diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 1466e7ce645..e3a13b1d518 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,24 @@ +## 0.12.3 + +### Deprecated APIs + +* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead. + +### New Features + +* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides. + +### Minor Analysis Improvements + +* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has. +* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition. +* The deprecated `DefaultTaintTracking` library has been removed. +* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases. + +### Bug Fixes + +* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`. + ## 0.12.2 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md b/cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md deleted file mode 100644 index aa924c2a497..00000000000 --- a/cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md b/cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md deleted file mode 100644 index b5ff6a11d0d..00000000000 --- a/cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The deprecated `DefaultTaintTracking` library has been removed. diff --git a/cpp/ql/lib/change-notes/2023-11-30-as-definition.md b/cpp/ql/lib/change-notes/2023-11-30-as-definition.md deleted file mode 100644 index 0362929ca7f..00000000000 --- a/cpp/ql/lib/change-notes/2023-11-30-as-definition.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition. diff --git a/cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md b/cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md deleted file mode 100644 index 89b7a9007c5..00000000000 --- a/cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead. diff --git a/cpp/ql/lib/change-notes/2023-12-14-dataflow-tostring.md b/cpp/ql/lib/change-notes/2023-12-14-dataflow-tostring.md deleted file mode 100644 index 94380c96ed1..00000000000 --- a/cpp/ql/lib/change-notes/2023-12-14-dataflow-tostring.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has. diff --git a/cpp/ql/lib/change-notes/2023-12-22-unique-function.md b/cpp/ql/lib/change-notes/2023-12-22-unique-function.md deleted file mode 100644 index bd5d84132ab..00000000000 --- a/cpp/ql/lib/change-notes/2023-12-22-unique-function.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-01-02-function-types.md b/cpp/ql/lib/change-notes/2024-01-02-function-types.md deleted file mode 100644 index 9ff5e582ae8..00000000000 --- a/cpp/ql/lib/change-notes/2024-01-02-function-types.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides. diff --git a/cpp/ql/lib/change-notes/released/0.12.3.md b/cpp/ql/lib/change-notes/released/0.12.3.md new file mode 100644 index 00000000000..6ae4af94795 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.12.3.md @@ -0,0 +1,20 @@ +## 0.12.3 + +### Deprecated APIs + +* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead. + +### New Features + +* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides. + +### Minor Analysis Improvements + +* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has. +* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition. +* The deprecated `DefaultTaintTracking` library has been removed. +* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases. + +### Bug Fixes + +* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 8baa46a6150..65578a5162e 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.12.2 +lastReleaseVersion: 0.12.3 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 1a1f2d1c7c7..8018ba065e3 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.12.3-dev +version: 0.12.3 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index e1485b43676..9c287ddfae8 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.9.2 + +### New Queries + +* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately. +* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there. + +### Minor Analysis Improvements + +* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur. + ## 0.9.1 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2023-12-04-incorrectly-checked-scanf.md b/cpp/ql/src/change-notes/2023-12-04-incorrectly-checked-scanf.md deleted file mode 100644 index 3bebd2dff46..00000000000 --- a/cpp/ql/src/change-notes/2023-12-04-incorrectly-checked-scanf.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there. diff --git a/cpp/ql/src/change-notes/2023-12-12-use-of-unique-pointer-after-lifetime-ends.md b/cpp/ql/src/change-notes/2023-12-12-use-of-unique-pointer-after-lifetime-ends.md deleted file mode 100644 index a74017aa6a1..00000000000 --- a/cpp/ql/src/change-notes/2023-12-12-use-of-unique-pointer-after-lifetime-ends.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2023-12-15-badly-bounded-write.md b/cpp/ql/src/change-notes/2023-12-15-badly-bounded-write.md deleted file mode 100644 index 1dd4705754b..00000000000 --- a/cpp/ql/src/change-notes/2023-12-15-badly-bounded-write.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur. diff --git a/cpp/ql/src/change-notes/released/0.9.2.md b/cpp/ql/src/change-notes/released/0.9.2.md new file mode 100644 index 00000000000..7945a450a4c --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.9.2.md @@ -0,0 +1,10 @@ +## 0.9.2 + +### New Queries + +* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately. +* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there. + +### Minor Analysis Improvements + +* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 6789dcd18b7..e1eda519435 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.1 +lastReleaseVersion: 0.9.2 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 9c5e81a6c31..96c8abf6b94 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.9.2-dev +version: 0.9.2 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 881ef60c7c7..303e0da1175 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.6 + +No user-facing changes. + ## 1.7.5 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.6.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.6.md new file mode 100644 index 00000000000..fe2a0f02e7e --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.6.md @@ -0,0 +1,3 @@ +## 1.7.6 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 83aebd7c12a..1f68518dba9 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.5 +lastReleaseVersion: 1.7.6 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index a2969f590b7..167689f1579 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.6-dev +version: 1.7.6 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 881ef60c7c7..303e0da1175 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.6 + +No user-facing changes. + ## 1.7.5 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.6.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.6.md new file mode 100644 index 00000000000..fe2a0f02e7e --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.6.md @@ -0,0 +1,3 @@ +## 1.7.6 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 83aebd7c12a..1f68518dba9 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.5 +lastReleaseVersion: 1.7.6 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 9c9fb4bc5fc..7313dee6111 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.6-dev +version: 1.7.6 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index fe7cf2a05a5..a0d1cbc59f8 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,11 @@ +## 0.8.6 + +### Minor Analysis Improvements + +* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters. +* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`. +* Additional support for `Amazon.Lambda` SDK + ## 0.8.5 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2023-06-22-aws-lambda-models.md b/csharp/ql/lib/change-notes/2023-06-22-aws-lambda-models.md deleted file mode 100644 index 9943af0797f..00000000000 --- a/csharp/ql/lib/change-notes/2023-06-22-aws-lambda-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Additional support for `Amazon.Lambda` SDK \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2023-12-20-arg-param-mapping.md b/csharp/ql/lib/change-notes/2023-12-20-arg-param-mapping.md deleted file mode 100644 index f701d47ab54..00000000000 --- a/csharp/ql/lib/change-notes/2023-12-20-arg-param-mapping.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md b/csharp/ql/lib/change-notes/released/0.8.6.md similarity index 60% rename from csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md rename to csharp/ql/lib/change-notes/released/0.8.6.md index 8ea6ff9940f..0e4cdca9e1a 100644 --- a/csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md +++ b/csharp/ql/lib/change-notes/released/0.8.6.md @@ -1,5 +1,7 @@ ---- -category: minorAnalysis ---- +## 0.8.6 -* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`. \ No newline at end of file +### Minor Analysis Improvements + +* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters. +* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`. +* Additional support for `Amazon.Lambda` SDK diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index cbe6bc6b7c6..d67c1aac29d 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 4afc1644ba1..49e5f54d870 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.6-dev +version: 0.8.6 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0318549742f..ebb31d1516f 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.8.6 + +### Minor Analysis Improvements + +* Fixed a Log forging false positive when using `String.Replace` to sanitize the input. +* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()` + ## 0.8.5 No user-facing changes. diff --git a/csharp/ql/src/change-notes/2023-11-29-url-redirect-false-positive.md b/csharp/ql/src/change-notes/2023-11-29-url-redirect-false-positive.md deleted file mode 100644 index b993fb80dcf..00000000000 --- a/csharp/ql/src/change-notes/2023-11-29-url-redirect-false-positive.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()` \ No newline at end of file diff --git a/csharp/ql/src/change-notes/2024-01-03-logforging-false-positive.md b/csharp/ql/src/change-notes/2024-01-03-logforging-false-positive.md deleted file mode 100644 index d2719cb3049..00000000000 --- a/csharp/ql/src/change-notes/2024-01-03-logforging-false-positive.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a Log forging false positive when using `String.Replace` to sanitize the input. diff --git a/csharp/ql/src/change-notes/released/0.8.6.md b/csharp/ql/src/change-notes/released/0.8.6.md new file mode 100644 index 00000000000..d52c8b7f8a1 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.8.6.md @@ -0,0 +1,6 @@ +## 0.8.6 + +### Minor Analysis Improvements + +* Fixed a Log forging false positive when using `String.Replace` to sanitize the input. +* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()` diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index cbe6bc6b7c6..d67c1aac29d 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 006a95aa0f0..77b4bdf2f30 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.6-dev +version: 0.8.6 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 4ffbff1e0c4..9b269441c00 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.5 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/0.0.5.md b/go/ql/consistency-queries/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..766ec2723b5 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 1b8ac8c1be9..05cf96dc4c9 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.5-dev +version: 0.0.5 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 87ef5eb3443..048d598bf3b 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,11 @@ +## 0.7.6 + +### Minor Analysis Improvements + +* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned. +* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package. +* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant. + ## 0.7.5 No user-facing changes. diff --git a/go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md b/go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md deleted file mode 100644 index 8a02c12fd91..00000000000 --- a/go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant. diff --git a/go/ql/lib/change-notes/2023-12-22-minor-analysis-xpath-libxml2.md b/go/ql/lib/change-notes/2023-12-22-minor-analysis-xpath-libxml2.md deleted file mode 100644 index 16baf7f5b07..00000000000 --- a/go/ql/lib/change-notes/2023-12-22-minor-analysis-xpath-libxml2.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package. \ No newline at end of file diff --git a/go/ql/lib/change-notes/2024-01-02-go-successfully-extracted.md b/go/ql/lib/change-notes/2024-01-02-go-successfully-extracted.md deleted file mode 100644 index 7cc21215c81..00000000000 --- a/go/ql/lib/change-notes/2024-01-02-go-successfully-extracted.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned. diff --git a/go/ql/lib/change-notes/released/0.7.6.md b/go/ql/lib/change-notes/released/0.7.6.md new file mode 100644 index 00000000000..caaee4357a3 --- /dev/null +++ b/go/ql/lib/change-notes/released/0.7.6.md @@ -0,0 +1,7 @@ +## 0.7.6 + +### Minor Analysis Improvements + +* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned. +* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package. +* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index b5108ee0bda..863f5a24cd2 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.7.6 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index b22fdbf06ab..8fa1884d0e0 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.6-dev +version: 0.7.6 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 504a9aefdde..702bdfd7f40 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.6 + +### Minor Analysis Improvements + +* There was a bug in the query `go/incorrect-integer-conversion` which meant that upper bound checks using a strict inequality (`<`) and comparing against `math.MaxInt` or `math.MaxUint` were not considered correctly, which led to false positives. This has now been fixed. + ## 0.7.5 No user-facing changes. diff --git a/go/ql/src/change-notes/2023-12-17-incorrect-integer-conversion-fix.md b/go/ql/src/change-notes/released/0.7.6.md similarity index 86% rename from go/ql/src/change-notes/2023-12-17-incorrect-integer-conversion-fix.md rename to go/ql/src/change-notes/released/0.7.6.md index 23f1e1e5f45..6ae8efc913b 100644 --- a/go/ql/src/change-notes/2023-12-17-incorrect-integer-conversion-fix.md +++ b/go/ql/src/change-notes/released/0.7.6.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.7.6 + +### Minor Analysis Improvements + * There was a bug in the query `go/incorrect-integer-conversion` which meant that upper bound checks using a strict inequality (`<`) and comparing against `math.MaxInt` or `math.MaxUint` were not considered correctly, which led to false positives. This has now been fixed. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index b5108ee0bda..863f5a24cd2 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.7.6 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 4d54626aa34..7ac72a934a8 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.6-dev +version: 0.7.6 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 0a3a35ff891..d1bc8b8ee5f 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.12 + +No user-facing changes. + ## 0.0.11 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.12.md b/java/ql/automodel/src/change-notes/released/0.0.12.md new file mode 100644 index 00000000000..0e206033bc4 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.12.md @@ -0,0 +1,3 @@ +## 0.0.12 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index e679dc42092..997fb8da83c 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.11 +lastReleaseVersion: 0.0.12 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 9939f0ef555..d56d6f3167c 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.12-dev +version: 0.0.12 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index bc07396977a..dc0af8b76be 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,38 @@ +## 0.8.6 + +### Deprecated APIs + +* Imports of the old dataflow libraries (e.g. `semmle.code.java.dataflow.DataFlow2`) have been deprecated in the libraries under the `semmle.code.java.security` namespace. + +### Minor Analysis Improvements + +* Added the `Map#replace` and `Map#replaceAll` methods to the `MapMutator` class in `semmle.code.java.Maps`. +* Taint tracking now understands Kotlin's `Array.get` and `Array.set` methods. +* Added a sink model for the `createRelative` method of the `org.springframework.core.io.Resource` interface. +* Added source models for methods of the `org.springframework.web.util.UrlPathHelper` class and removed their taint flow models. +* Added models for the following packages: + + * com.google.common.io + * hudson + * hudson.console + * java.lang + * java.net + * java.util.logging + * javax.imageio.stream + * org.apache.commons.io + * org.apache.hadoop.hive.ql.exec + * org.apache.hadoop.hive.ql.metadata + * org.apache.tools.ant.taskdefs +* Added models for the following packages: + + * com.alibaba.druid.sql.repository + * jakarta.persistence + * jakarta.persistence.criteria + * liquibase.database.jvm + * liquibase.statement.core + * org.apache.ibatis.mapping + * org.keycloak.models.map.storage + ## 0.8.5 No user-facing changes. diff --git a/java/ql/lib/change-notes/2023-10-24-new-models.md b/java/ql/lib/change-notes/2023-10-24-new-models.md deleted file mode 100644 index b587721af7b..00000000000 --- a/java/ql/lib/change-notes/2023-10-24-new-models.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the following packages: - - * com.alibaba.druid.sql.repository - * jakarta.persistence - * jakarta.persistence.criteria - * liquibase.database.jvm - * liquibase.statement.core - * org.apache.ibatis.mapping - * org.keycloak.models.map.storage diff --git a/java/ql/lib/change-notes/2023-10-31-new-models.md b/java/ql/lib/change-notes/2023-10-31-new-models.md deleted file mode 100644 index 1c0fc3daa55..00000000000 --- a/java/ql/lib/change-notes/2023-10-31-new-models.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the following packages: - - * com.google.common.io - * hudson - * hudson.console - * java.lang - * java.net - * java.util.logging - * javax.imageio.stream - * org.apache.commons.io - * org.apache.hadoop.hive.ql.exec - * org.apache.hadoop.hive.ql.metadata - * org.apache.tools.ant.taskdefs diff --git a/java/ql/lib/change-notes/2023-11-29-new-spring-models.md b/java/ql/lib/change-notes/2023-11-29-new-spring-models.md deleted file mode 100644 index e513f71bda6..00000000000 --- a/java/ql/lib/change-notes/2023-11-29-new-spring-models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a sink model for the `createRelative` method of the `org.springframework.core.io.Resource` interface. -* Added source models for methods of the `org.springframework.web.util.UrlPathHelper` class and removed their taint flow models. diff --git a/java/ql/lib/change-notes/2023-12-05-kotlin-array-get-set.md b/java/ql/lib/change-notes/2023-12-05-kotlin-array-get-set.md deleted file mode 100644 index 60c56a8f8f3..00000000000 --- a/java/ql/lib/change-notes/2023-12-05-kotlin-array-get-set.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Taint tracking now understands Kotlin's `Array.get` and `Array.set` methods. diff --git a/java/ql/lib/change-notes/2023-12-08-deprecate-reexport-of-old-dataflow-libraries.md b/java/ql/lib/change-notes/2023-12-08-deprecate-reexport-of-old-dataflow-libraries.md deleted file mode 100644 index 789949147d1..00000000000 --- a/java/ql/lib/change-notes/2023-12-08-deprecate-reexport-of-old-dataflow-libraries.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* Imports of the old dataflow libraries (e.g. `semmle.code.java.dataflow.DataFlow2`) have been deprecated in the libraries under the `semmle.code.java.security` namespace. diff --git a/java/ql/lib/change-notes/2023-12-19-add-replace-methods-to-mapmutator.md b/java/ql/lib/change-notes/2023-12-19-add-replace-methods-to-mapmutator.md deleted file mode 100644 index 9f69b26aefb..00000000000 --- a/java/ql/lib/change-notes/2023-12-19-add-replace-methods-to-mapmutator.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added the `Map#replace` and `Map#replaceAll` methods to the `MapMutator` class in `semmle.code.java.Maps`. diff --git a/java/ql/lib/change-notes/released/0.8.6.md b/java/ql/lib/change-notes/released/0.8.6.md new file mode 100644 index 00000000000..4af302527a5 --- /dev/null +++ b/java/ql/lib/change-notes/released/0.8.6.md @@ -0,0 +1,34 @@ +## 0.8.6 + +### Deprecated APIs + +* Imports of the old dataflow libraries (e.g. `semmle.code.java.dataflow.DataFlow2`) have been deprecated in the libraries under the `semmle.code.java.security` namespace. + +### Minor Analysis Improvements + +* Added the `Map#replace` and `Map#replaceAll` methods to the `MapMutator` class in `semmle.code.java.Maps`. +* Taint tracking now understands Kotlin's `Array.get` and `Array.set` methods. +* Added a sink model for the `createRelative` method of the `org.springframework.core.io.Resource` interface. +* Added source models for methods of the `org.springframework.web.util.UrlPathHelper` class and removed their taint flow models. +* Added models for the following packages: + + * com.google.common.io + * hudson + * hudson.console + * java.lang + * java.net + * java.util.logging + * javax.imageio.stream + * org.apache.commons.io + * org.apache.hadoop.hive.ql.exec + * org.apache.hadoop.hive.ql.metadata + * org.apache.tools.ant.taskdefs +* Added models for the following packages: + + * com.alibaba.druid.sql.repository + * jakarta.persistence + * jakarta.persistence.criteria + * liquibase.database.jvm + * liquibase.statement.core + * org.apache.ibatis.mapping + * org.keycloak.models.map.storage diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index cbe6bc6b7c6..d67c1aac29d 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 77503a51cb3..f9d3e42fa3f 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.6-dev +version: 0.8.6 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 58799c443cc..89a3d694649 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,19 @@ +## 0.8.6 + +### Deprecated Queries + +* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated. + +### New Queries + +* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. + +### Minor Analysis Improvements + +* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files. +* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem. +* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`. + ## 0.8.5 No user-facing changes. diff --git a/java/ql/src/change-notes/2023-11-08-weak-randomness-query.md b/java/ql/src/change-notes/2023-11-08-weak-randomness-query.md deleted file mode 100644 index 9022f825af6..00000000000 --- a/java/ql/src/change-notes/2023-11-08-weak-randomness-query.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: newQuery ---- -* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. - diff --git a/java/ql/src/change-notes/2023-12-12-android-certificate-pinning-precision.md b/java/ql/src/change-notes/2023-12-12-android-certificate-pinning-precision.md deleted file mode 100644 index ae3742e9f83..00000000000 --- a/java/ql/src/change-notes/2023-12-12-android-certificate-pinning-precision.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem. diff --git a/java/ql/src/change-notes/2023-12-12-ognl-invalid-sinks.md b/java/ql/src/change-notes/2023-12-12-ognl-invalid-sinks.md deleted file mode 100644 index f7c5197bf96..00000000000 --- a/java/ql/src/change-notes/2023-12-12-ognl-invalid-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`. diff --git a/java/ql/src/change-notes/2023-12-14-flowstatestring-deprecated.md b/java/ql/src/change-notes/2023-12-14-flowstatestring-deprecated.md deleted file mode 100644 index 580f88c7807..00000000000 --- a/java/ql/src/change-notes/2023-12-14-flowstatestring-deprecated.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated. diff --git a/java/ql/src/change-notes/2023-12-15-weak-cryptographic-algorithm-from-properties-file.md b/java/ql/src/change-notes/2023-12-15-weak-cryptographic-algorithm-from-properties-file.md deleted file mode 100644 index 9b5436b4b25..00000000000 --- a/java/ql/src/change-notes/2023-12-15-weak-cryptographic-algorithm-from-properties-file.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files. diff --git a/java/ql/src/change-notes/released/0.8.6.md b/java/ql/src/change-notes/released/0.8.6.md new file mode 100644 index 00000000000..cb3d51c991d --- /dev/null +++ b/java/ql/src/change-notes/released/0.8.6.md @@ -0,0 +1,15 @@ +## 0.8.6 + +### Deprecated Queries + +* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated. + +### New Queries + +* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. + +### Minor Analysis Improvements + +* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files. +* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem. +* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index cbe6bc6b7c6..d67c1aac29d 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index a409cf51016..ce12b520b71 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.6-dev +version: 0.8.6 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 7a9d08a50f2..c963c1fd4ab 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.6 + +No user-facing changes. + ## 0.8.5 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/0.8.6.md b/javascript/ql/lib/change-notes/released/0.8.6.md new file mode 100644 index 00000000000..76516cea7c8 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.8.6.md @@ -0,0 +1,3 @@ +## 0.8.6 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index cbe6bc6b7c6..d67c1aac29d 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 3fa86edf3e3..3960ed22f04 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.6-dev +version: 0.8.6 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 1af40bc77b5..3e8696d3fb1 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.6 + +No user-facing changes. + ## 0.8.5 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/0.8.6.md b/javascript/ql/src/change-notes/released/0.8.6.md new file mode 100644 index 00000000000..76516cea7c8 --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.8.6.md @@ -0,0 +1,3 @@ +## 0.8.6 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index cbe6bc6b7c6..d67c1aac29d 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 947d9c61bf7..5b2e528ec73 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.6-dev +version: 0.8.6 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 4048fb51cd9..5fd816aeb8c 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.6 + +No user-facing changes. + ## 0.7.5 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.6.md b/misc/suite-helpers/change-notes/released/0.7.6.md new file mode 100644 index 00000000000..1370a410515 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.6.md @@ -0,0 +1,3 @@ +## 0.7.6 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index b5108ee0bda..863f5a24cd2 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.7.6 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 5ee25056a75..eff9586b020 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.6-dev +version: 0.7.6 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 8a570da513f..f9f4fc8c8a4 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,19 @@ +## 0.11.6 + +### Major Analysis Improvements + +* Added support for global data-flow through captured variables. + +### Minor Analysis Improvements + +* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler. +* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated. + +### Bug Fixes + +- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly. +- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected. + ## 0.11.5 No user-facing changes. diff --git a/python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md b/python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md deleted file mode 100644 index e35eca34679..00000000000 --- a/python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: fix ---- - -- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected. diff --git a/python/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md b/python/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md deleted file mode 100644 index aef3146d6f2..00000000000 --- a/python/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-12-08-automated-subclass-models.md b/python/ql/lib/change-notes/2023-12-08-automated-subclass-models.md deleted file mode 100644 index 8f9e4a1b614..00000000000 --- a/python/ql/lib/change-notes/2023-12-08-automated-subclass-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler. diff --git a/python/ql/lib/change-notes/2023-12-18-support-variable-capture.md b/python/ql/lib/change-notes/2023-12-18-support-variable-capture.md deleted file mode 100644 index e7aee047fa1..00000000000 --- a/python/ql/lib/change-notes/2023-12-18-support-variable-capture.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Added support for global data-flow through captured variables. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-12-20-add-scope-entry-definition-nodes.md b/python/ql/lib/change-notes/2023-12-20-add-scope-entry-definition-nodes.md deleted file mode 100644 index f2fca008e44..00000000000 --- a/python/ql/lib/change-notes/2023-12-20-add-scope-entry-definition-nodes.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: fix ---- - -- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly. diff --git a/python/ql/lib/change-notes/released/0.11.6.md b/python/ql/lib/change-notes/released/0.11.6.md new file mode 100644 index 00000000000..e24d66901fc --- /dev/null +++ b/python/ql/lib/change-notes/released/0.11.6.md @@ -0,0 +1,15 @@ +## 0.11.6 + +### Major Analysis Improvements + +* Added support for global data-flow through captured variables. + +### Minor Analysis Improvements + +* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler. +* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated. + +### Bug Fixes + +- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly. +- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index ca91bf6fce9..100225af99d 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.11.5 +lastReleaseVersion: 0.11.6 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 8a0e93bbe8e..aee9bfc2d01 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.6-dev +version: 0.11.6 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 175f47861b9..ade5cb0cc54 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.9.6 + +No user-facing changes. + ## 0.9.5 No user-facing changes. diff --git a/python/ql/src/change-notes/released/0.9.6.md b/python/ql/src/change-notes/released/0.9.6.md new file mode 100644 index 00000000000..1e5874c13a6 --- /dev/null +++ b/python/ql/src/change-notes/released/0.9.6.md @@ -0,0 +1,3 @@ +## 0.9.6 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 460240feaff..19139c132b2 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.5 +lastReleaseVersion: 0.9.6 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 25594b06637..9c3e9a4dd48 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.6-dev +version: 0.9.6 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 0641b60a508..4a2cc6d2e24 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,11 @@ +## 0.8.6 + +### Minor Analysis Improvements + +* Parsing of division operators (`/`) at the end of a line has been improved. Before they were wrongly interpreted as the start of a regular expression literal (`/.../`) leading to syntax errors. +* Parsing of `case` statements that are formatted with the value expression on a different line than the `case` keyword has been improved and should no longer lead to syntax errors. +* Ruby now makes use of the shared type tracking library, exposed as `codeql.ruby.typetracking.TypeTracking`. The existing type tracking library, `codeql.ruby.typetracking.TypeTracker`, has consequently been deprecated. + ## 0.8.5 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md b/ruby/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md deleted file mode 100644 index c03804e5975..00000000000 --- a/ruby/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Ruby now makes use of the shared type tracking library, exposed as `codeql.ruby.typetracking.TypeTracking`. The existing type tracking library, `codeql.ruby.typetracking.TypeTracker`, has consequently been deprecated. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2024-01-05-division-newline.md b/ruby/ql/lib/change-notes/released/0.8.6.md similarity index 59% rename from ruby/ql/lib/change-notes/2024-01-05-division-newline.md rename to ruby/ql/lib/change-notes/released/0.8.6.md index 384542e4ea4..ed73a368b67 100644 --- a/ruby/ql/lib/change-notes/2024-01-05-division-newline.md +++ b/ruby/ql/lib/change-notes/released/0.8.6.md @@ -1,5 +1,7 @@ ---- -category: minorAnalysis ---- +## 0.8.6 + +### Minor Analysis Improvements + * Parsing of division operators (`/`) at the end of a line has been improved. Before they were wrongly interpreted as the start of a regular expression literal (`/.../`) leading to syntax errors. * Parsing of `case` statements that are formatted with the value expression on a different line than the `case` keyword has been improved and should no longer lead to syntax errors. +* Ruby now makes use of the shared type tracking library, exposed as `codeql.ruby.typetracking.TypeTracking`. The existing type tracking library, `codeql.ruby.typetracking.TypeTracker`, has consequently been deprecated. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index cbe6bc6b7c6..d67c1aac29d 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index c460d2d3638..6a8ad466f2d 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.6-dev +version: 0.8.6 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 0e589135e41..7d5c2de2131 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.6 + +No user-facing changes. + ## 0.8.5 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/0.8.6.md b/ruby/ql/src/change-notes/released/0.8.6.md new file mode 100644 index 00000000000..76516cea7c8 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.8.6.md @@ -0,0 +1,3 @@ +## 0.8.6 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index cbe6bc6b7c6..d67c1aac29d 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 9dc44497c14..222dbb854db 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.6-dev +version: 0.8.6 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index d14dc358baf..71269fe4ba8 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.6 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.6.md b/shared/controlflow/change-notes/released/0.1.6.md new file mode 100644 index 00000000000..b856f15fe69 --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.6.md @@ -0,0 +1,3 @@ +## 0.1.6 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 157cff8108d..d271632b3dd 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.1.6 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 9f1a41b9c15..86a30bba306 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.6-dev +version: 0.1.6 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 39444bf389a..a996595df47 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.6 + +### Deprecated APIs + +* The old configuration-class based data flow api has been deprecated. The configuration-module based api should be used instead. For details, see https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries/. + ## 0.1.5 No user-facing changes. diff --git a/shared/dataflow/change-notes/2023-12-08-dataflow-old-api-deprecated.md b/shared/dataflow/change-notes/released/0.1.6.md similarity index 88% rename from shared/dataflow/change-notes/2023-12-08-dataflow-old-api-deprecated.md rename to shared/dataflow/change-notes/released/0.1.6.md index 628a0d90668..4df6b52a190 100644 --- a/shared/dataflow/change-notes/2023-12-08-dataflow-old-api-deprecated.md +++ b/shared/dataflow/change-notes/released/0.1.6.md @@ -1,4 +1,5 @@ ---- -category: deprecated ---- +## 0.1.6 + +### Deprecated APIs + * The old configuration-class based data flow api has been deprecated. The configuration-module based api should be used instead. For details, see https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries/. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 157cff8108d..d271632b3dd 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.1.6 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index d53e750de32..c3331c55e39 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.6-dev +version: 0.1.6 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 8fdbd159d53..514ddda4d2b 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.6.md b/shared/mad/change-notes/released/0.2.6.md new file mode 100644 index 00000000000..edaefe75481 --- /dev/null +++ b/shared/mad/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 211454ed306..248dd0f4594 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 47c23b2976f..c74a3990bfd 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true dependencies: null diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index a66789ca7f5..381b7ea8840 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.5 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/0.0.5.md b/shared/rangeanalysis/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..766ec2723b5 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index f0c5bd25a69..a549db3f144 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.5-dev +version: 0.0.5 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 3cf342c9f29..04bb2adcc0a 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.6.md b/shared/regex/change-notes/released/0.2.6.md new file mode 100644 index 00000000000..edaefe75481 --- /dev/null +++ b/shared/regex/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 211454ed306..248dd0f4594 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 33b5952fe87..e2931e467a2 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index d1f2a74fec0..3ba7f8edce1 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.2.6.md b/shared/ssa/change-notes/released/0.2.6.md new file mode 100644 index 00000000000..edaefe75481 --- /dev/null +++ b/shared/ssa/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 211454ed306..248dd0f4594 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 00e6b698e43..de4724ebf2a 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 4ffbff1e0c4..9b269441c00 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.5 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/0.0.5.md b/shared/threat-models/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..766ec2723b5 --- /dev/null +++ b/shared/threat-models/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index abe9e10f4af..40d1dba613c 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.5-dev +version: 0.0.5 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index a0bfc02bcbf..1523a1599c2 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.6.md b/shared/tutorial/change-notes/released/0.2.6.md new file mode 100644 index 00000000000..edaefe75481 --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 211454ed306..248dd0f4594 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 9e095cb2b6c..e0d5641a1b7 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 2236b1a2d5d..a8639d1de49 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.6.md b/shared/typetracking/change-notes/released/0.2.6.md new file mode 100644 index 00000000000..edaefe75481 --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 211454ed306..248dd0f4594 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 24301a5c13e..88865eedf54 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 9db98dbb2d0..bd1c41f8297 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.6.md b/shared/typos/change-notes/released/0.2.6.md new file mode 100644 index 00000000000..edaefe75481 --- /dev/null +++ b/shared/typos/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 211454ed306..248dd0f4594 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 3c4ea9d6fb2..e39af7faad0 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index a1df29447d5..677b82a2b4e 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/util/change-notes/released/0.2.6.md b/shared/util/change-notes/released/0.2.6.md new file mode 100644 index 00000000000..edaefe75481 --- /dev/null +++ b/shared/util/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 211454ed306..248dd0f4594 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 6652d73fba1..65dac915583 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index aa342042f47..e043461448e 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.6.md b/shared/yaml/change-notes/released/0.2.6.md new file mode 100644 index 00000000000..edaefe75481 --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 211454ed306..248dd0f4594 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index f13f8aeca74..ca586959f2b 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 16d44561346..7236e3740d9 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.3.6 + +### Minor Analysis Improvements + +* Expanded flow models for `UnsafePointer` and similar classes. +* Added flow models for non-member `withUnsafePointer` and similar functions. +* Added flow models for `withMemoryRebound`, `assumingMemoryBound` and `bindMemory` member functions of library pointer classes. +* Added a sensitive data model for `SecKeyCopyExternalRepresentation`. +* Added imprecise flow models for `append` and `insert` methods, and initializer calls with a `data` argument. +* Tyes for patterns are now included in the database and made available through the `Pattern::getType()` method. + ## 0.3.5 No user-facing changes. diff --git a/swift/ql/lib/change-notes/2023-10-24-pattern-types.md b/swift/ql/lib/change-notes/2023-10-24-pattern-types.md deleted file mode 100644 index 0288e56ce3e..00000000000 --- a/swift/ql/lib/change-notes/2023-10-24-pattern-types.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Tyes for patterns are now included in the database and made available through the `Pattern::getType()` method. diff --git a/swift/ql/lib/change-notes/2023-11-27-append.md b/swift/ql/lib/change-notes/2023-11-27-append.md deleted file mode 100644 index b6bc9dfc6be..00000000000 --- a/swift/ql/lib/change-notes/2023-11-27-append.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added imprecise flow models for `append` and `insert` methods, and initializer calls with a `data` argument. diff --git a/swift/ql/lib/change-notes/2023-12-05-seckey.md b/swift/ql/lib/change-notes/2023-12-05-seckey.md deleted file mode 100644 index 883eedd48a5..00000000000 --- a/swift/ql/lib/change-notes/2023-12-05-seckey.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a sensitive data model for `SecKeyCopyExternalRepresentation`. diff --git a/swift/ql/lib/change-notes/2023-12-07-closure-models.md b/swift/ql/lib/change-notes/2023-12-07-closure-models.md deleted file mode 100644 index 33e0335f1e6..00000000000 --- a/swift/ql/lib/change-notes/2023-12-07-closure-models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added flow models for non-member `withUnsafePointer` and similar functions. -* Added flow models for `withMemoryRebound`, `assumingMemoryBound` and `bindMemory` member functions of library pointer classes. diff --git a/swift/ql/lib/change-notes/2023-12-08-pointermodels.md b/swift/ql/lib/change-notes/2023-12-08-pointermodels.md deleted file mode 100644 index 18073fc0476..00000000000 --- a/swift/ql/lib/change-notes/2023-12-08-pointermodels.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Expanded flow models for `UnsafePointer` and similar classes. diff --git a/swift/ql/lib/change-notes/released/0.3.6.md b/swift/ql/lib/change-notes/released/0.3.6.md new file mode 100644 index 00000000000..0aa8cf50fde --- /dev/null +++ b/swift/ql/lib/change-notes/released/0.3.6.md @@ -0,0 +1,10 @@ +## 0.3.6 + +### Minor Analysis Improvements + +* Expanded flow models for `UnsafePointer` and similar classes. +* Added flow models for non-member `withUnsafePointer` and similar functions. +* Added flow models for `withMemoryRebound`, `assumingMemoryBound` and `bindMemory` member functions of library pointer classes. +* Added a sensitive data model for `SecKeyCopyExternalRepresentation`. +* Added imprecise flow models for `append` and `insert` methods, and initializer calls with a `data` argument. +* Tyes for patterns are now included in the database and made available through the `Pattern::getType()` method. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 468917f2543..7bbaa8987dd 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.5 +lastReleaseVersion: 0.3.6 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 2a4fe611768..62e132acade 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.6-dev +version: 0.3.6 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 689f4e90b87..9ef92154676 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.3.6 + +### Minor Analysis Improvements + +* Added additional sinks for the "Cleartext logging of sensitive information" (`swift/cleartext-logging`) query. Some of these sinks are heuristic (imprecise) in nature. + ## 0.3.5 No user-facing changes. diff --git a/swift/ql/src/change-notes/2023-11-20-cleartext-logging.md b/swift/ql/src/change-notes/released/0.3.6.md similarity index 80% rename from swift/ql/src/change-notes/2023-11-20-cleartext-logging.md rename to swift/ql/src/change-notes/released/0.3.6.md index 83ecd0fd182..e9bea70df8b 100644 --- a/swift/ql/src/change-notes/2023-11-20-cleartext-logging.md +++ b/swift/ql/src/change-notes/released/0.3.6.md @@ -1,5 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.3.6 + +### Minor Analysis Improvements * Added additional sinks for the "Cleartext logging of sensitive information" (`swift/cleartext-logging`) query. Some of these sinks are heuristic (imprecise) in nature. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 468917f2543..7bbaa8987dd 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.5 +lastReleaseVersion: 0.3.6 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 180db628f9e..686a82482a9 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.6-dev +version: 0.3.6 groups: - swift - queries