95f 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.0 + +### Minor Analysis Improvements + +* Built-in Ruby queries now use the new DataFlow API. + ## 0.7.5 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2023-09-03-use-new-dataflow-api.md b/ruby/ql/src/change-notes/released/0.8.0.md similarity index 55% rename from ruby/ql/src/change-notes/2023-09-03-use-new-dataflow-api.md rename to ruby/ql/src/change-notes/released/0.8.0.md index 2cde6336ae4..14b7dd8b830 100644 --- a/ruby/ql/src/change-notes/2023-09-03-use-new-dataflow-api.md +++ b/ruby/ql/src/change-notes/released/0.8.0.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.8.0 + +### Minor Analysis Improvements + * Built-in Ruby queries now use the new DataFlow API. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index b5108ee0bda..37eab3197dc 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 86ea5c3b18d..a6f51d02bd1 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.0-dev +version: 0.8.0 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 3370a04b28c..1a5a17a4456 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.0 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.0.md b/shared/controlflow/change-notes/released/0.1.0.md new file mode 100644 index 00000000000..7b4d4fc699c --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.0.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index ec411a674bc..2e08f40f6aa 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.1.0 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 075a5632883..2e6d396ba4e 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index e18f52c0237..e72f0484bcb 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.1.0 + +### Major Analysis Improvements + +* Added support for type-based call edge pruning. This removes data flow call edges that are incompatible with the set of flow paths that reach it based on type information. This improves dispatch precision for constructs like lambdas, `Object.toString()` calls, and the visitor pattern. For now this is only enabled for Java and C#. + +### Minor Analysis Improvements + +* The `isBarrierIn` and `isBarrierOut` predicates in `DataFlow::StateConfigSig` now have overloaded variants that block a specific `FlowState`. + ## 0.0.4 No user-facing changes. diff --git a/shared/dataflow/change-notes/2023-09-26-inout-barrier-flow-state.md b/shared/dataflow/change-notes/2023-09-26-inout-barrier-flow-state.md deleted file mode 100644 index c7ea9638ee8..00000000000 --- a/shared/dataflow/change-notes/2023-09-26-inout-barrier-flow-state.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `isBarrierIn` and `isBarrierOut` predicates in `DataFlow::StateConfigSig` now have overloaded variants that block a specific `FlowState`. diff --git a/shared/dataflow/change-notes/2023-09-12-typeflow.md b/shared/dataflow/change-notes/released/0.1.0.md similarity index 60% rename from shared/dataflow/change-notes/2023-09-12-typeflow.md rename to shared/dataflow/change-notes/released/0.1.0.md index e5f01035478..df05aff26c5 100644 --- a/shared/dataflow/change-notes/2023-09-12-typeflow.md +++ b/shared/dataflow/change-notes/released/0.1.0.md @@ -1,4 +1,9 @@ ---- -category: majorAnalysis ---- +## 0.1.0 + +### Major Analysis Improvements + * Added support for type-based call edge pruning. This removes data flow call edges that are incompatible with the set of flow paths that reach it based on type information. This improves dispatch precision for constructs like lambdas, `Object.toString()` calls, and the visitor pattern. For now this is only enabled for Java and C#. + +### Minor Analysis Improvements + +* The `isBarrierIn` and `isBarrierOut` predicates in `DataFlow::StateConfigSig` now have overloaded variants that block a specific `FlowState`. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index ec411a674bc..2e08f40f6aa 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.1.0 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 3ed09bbbbd9..e751fef6b14 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 85c1fc61056..0df0d4f14e3 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.0.md b/shared/mad/change-notes/released/0.2.0.md new file mode 100644 index 00000000000..eb192b7a61b --- /dev/null +++ b/shared/mad/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 157cff8108d..5274e27ed52 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index df8815691e0..5e427add5a5 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true dependencies: null diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 52d8a94f585..9dc3e22056f 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.0.md b/shared/regex/change-notes/released/0.2.0.md new file mode 100644 index 00000000000..eb192b7a61b --- /dev/null +++ b/shared/regex/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 157cff8108d..5274e27ed52 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index a844c6216f0..456b7242bbe 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index c9857f9ad97..19312140989 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.2.0.md b/shared/ssa/change-notes/released/0.2.0.md new file mode 100644 index 00000000000..eb192b7a61b --- /dev/null +++ b/shared/ssa/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 157cff8108d..5274e27ed52 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 767b1489707..05e1e783ebb 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 9466e4c6a08..e1eddb1ead0 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.0.md b/shared/tutorial/change-notes/released/0.2.0.md new file mode 100644 index 00000000000..eb192b7a61b --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 157cff8108d..5274e27ed52 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 7e247846603..cf03db4f2dc 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 30f8294e16a..37615bfd8d4 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.0.md b/shared/typetracking/change-notes/released/0.2.0.md new file mode 100644 index 00000000000..eb192b7a61b --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 157cff8108d..5274e27ed52 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index ab480563399..0224995750d 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 73d10ecca5b..d77fa94eb25 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.0.md b/shared/typos/change-notes/released/0.2.0.md new file mode 100644 index 00000000000..eb192b7a61b --- /dev/null +++ b/shared/typos/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 157cff8108d..5274e27ed52 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 1d226cca2df..690127e7968 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 5d4ee4dd27f..02134dcfd4f 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/util/change-notes/released/0.2.0.md b/shared/util/change-notes/released/0.2.0.md new file mode 100644 index 00000000000..eb192b7a61b --- /dev/null +++ b/shared/util/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 157cff8108d..5274e27ed52 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 56e7751a8da..4dbdef82dbc 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index b6247037fd4..4e844168d15 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.0.md b/shared/yaml/change-notes/released/0.2.0.md new file mode 100644 index 00000000000..eb192b7a61b --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 157cff8108d..5274e27ed52 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index efef7197a42..5fb05420a3f 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index e159bf2fbfc..6011d2aa60d 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,32 @@ +## 0.3.0 + +### Deprecated APIs + +* The `ArrayContent` type in the data flow library has been deprecated and made an alias for the `CollectionContent` type, to better reflect the hierarchy of the Swift standard library. Uses of `ArrayElement` in model files will be interpreted as referring to `CollectionContent`. + +### Major Analysis Improvements + +* The predicates `getABaseType`, `getABaseTypeDecl`, `getADerivedType` and `getADerivedTypeDecl` on `Type` and `TypeDecl` now behave more usefully and consistently. They now explore through type aliases used in base class declarations, and include protocols added in extensions. + +To examine base class declarations at a low level without these enhancements, use `TypeDecl.getInheritedType`. + +`Type.getABaseType` (only) previously resolved a type alias it was called directly on. This behaviour no longer exists. To find any base type of a type that could be an alias, the construct `Type.getUnderlyingType().getABaseType*()` is recommended. + +### Minor Analysis Improvements + +* Modelled varargs function in `NSString` more accurately. +* Modelled `CustomStringConvertible.description` and `CustomDebugStringConvertible.debugDescription`, replacing ad-hoc models of these properties on derived classes. +* The regular expressions library now accepts a wider range of mode flags in a regular expression mode flag group (such as `(?u)`). The `(?w`) flag has been renamed from "UNICODE" to "UNICODEBOUNDARY", and the `(?u)` flag is called "UNICODE" in the libraries. +* Renamed `TypeDecl.getBaseType/1` to `getInheritedType`. +* Flow through writes via keypaths is now supported by the data flow library. +* Added flow through variadic arguments, and the `getVaList` function. +* Added flow steps through `Dictionary` keys and values. +* Added taint models for `Numeric` conversions. + +### Bug Fixes + +* The regular expressions library no longer incorrectly matches mode flag characters against the input. + ## 0.2.5 No user-facing changes. diff --git a/swift/ql/lib/change-notes/2023-08-10-numeric-models.md b/swift/ql/lib/change-notes/2023-08-10-numeric-models.md deleted file mode 100644 index 85812d99c10..00000000000 --- a/swift/ql/lib/change-notes/2023-08-10-numeric-models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added taint models for `Numeric` conversions. diff --git a/swift/ql/lib/change-notes/2023-08-11-dictionary-flow.md b/swift/ql/lib/change-notes/2023-08-11-dictionary-flow.md deleted file mode 100644 index 6496777f9e5..00000000000 --- a/swift/ql/lib/change-notes/2023-08-11-dictionary-flow.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added flow steps through `Dictionary` keys and values. diff --git a/swift/ql/lib/change-notes/2023-08-16-varargs.md b/swift/ql/lib/change-notes/2023-08-16-varargs.md deleted file mode 100644 index 324c43f3e21..00000000000 --- a/swift/ql/lib/change-notes/2023-08-16-varargs.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added flow through variadic arguments, and the `getVaList` function. diff --git a/swift/ql/lib/change-notes/2023-09-12-keypath-writes.md b/swift/ql/lib/change-notes/2023-09-12-keypath-writes.md deleted file mode 100644 index 5d0c97e47e3..00000000000 --- a/swift/ql/lib/change-notes/2023-09-12-keypath-writes.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Flow through writes via keypaths is now supported by the data flow library. diff --git a/swift/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md b/swift/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md deleted file mode 100644 index d13350726a8..00000000000 --- a/swift/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* The regular expressions library no longer incorrectly matches mode flag characters against the input. diff --git a/swift/ql/lib/change-notes/2023-09-13-array-content-unification.md b/swift/ql/lib/change-notes/2023-09-13-array-content-unification.md deleted file mode 100644 index 4185581839d..00000000000 --- a/swift/ql/lib/change-notes/2023-09-13-array-content-unification.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: deprecated ---- - -* The `ArrayContent` type in the data flow library has been deprecated and made an alias for the `CollectionContent` type, to better reflect the hierarchy of the Swift standard library. Uses of `ArrayElement` in model files will be interpreted as referring to `CollectionContent`. diff --git a/swift/ql/lib/change-notes/2023-09-14-rename-base-types.md b/swift/ql/lib/change-notes/2023-09-14-rename-base-types.md deleted file mode 100644 index c0f7d24f8e5..00000000000 --- a/swift/ql/lib/change-notes/2023-09-14-rename-base-types.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Renamed `TypeDecl.getBaseType/1` to `getInheritedType`. diff --git a/swift/ql/lib/change-notes/2023-09-18-get-a-base-type.md b/swift/ql/lib/change-notes/2023-09-18-get-a-base-type.md deleted file mode 100644 index 482b8346b64..00000000000 --- a/swift/ql/lib/change-notes/2023-09-18-get-a-base-type.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -category: majorAnalysis ---- - -* The predicates `getABaseType`, `getABaseTypeDecl`, `getADerivedType` and `getADerivedTypeDecl` on `Type` and `TypeDecl` now behave more usefully and consistently. They now explore through type aliases used in base class declarations, and include protocols added in extensions. - -To examine base class declarations at a low level without these enhancements, use `TypeDecl.getInheritedType`. - -`Type.getABaseType` (only) previously resolved a type alias it was called directly on. This behaviour no longer exists. To find any base type of a type that could be an alias, the construct `Type.getUnderlyingType().getABaseType*()` is recommended. diff --git a/swift/ql/lib/change-notes/2023-09-26-regex-mode-flags.md b/swift/ql/lib/change-notes/2023-09-26-regex-mode-flags.md deleted file mode 100644 index f55bfe567a6..00000000000 --- a/swift/ql/lib/change-notes/2023-09-26-regex-mode-flags.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The regular expressions library now accepts a wider range of mode flags in a regular expression mode flag group (such as `(?u)`). The `(?w`) flag has been renamed from "UNICODE" to "UNICODEBOUNDARY", and the `(?u)` flag is called "UNICODE" in the libraries. diff --git a/swift/ql/lib/change-notes/2023-09-27-debugdesc.md b/swift/ql/lib/change-notes/2023-09-27-debugdesc.md deleted file mode 100644 index 41416a92124..00000000000 --- a/swift/ql/lib/change-notes/2023-09-27-debugdesc.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Modelled `CustomStringConvertible.description` and `CustomDebugStringConvertible.debugDescription`, replacing ad-hoc models of these properties on derived classes. diff --git a/swift/ql/lib/change-notes/2023-09-29-nsstring.md b/swift/ql/lib/change-notes/2023-09-29-nsstring.md deleted file mode 100644 index b1c80653226..00000000000 --- a/swift/ql/lib/change-notes/2023-09-29-nsstring.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Modelled varargs function in `NSString` more accurately. diff --git a/swift/ql/lib/change-notes/released/0.3.0.md b/swift/ql/lib/change-notes/released/0.3.0.md new file mode 100644 index 00000000000..606afb574dc --- /dev/null +++ b/swift/ql/lib/change-notes/released/0.3.0.md @@ -0,0 +1,28 @@ +## 0.3.0 + +### Deprecated APIs + +* The `ArrayContent` type in the data flow library has been deprecated and made an alias for the `CollectionContent` type, to better reflect the hierarchy of the Swift standard library. Uses of `ArrayElement` in model files will be interpreted as referring to `CollectionContent`. + +### Major Analysis Improvements + +* The predicates `getABaseType`, `getABaseTypeDecl`, `getADerivedType` and `getADerivedTypeDecl` on `Type` and `TypeDecl` now behave more usefully and consistently. They now explore through type aliases used in base class declarations, and include protocols added in extensions. + +To examine base class declarations at a low level without these enhancements, use `TypeDecl.getInheritedType`. + +`Type.getABaseType` (only) previously resolved a type alias it was called directly on. This behaviour no longer exists. To find any base type of a type that could be an alias, the construct `Type.getUnderlyingType().getABaseType*()` is recommended. + +### Minor Analysis Improvements + +* Modelled varargs function in `NSString` more accurately. +* Modelled `CustomStringConvertible.description` and `CustomDebugStringConvertible.debugDescription`, replacing ad-hoc models of these properties on derived classes. +* The regular expressions library now accepts a wider range of mode flags in a regular expression mode flag group (such as `(?u)`). The `(?w`) flag has been renamed from "UNICODE" to "UNICODEBOUNDARY", and the `(?u)` flag is called "UNICODE" in the libraries. +* Renamed `TypeDecl.getBaseType/1` to `getInheritedType`. +* Flow through writes via keypaths is now supported by the data flow library. +* Added flow through variadic arguments, and the `getVaList` function. +* Added flow steps through `Dictionary` keys and values. +* Added taint models for `Numeric` conversions. + +### Bug Fixes + +* The regular expressions library no longer incorrectly matches mode flag characters against the input. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 211454ed306..95f6e3a0ba6 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.3.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 22634a94637..b210ae8d572 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.0-dev +version: 0.3.0 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 18a68d6c875..492dfbf8bb9 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,12 @@ +## 0.3.0 + +### Minor Analysis Improvements + +* Adder barriers for numeric type values to the injection-like queries, to reduce false positive results where the user input that can be injected is constrainted to a numerical value. The queries updated by this change are: "Predicate built from user-controlled sources" (`swift/predicate-injection`), "Database query built from user-controlled sources" (`swift/sql-injection`), "Uncontrolled format string" (`swift/uncontrolled-format-string`), "JavaScript Injection" (`swift/unsafe-js-eval`) and "Regular expression injection" (`swift/regex-injection`). +* Added additional taint steps to the `swift/cleartext-transmission`, `swift/cleartext-logging` and `swift/cleartext-storage-preferences` queries to identify data within sensitive containers. This is similar to an existing additional taint step in the `swift/cleartext-storage-database` query. +* Added new logging sinks to the `swift/cleartext-logging` query. +* Added sqlite3 and SQLite.swift path injection sinks for the `swift/path-injection` query. + ## 0.2.5 No user-facing changes. diff --git a/swift/ql/src/change-notes/2023-05-23-path-injection-sinks.md b/swift/ql/src/change-notes/2023-05-23-path-injection-sinks.md deleted file mode 100644 index 609041d2e75..00000000000 --- a/swift/ql/src/change-notes/2023-05-23-path-injection-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added sqlite3 and SQLite.swift path injection sinks for the `swift/path-injection` query. \ No newline at end of file diff --git a/swift/ql/src/change-notes/2023-08-16-cleartext-logging.md b/swift/ql/src/change-notes/2023-08-16-cleartext-logging.md deleted file mode 100644 index 4462b378dd4..00000000000 --- a/swift/ql/src/change-notes/2023-08-16-cleartext-logging.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added new logging sinks to the `swift/cleartext-logging` query. diff --git a/swift/ql/src/change-notes/2023-09-12-cleartext.md b/swift/ql/src/change-notes/2023-09-12-cleartext.md deleted file mode 100644 index 312ab00ca0b..00000000000 --- a/swift/ql/src/change-notes/2023-09-12-cleartext.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added additional taint steps to the `swift/cleartext-transmission`, `swift/cleartext-logging` and `swift/cleartext-storage-preferences` queries to identify data within sensitive containers. This is similar to an existing additional taint step in the `swift/cleartext-storage-database` query. diff --git a/swift/ql/src/change-notes/2023-09-19-numeric-barriers.md b/swift/ql/src/change-notes/released/0.3.0.md similarity index 52% rename from swift/ql/src/change-notes/2023-09-19-numeric-barriers.md rename to swift/ql/src/change-notes/released/0.3.0.md index 0fd9989afe1..cf67625e164 100644 --- a/swift/ql/src/change-notes/2023-09-19-numeric-barriers.md +++ b/swift/ql/src/change-notes/released/0.3.0.md @@ -1,4 +1,8 @@ ---- -category: minorAnalysis ---- +## 0.3.0 + +### Minor Analysis Improvements + * Adder barriers for numeric type values to the injection-like queries, to reduce false positive results where the user input that can be injected is constrainted to a numerical value. The queries updated by this change are: "Predicate built from user-controlled sources" (`swift/predicate-injection`), "Database query built from user-controlled sources" (`swift/sql-injection`), "Uncontrolled format string" (`swift/uncontrolled-format-string`), "JavaScript Injection" (`swift/unsafe-js-eval`) and "Regular expression injection" (`swift/regex-injection`). +* Added additional taint steps to the `swift/cleartext-transmission`, `swift/cleartext-logging` and `swift/cleartext-storage-preferences` queries to identify data within sensitive containers. This is similar to an existing additional taint step in the `swift/cleartext-storage-database` query. +* Added new logging sinks to the `swift/cleartext-logging` query. +* Added sqlite3 and SQLite.swift path injection sinks for the `swift/path-injection` query. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 211454ed306..95f6e3a0ba6 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.3.0 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 6649542b2c5..7f499e58f43 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.0-dev +version: 0.3.0 groups: - swift - queries