mirror of
https://github.com/github/codeql.git
synced 2026-02-11 20:51:06 +01:00
Merge branch 'main' into azure_python_sdk_url_summary_upstream
This commit is contained in:
Ben Rodes
@@ -1,3 +1,9 @@
|
||||
## 0.4.27
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a crash when analysing a `${{ ... }}` expression over around 300 characters in length.
|
||||
|
||||
## 0.4.26
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
## 0.4.27
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a crash when analysing a `${{ ... }}` expression over around 300 characters in length.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.4.26
|
||||
lastReleaseVersion: 0.4.27
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-all
|
||||
version: 0.4.27-dev
|
||||
version: 0.4.28-dev
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.6.19
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.18
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
actions/ql/src/change-notes/released/0.6.19.md
Normal file
3
actions/ql/src/change-notes/released/0.6.19.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.6.19
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.18
|
||||
lastReleaseVersion: 0.6.19
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-queries
|
||||
version: 0.6.19-dev
|
||||
version: 0.6.20-dev
|
||||
library: false
|
||||
warnOnImplicitThis: true
|
||||
groups: [actions, queries]
|
||||
|
||||
@@ -1,3 +1,21 @@
|
||||
## 7.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a subclass `Embed` of `PreprocessorDirective` for C23 and C++26 `#embed` preprocessor directives.
|
||||
* Added modules `DataFlow::ParameterizedBarrierGuard` and `DataFlow::ParameterizedInstructionBarrierGuard`. These modules provide the same features as `DataFlow::BarrierGuard` and `DataFlow::InstructionBarrierGuard`, but allow for an additional parameter to support properly using them in dataflow configurations that uses flow states.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `Buffer.qll` library will no longer report incorrect buffer sizes on certain malformed databases. As a result, the queries `cpp/static-buffer-overflow`, `cpp/overflow-buffer`, `cpp/badly-bounded-write`, `cpp/overrunning-write`, `cpp/overrunning-write-with-float`, and `cpp/very-likely-overrunning-write` will report fewer false positives on such databases.
|
||||
* Added `taint` summary models and `sql-injection` barrier models for the MySQL `mysql_real_escape_string` and `mysql_real_escape_string_quote` escaping functions.
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a bug in the `GuardCondition` library which sometimes prevented binary logical operators from being recognized as guard conditions. As a result, queries using `GuardCondition` may see improved results.
|
||||
* Fixed a bug which caused `Node.asDefinition()` to not have a result for certain assignments.
|
||||
|
||||
## 7.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a subclass `Embed` of `PreprocessorDirective` for C23 and C++26 `#embed` preprocessor directives.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added modules `DataFlow::ParameterizedBarrierGuard` and `DataFlow::ParameterizedInstructionBarrierGuard`. These modules provide the same features as `DataFlow::BarrierGuard` and `DataFlow::InstructionBarrierGuard`, but allow for an additional parameter to support properly using them in dataflow configurations that uses flow states.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed a bug which caused `Node.asDefinition()` to not have a result for certain assignments.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `taint` summary models and `sql-injection` barrier models for the mySQL `mysql_real_escape_string` and `mysql_real_escape_string_quote` escaping functions.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `Buffer.qll` library will no longer report incorrect buffer sizes on certain malformed databases. As a result, the queries `cpp/static-buffer-overflow`, `cpp/overflow-buffer`, `cpp/badly-bounded-write`, `cpp/overrunning-write`, `cpp/overrunning-write-with-float`, and `cpp/very-likely-overrunning-write` will report fewer false positives on such databases.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed a bug in the `GuardCondition` library which sometimes prevented binary logical operators from being recognized as guard conditions. As a result, queries using `GuardCondition` may see improved results.
|
||||
17
cpp/ql/lib/change-notes/released/7.1.0.md
Normal file
17
cpp/ql/lib/change-notes/released/7.1.0.md
Normal file
@@ -0,0 +1,17 @@
|
||||
## 7.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a subclass `Embed` of `PreprocessorDirective` for C23 and C++26 `#embed` preprocessor directives.
|
||||
* Added modules `DataFlow::ParameterizedBarrierGuard` and `DataFlow::ParameterizedInstructionBarrierGuard`. These modules provide the same features as `DataFlow::BarrierGuard` and `DataFlow::InstructionBarrierGuard`, but allow for an additional parameter to support properly using them in dataflow configurations that uses flow states.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `Buffer.qll` library will no longer report incorrect buffer sizes on certain malformed databases. As a result, the queries `cpp/static-buffer-overflow`, `cpp/overflow-buffer`, `cpp/badly-bounded-write`, `cpp/overrunning-write`, `cpp/overrunning-write-with-float`, and `cpp/very-likely-overrunning-write` will report fewer false positives on such databases.
|
||||
* Added `taint` summary models and `sql-injection` barrier models for the MySQL `mysql_real_escape_string` and `mysql_real_escape_string_quote` escaping functions.
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a bug in the `GuardCondition` library which sometimes prevented binary logical operators from being recognized as guard conditions. As a result, queries using `GuardCondition` may see improved results.
|
||||
* Fixed a bug which caused `Node.asDefinition()` to not have a result for certain assignments.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.0.0
|
||||
lastReleaseVersion: 7.1.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 7.0.1-dev
|
||||
version: 7.1.1-dev
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.5.10
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.5.9
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
3
cpp/ql/src/change-notes/released/1.5.10.md
Normal file
3
cpp/ql/src/change-notes/released/1.5.10.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.5.10
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.5.9
|
||||
lastReleaseVersion: 1.5.10
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.5.10-dev
|
||||
version: 1.5.11-dev
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.58
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.57
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.58
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.57
|
||||
lastReleaseVersion: 1.7.58
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.58-dev
|
||||
version: 1.7.59-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.58
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.57
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.58
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.57
|
||||
lastReleaseVersion: 1.7.58
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.58-dev
|
||||
version: 1.7.59-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 5.4.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
* C# 14: Support for null-conditional assignments (such as `c?.Prop = p`). Furthermore, the `MaybeNullExpr` class now takes null-conditional access (such as `?.`) into account when modeling potential null values.
|
||||
|
||||
## 5.4.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* C# 14: Support for null-conditional assignments (such as `c?.Prop = p`). Furthermore, the `MaybeNullExpr` class now takes null-conditional access (such as `?.`) into account when modeling potential null values.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
6
csharp/ql/lib/change-notes/released/5.4.6.md
Normal file
6
csharp/ql/lib/change-notes/released/5.4.6.md
Normal file
@@ -0,0 +1,6 @@
|
||||
## 5.4.6
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
* C# 14: Support for null-conditional assignments (such as `c?.Prop = p`). Furthermore, the `MaybeNullExpr` class now takes null-conditional access (such as `?.`) into account when modeling potential null values.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.4.5
|
||||
lastReleaseVersion: 5.4.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 5.4.6-dev
|
||||
version: 5.4.7-dev
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.6.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.6.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
3
csharp/ql/src/change-notes/released/1.6.1.md
Normal file
3
csharp/ql/src/change-notes/released/1.6.1.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.6.1
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.0
|
||||
lastReleaseVersion: 1.6.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.6.1-dev
|
||||
version: 1.6.2-dev
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -568,3 +568,25 @@ func EmitExtractionFailedForProjects(path []string) {
|
||||
noLocation,
|
||||
)
|
||||
}
|
||||
|
||||
func EmitPrivateRegistryUsed(writer DiagnosticsWriter, configs []string) {
|
||||
n := len(configs)
|
||||
lines := make([]string, n)
|
||||
|
||||
for i := range configs {
|
||||
lines[i] = fmt.Sprintf("* %s", configs[i])
|
||||
}
|
||||
|
||||
emitDiagnosticTo(
|
||||
writer,
|
||||
"go/autobuilder/analysis-using-private-registries",
|
||||
"Go extraction used private package registries",
|
||||
fmt.Sprintf(
|
||||
"Go was extracted using the following private package registr%s:\n\n%s\n",
|
||||
plural(n, "y", "ies"),
|
||||
strings.Join(lines, "\n")),
|
||||
severityNote,
|
||||
fullVisibility,
|
||||
noLocation,
|
||||
)
|
||||
}
|
||||
|
||||
@@ -83,3 +83,46 @@ func Test_EmitCannotFindPackages_Actions(t *testing.T) {
|
||||
// Custom build command suggestion
|
||||
assert.Contains(t, d.MarkdownMessage, "If any of the packages are already present in the repository")
|
||||
}
|
||||
|
||||
func Test_EmitPrivateRegistryUsed_Single(t *testing.T) {
|
||||
writer := newMemoryDiagnosticsWriter()
|
||||
|
||||
testItems := []string{
|
||||
"https://github.com/github/example (Git Source)",
|
||||
}
|
||||
|
||||
EmitPrivateRegistryUsed(writer, testItems)
|
||||
|
||||
assert.Len(t, writer.diagnostics, 1, "Expected one diagnostic to be emitted")
|
||||
|
||||
d := writer.diagnostics[0]
|
||||
assert.Equal(t, d.Source.Id, "go/autobuilder/analysis-using-private-registries")
|
||||
assert.Equal(t, d.Severity, string(severityNote))
|
||||
assert.Contains(t, d.MarkdownMessage, "following private package registry")
|
||||
|
||||
for i := range testItems {
|
||||
assert.Contains(t, d.MarkdownMessage, testItems[i])
|
||||
}
|
||||
}
|
||||
|
||||
func Test_EmitPrivateRegistryUsed_Multiple(t *testing.T) {
|
||||
writer := newMemoryDiagnosticsWriter()
|
||||
|
||||
testItems := []string{
|
||||
"https://github.com/github/example (Git Source)",
|
||||
"https://example.com/goproxy (GOPROXY Server)",
|
||||
}
|
||||
|
||||
EmitPrivateRegistryUsed(writer, testItems)
|
||||
|
||||
assert.Len(t, writer.diagnostics, 1, "Expected one diagnostic to be emitted")
|
||||
|
||||
d := writer.diagnostics[0]
|
||||
assert.Equal(t, d.Source.Id, "go/autobuilder/analysis-using-private-registries")
|
||||
assert.Equal(t, d.Severity, string(severityNote))
|
||||
assert.Contains(t, d.MarkdownMessage, "following private package registries")
|
||||
|
||||
for i := range testItems {
|
||||
assert.Contains(t, d.MarkdownMessage, testItems[i])
|
||||
}
|
||||
}
|
||||
|
||||
17
go/extractor/registries/BUILD.bazel
generated
Normal file
17
go/extractor/registries/BUILD.bazel
generated
Normal file
@@ -0,0 +1,17 @@
|
||||
# generated running `bazel run //go/gazelle`, do not edit
|
||||
|
||||
load("@rules_go//go:def.bzl", "go_library", "go_test")
|
||||
|
||||
go_library(
|
||||
name = "registries",
|
||||
srcs = ["registryproxy.go"],
|
||||
importpath = "github.com/github/codeql-go/extractor/registries",
|
||||
visibility = ["//visibility:public"],
|
||||
deps = ["//go/extractor/diagnostics"],
|
||||
)
|
||||
|
||||
go_test(
|
||||
name = "registries_test",
|
||||
srcs = ["registryproxy_test.go"],
|
||||
embed = [":registries"],
|
||||
)
|
||||
@@ -1,4 +1,4 @@
|
||||
package util
|
||||
package registries
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
@@ -8,6 +8,8 @@ import (
|
||||
"os"
|
||||
"os/exec"
|
||||
"strings"
|
||||
|
||||
"github.com/github/codeql-go/extractor/diagnostics"
|
||||
)
|
||||
|
||||
const PROXY_HOST = "CODEQL_PROXY_HOST"
|
||||
@@ -22,6 +24,19 @@ type RegistryConfig struct {
|
||||
URL string `json:"url"`
|
||||
}
|
||||
|
||||
func (config *RegistryConfig) Pretty() string {
|
||||
pretty_type := "other"
|
||||
|
||||
switch config.Type {
|
||||
case GIT_SOURCE:
|
||||
pretty_type = "Git Source"
|
||||
case GOPROXY_SERVER:
|
||||
pretty_type = "GOPROXY Server"
|
||||
}
|
||||
|
||||
return fmt.Sprintf("`%s` (%s)", config.URL, pretty_type)
|
||||
}
|
||||
|
||||
// The address of the proxy including protocol and port (e.g. http://localhost:1234)
|
||||
var proxy_address string
|
||||
|
||||
@@ -97,24 +112,40 @@ func getEnvVars() []string {
|
||||
if err != nil {
|
||||
slog.Error("Unable to parse proxy configurations", slog.String("error", err.Error()))
|
||||
} else {
|
||||
activeConfigs := make([]RegistryConfig, 0, len(val))
|
||||
|
||||
// We only care about private registry configurations that are relevant to Go and
|
||||
// filter others out at this point.
|
||||
for _, cfg := range val {
|
||||
if cfg.Type == GOPROXY_SERVER {
|
||||
goproxy_servers = append(goproxy_servers, cfg.URL)
|
||||
slog.Info("Found GOPROXY server", slog.String("url", cfg.URL))
|
||||
activeConfigs = append(activeConfigs, cfg)
|
||||
} else if cfg.Type == GIT_SOURCE {
|
||||
parsed, err := url.Parse(cfg.URL)
|
||||
if err == nil && parsed.Hostname() != "" {
|
||||
git_source := parsed.Hostname() + parsed.Path + "*"
|
||||
git_sources = append(git_sources, git_source)
|
||||
slog.Info("Found Git source", slog.String("source", git_source))
|
||||
activeConfigs = append(activeConfigs, cfg)
|
||||
} else {
|
||||
slog.Warn("Not a valid URL for Git source", slog.String("url", cfg.URL))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Emit a diagnostic to make it easy for users to see that private registry
|
||||
// configurations were picked up by the Go analysis.
|
||||
if len(activeConfigs) > 0 {
|
||||
prettyConfigs := []string{}
|
||||
for i := range activeConfigs {
|
||||
prettyConfigs = append(prettyConfigs, activeConfigs[i].Pretty())
|
||||
}
|
||||
|
||||
diagnostics.EmitPrivateRegistryUsed(diagnostics.DefaultWriter, prettyConfigs)
|
||||
}
|
||||
|
||||
// Assemble environment variables for Go.
|
||||
goprivate := []string{}
|
||||
|
||||
if len(goproxy_servers) > 0 {
|
||||
@@ -1,4 +1,4 @@
|
||||
package util
|
||||
package registries
|
||||
|
||||
import (
|
||||
"testing"
|
||||
5
go/extractor/toolchain/BUILD.bazel
generated
5
go/extractor/toolchain/BUILD.bazel
generated
@@ -7,7 +7,10 @@ go_library(
|
||||
srcs = ["toolchain.go"],
|
||||
importpath = "github.com/github/codeql-go/extractor/toolchain",
|
||||
visibility = ["//visibility:public"],
|
||||
deps = ["//go/extractor/util"],
|
||||
deps = [
|
||||
"//go/extractor/registries",
|
||||
"//go/extractor/util",
|
||||
],
|
||||
)
|
||||
|
||||
go_test(
|
||||
|
||||
@@ -10,6 +10,7 @@ import (
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/github/codeql-go/extractor/registries"
|
||||
"github.com/github/codeql-go/extractor/util"
|
||||
)
|
||||
|
||||
@@ -140,7 +141,7 @@ func SupportsWorkspaces() bool {
|
||||
// Constructs a `*exec.Cmd` for `go` with the specified arguments.
|
||||
func GoCommand(arg ...string) *exec.Cmd {
|
||||
cmd := exec.Command("go", arg...)
|
||||
util.ApplyProxyEnvVars(cmd)
|
||||
registries.ApplyProxyEnvVars(cmd)
|
||||
return cmd
|
||||
}
|
||||
|
||||
|
||||
2
go/extractor/util/BUILD.bazel
generated
2
go/extractor/util/BUILD.bazel
generated
@@ -8,7 +8,6 @@ go_library(
|
||||
"extractvendordirs.go",
|
||||
"logging.go",
|
||||
"overlays.go",
|
||||
"registryproxy.go",
|
||||
"semver.go",
|
||||
"util.go",
|
||||
],
|
||||
@@ -21,7 +20,6 @@ go_test(
|
||||
name = "util_test",
|
||||
srcs = [
|
||||
"logging_test.go",
|
||||
"registryproxy_test.go",
|
||||
"semver_test.go",
|
||||
"util_test.go",
|
||||
],
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.41
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.40
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.0.41
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.40
|
||||
lastReleaseVersion: 1.0.41
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.41-dev
|
||||
version: 1.0.42-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 6.0.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* The `BasicBlock` class is now defined using the shared basic blocks library. `BasicBlock.getRoot` has been replaced by `BasicBlock.getScope`. `BasicBlock.getAPredecessor` and `BasicBlock.getASuccessor` now take a `SuccessorType` argument. `ReachableJoinBlock.inDominanceFrontierOf` has been removed, so use `BasicBlock.inDominanceFrontier` instead, swapping the receiver and the argument.
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 6.0.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 6.0.0
|
||||
lastReleaseVersion: 6.0.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 6.0.1-dev
|
||||
version: 6.0.2-dev
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
@@ -7,6 +7,7 @@ library: true
|
||||
upgrades: upgrades
|
||||
dependencies:
|
||||
codeql/concepts: ${workspace}
|
||||
codeql/controlflow: ${workspace}
|
||||
codeql/dataflow: ${workspace}
|
||||
codeql/mad: ${workspace}
|
||||
codeql/threat-models: ${workspace}
|
||||
|
||||
@@ -4,140 +4,53 @@
|
||||
|
||||
import go
|
||||
private import ControlFlowGraphImpl
|
||||
private import codeql.controlflow.BasicBlock as BB
|
||||
private import codeql.controlflow.SuccessorType
|
||||
|
||||
/**
|
||||
* Holds if `nd` starts a new basic block.
|
||||
*/
|
||||
private predicate startsBB(ControlFlow::Node nd) {
|
||||
count(nd.getAPredecessor()) != 1
|
||||
private module Input implements BB::InputSig<Location> {
|
||||
/** A delineated part of the AST with its own CFG. */
|
||||
class CfgScope = ControlFlow::Root;
|
||||
|
||||
/** The class of control flow nodes. */
|
||||
class Node = ControlFlowNode;
|
||||
|
||||
/** Gets the CFG scope in which this node occurs. */
|
||||
CfgScope nodeGetCfgScope(Node node) { node.getRoot() = result }
|
||||
|
||||
/** Gets an immediate successor of this node. */
|
||||
Node nodeGetASuccessor(Node node, SuccessorType t) {
|
||||
result = node.getASuccessor() and
|
||||
(
|
||||
not result instanceof ControlFlow::ConditionGuardNode and t instanceof DirectSuccessor
|
||||
or
|
||||
t.(BooleanSuccessor).getValue() = result.(ControlFlow::ConditionGuardNode).getOutcome()
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` represents an entry node to be used when calculating
|
||||
* dominance.
|
||||
*/
|
||||
predicate nodeIsDominanceEntry(Node node) { node instanceof EntryNode }
|
||||
|
||||
/**
|
||||
* Holds if `node` represents an exit node to be used when calculating
|
||||
* post dominance.
|
||||
*/
|
||||
predicate nodeIsPostDominanceExit(Node node) { node instanceof ExitNode }
|
||||
}
|
||||
|
||||
private module BbImpl = BB::Make<Location, Input>;
|
||||
|
||||
class BasicBlock = BbImpl::BasicBlock;
|
||||
|
||||
class EntryBasicBlock = BbImpl::EntryBasicBlock;
|
||||
|
||||
cached
|
||||
private predicate reachableBB(BasicBlock bb) {
|
||||
bb instanceof EntryBasicBlock
|
||||
or
|
||||
nd.getAPredecessor().isBranch()
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if the first node of basic block `succ` is a control flow
|
||||
* successor of the last node of basic block `bb`.
|
||||
*/
|
||||
private predicate succBB(BasicBlock bb, BasicBlock succ) { succ = bb.getLastNode().getASuccessor() }
|
||||
|
||||
/**
|
||||
* Holds if the first node of basic block `bb` is a control flow
|
||||
* successor of the last node of basic block `pre`.
|
||||
*/
|
||||
private predicate predBB(BasicBlock bb, BasicBlock pre) { succBB(pre, bb) }
|
||||
|
||||
/** Holds if `bb` is an entry basic block. */
|
||||
private predicate entryBB(BasicBlock bb) { bb.getFirstNode().isEntryNode() }
|
||||
|
||||
/** Holds if `bb` is an exit basic block. */
|
||||
private predicate exitBB(BasicBlock bb) { bb.getLastNode().isExitNode() }
|
||||
|
||||
cached
|
||||
private module Internal {
|
||||
/**
|
||||
* Holds if `succ` is a control flow successor of `nd` within the same basic block.
|
||||
*/
|
||||
private predicate intraBBSucc(ControlFlow::Node nd, ControlFlow::Node succ) {
|
||||
succ = nd.getASuccessor() and
|
||||
not startsBB(succ)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `nd` is the `i`th node in basic block `bb`.
|
||||
*
|
||||
* In other words, `i` is the shortest distance from a node `bb`
|
||||
* that starts a basic block to `nd` along the `intraBBSucc` relation.
|
||||
*/
|
||||
cached
|
||||
predicate bbIndex(BasicBlock bb, ControlFlow::Node nd, int i) =
|
||||
shortestDistances(startsBB/1, intraBBSucc/2)(bb, nd, i)
|
||||
|
||||
cached
|
||||
int bbLength(BasicBlock bb) { result = strictcount(ControlFlow::Node nd | bbIndex(bb, nd, _)) }
|
||||
|
||||
cached
|
||||
predicate reachableBB(BasicBlock bb) {
|
||||
entryBB(bb)
|
||||
or
|
||||
exists(BasicBlock predBB | succBB(predBB, bb) | reachableBB(predBB))
|
||||
}
|
||||
}
|
||||
|
||||
private import Internal
|
||||
|
||||
/** Holds if `dom` is an immediate dominator of `bb`. */
|
||||
cached
|
||||
private predicate bbIDominates(BasicBlock dom, BasicBlock bb) =
|
||||
idominance(entryBB/1, succBB/2)(_, dom, bb)
|
||||
|
||||
/** Holds if `dom` is an immediate post-dominator of `bb`. */
|
||||
cached
|
||||
private predicate bbIPostDominates(BasicBlock dom, BasicBlock bb) =
|
||||
idominance(exitBB/1, predBB/2)(_, dom, bb)
|
||||
|
||||
/**
|
||||
* A basic block, that is, a maximal straight-line sequence of control flow nodes
|
||||
* without branches or joins.
|
||||
*
|
||||
* At the database level, a basic block is represented by its first control flow node.
|
||||
*/
|
||||
class BasicBlock extends TControlFlowNode {
|
||||
BasicBlock() { startsBB(this) }
|
||||
|
||||
/** Gets a basic block succeeding this one. */
|
||||
BasicBlock getASuccessor() { succBB(this, result) }
|
||||
|
||||
/** Gets a basic block preceding this one. */
|
||||
BasicBlock getAPredecessor() { result.getASuccessor() = this }
|
||||
|
||||
/** Gets a node in this block. */
|
||||
ControlFlow::Node getANode() { result = this.getNode(_) }
|
||||
|
||||
/** Gets the node at the given position in this block. */
|
||||
ControlFlow::Node getNode(int pos) { bbIndex(this, result, pos) }
|
||||
|
||||
/** Gets the first node in this block. */
|
||||
ControlFlow::Node getFirstNode() { result = this }
|
||||
|
||||
/** Gets the last node in this block. */
|
||||
ControlFlow::Node getLastNode() { result = this.getNode(this.length() - 1) }
|
||||
|
||||
/** Gets the length of this block. */
|
||||
int length() { result = bbLength(this) }
|
||||
|
||||
/** Gets the basic block that immediately dominates this basic block. */
|
||||
ReachableBasicBlock getImmediateDominator() { bbIDominates(result, this) }
|
||||
|
||||
/** Gets the innermost function or file to which this basic block belongs. */
|
||||
ControlFlow::Root getRoot() { result = this.getFirstNode().getRoot() }
|
||||
|
||||
/** Gets a textual representation of this basic block. */
|
||||
string toString() { result = "basic block" }
|
||||
|
||||
/** Gets the source location for this element. */
|
||||
Location getLocation() { result = this.getFirstNode().getLocation() }
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `getLocation()` instead.
|
||||
*
|
||||
* Holds if this basic block is at the specified location.
|
||||
* The location spans column `startcolumn` of line `startline` to
|
||||
* column `endcolumn` of line `endline` in file `filepath`.
|
||||
* For more information, see
|
||||
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
|
||||
*/
|
||||
deprecated predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) {
|
||||
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* An entry basic block, that is, a basic block whose first node is an entry node.
|
||||
*/
|
||||
class EntryBasicBlock extends BasicBlock {
|
||||
EntryBasicBlock() { entryBB(this) }
|
||||
exists(BasicBlock predBB | predBB.getASuccessor(_) = bb | reachableBB(predBB))
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -145,38 +58,6 @@ class EntryBasicBlock extends BasicBlock {
|
||||
*/
|
||||
class ReachableBasicBlock extends BasicBlock {
|
||||
ReachableBasicBlock() { reachableBB(this) }
|
||||
|
||||
/**
|
||||
* Holds if this basic block strictly dominates `bb`.
|
||||
*/
|
||||
cached
|
||||
predicate strictlyDominates(ReachableBasicBlock bb) { bbIDominates+(this, bb) }
|
||||
|
||||
/**
|
||||
* Holds if this basic block dominates `bb`.
|
||||
*
|
||||
* This predicate is reflexive: each reachable basic block dominates itself.
|
||||
*/
|
||||
predicate dominates(ReachableBasicBlock bb) {
|
||||
bb = this or
|
||||
this.strictlyDominates(bb)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if this basic block strictly post-dominates `bb`.
|
||||
*/
|
||||
cached
|
||||
predicate strictlyPostDominates(ReachableBasicBlock bb) { bbIPostDominates+(this, bb) }
|
||||
|
||||
/**
|
||||
* Holds if this basic block post-dominates `bb`.
|
||||
*
|
||||
* This predicate is reflexive: each reachable basic block post-dominates itself.
|
||||
*/
|
||||
predicate postDominates(ReachableBasicBlock bb) {
|
||||
bb = this or
|
||||
this.strictlyPostDominates(bb)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -184,21 +65,4 @@ class ReachableBasicBlock extends BasicBlock {
|
||||
*/
|
||||
class ReachableJoinBlock extends ReachableBasicBlock {
|
||||
ReachableJoinBlock() { this.getFirstNode().isJoin() }
|
||||
|
||||
/**
|
||||
* Holds if this basic block belongs to the dominance frontier of `b`, that is
|
||||
* `b` dominates a predecessor of this block, but not this block itself.
|
||||
*
|
||||
* Algorithm from Cooper et al., "A Simple, Fast Dominance Algorithm" (Figure 5),
|
||||
* who in turn attribute it to Ferrante et al., "The program dependence graph and
|
||||
* its use in optimization".
|
||||
*/
|
||||
predicate inDominanceFrontierOf(ReachableBasicBlock b) {
|
||||
b = this.getAPredecessor() and not b = this.getImmediateDominator()
|
||||
or
|
||||
exists(ReachableBasicBlock prev | this.inDominanceFrontierOf(prev) |
|
||||
b = prev.getImmediateDominator() and
|
||||
not b = this.getImmediateDominator()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -313,6 +313,9 @@ module ControlFlow {
|
||||
*/
|
||||
Expr getCondition() { result = cond }
|
||||
|
||||
/** Gets the value of the condition that this node corresponds to. */
|
||||
boolean getOutcome() { result = outcome }
|
||||
|
||||
override Root getRoot() { result.isRootOf(cond) }
|
||||
|
||||
override string toString() { result = cond + " is " + outcome }
|
||||
@@ -350,4 +353,6 @@ module ControlFlow {
|
||||
}
|
||||
}
|
||||
|
||||
class ControlFlowNode = ControlFlow::Node;
|
||||
|
||||
class Write = ControlFlow::WriteNode;
|
||||
|
||||
@@ -144,7 +144,7 @@ class SsaDefinition extends TSsaDefinition {
|
||||
abstract string prettyPrintRef();
|
||||
|
||||
/** Gets the innermost function or file to which this SSA definition belongs. */
|
||||
ControlFlow::Root getRoot() { result = this.getBasicBlock().getRoot() }
|
||||
ControlFlow::Root getRoot() { result = this.getBasicBlock().getScope() }
|
||||
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString() { result = this.prettyPrintDef() }
|
||||
@@ -285,7 +285,7 @@ abstract class SsaPseudoDefinition extends SsaImplicitDefinition {
|
||||
*/
|
||||
class SsaPhiNode extends SsaPseudoDefinition, TPhi {
|
||||
override SsaVariable getAnInput() {
|
||||
result = getDefReachingEndOf(this.getBasicBlock().getAPredecessor(), this.getSourceVariable())
|
||||
result = getDefReachingEndOf(this.getBasicBlock().getAPredecessor(_), this.getSourceVariable())
|
||||
}
|
||||
|
||||
override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
|
||||
|
||||
@@ -71,7 +71,7 @@ private module Internal {
|
||||
private predicate inDefDominanceFrontier(ReachableJoinBlock bb, SsaSourceVariable v) {
|
||||
exists(ReachableBasicBlock defbb, SsaDefinition def |
|
||||
def.definesAt(defbb, _, v) and
|
||||
bb.inDominanceFrontierOf(defbb)
|
||||
defbb.inDominanceFrontier(bb)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -86,7 +86,7 @@ private module Internal {
|
||||
|
||||
/** Holds if the `i`th node of `bb` in function `f` is an entry node. */
|
||||
private predicate entryNode(FuncDef f, ReachableBasicBlock bb, int i) {
|
||||
f = bb.getRoot() and
|
||||
f = bb.getScope() and
|
||||
bb.getNode(i).isEntryNode()
|
||||
}
|
||||
|
||||
@@ -94,7 +94,7 @@ private module Internal {
|
||||
* Holds if the `i`th node of `bb` in function `f` is a function call.
|
||||
*/
|
||||
private predicate callNode(FuncDef f, ReachableBasicBlock bb, int i) {
|
||||
f = bb.getRoot() and
|
||||
f = bb.getScope() and
|
||||
bb.getNode(i).(IR::EvalInstruction).getExpr() instanceof CallExpr
|
||||
}
|
||||
|
||||
@@ -186,7 +186,7 @@ private module Internal {
|
||||
* Holds if `v` is live at the beginning of any successor of basic block `bb`.
|
||||
*/
|
||||
private predicate liveAtSuccEntry(ReachableBasicBlock bb, SsaSourceVariable v) {
|
||||
liveAtEntry(bb.getASuccessor(), v)
|
||||
liveAtEntry(bb.getASuccessor(_), v)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -317,7 +317,7 @@ private module Internal {
|
||||
SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
|
||||
) {
|
||||
varOccursInBlock(v, b1) and
|
||||
b2 = b1.getASuccessor()
|
||||
b2 = b1.getASuccessor(_)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -335,7 +335,7 @@ private module Internal {
|
||||
) {
|
||||
varBlockReaches(v, b1, mid) and
|
||||
not varOccursInBlock(v, mid) and
|
||||
b2 = mid.getASuccessor()
|
||||
b2 = mid.getASuccessor(_)
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.5.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.5.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -45,7 +45,7 @@ predicate writesHttpError(ReachableBasicBlock b) {
|
||||
predicate onlyErrors(BasicBlock block) {
|
||||
writesHttpError(block)
|
||||
or
|
||||
forex(ReachableBasicBlock pred | pred = block.getAPredecessor() | onlyErrors(pred))
|
||||
forex(ReachableBasicBlock pred | pred = block.getAPredecessor(_) | onlyErrors(pred))
|
||||
}
|
||||
|
||||
/** Gets a node that refers to a handler that is considered to return an HTTP error. */
|
||||
|
||||
3
go/ql/src/change-notes/released/1.5.5.md
Normal file
3
go/ql/src/change-notes/released/1.5.5.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.5.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.5.4
|
||||
lastReleaseVersion: 1.5.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.5.5-dev
|
||||
version: 1.5.6-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,24 @@
|
||||
## 8.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Support for Kotlin 1.6.x and 1.7.x series has been dropped
|
||||
|
||||
### New Features
|
||||
|
||||
* Kotlin versions up to 2.3.0*x* are now supported.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added support for Struts 7.x package names in the Struts framework library. The library now recognizes both the legacy `com.opensymphony.xwork2` package names (Struts 2.x-6.x) and the new `org.apache.struts2` package names (Struts 7.x+), maintaining backward compatibility while enabling analysis of code using the latest Struts versions.
|
||||
* The query `java/unreleased-lock` no longer applies to lock types with names ending in "Pool", as these typically manage a collection of resources and the `lock` and `unlock` methods typically only lock one resource at a time. This may lead to a reduction in false positives.
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
* When Maven-compatible private package registries are configured for an organisation for Default Setup, CodeQL will now configure Maven to also use these as plugin repositories. CodeQL previously already configured Maven to use them as regular package repositories. This should now allow Maven plugins to be obtained from private registries.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Kotlin: The Kotlin extractor now registers as the last IR generation extension, ensuring that code generated by other compiler plugins (such as kotlinx.serialization) is correctly captured.
|
||||
|
||||
## 7.8.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
@@ -77,7 +98,7 @@ No user-facing changes.
|
||||
|
||||
### New Features
|
||||
|
||||
* Kotlin versions up to 2.2.2\ *x* are now supported.
|
||||
* Kotlin versions up to 2.2.2*x* are now supported.
|
||||
|
||||
## 7.4.0
|
||||
|
||||
@@ -118,7 +139,7 @@ No user-facing changes.
|
||||
|
||||
### New Features
|
||||
|
||||
* Kotlin versions up to 2.2.0\ *x* are now supported. Support for the Kotlin 1.5.x series is dropped (so the minimum Kotlin version is now 1.6.0).
|
||||
* Kotlin versions up to 2.2.0*x* are now supported. Support for the Kotlin 1.5.x series is dropped (so the minimum Kotlin version is now 1.6.0).
|
||||
|
||||
## 7.1.4
|
||||
|
||||
@@ -255,7 +276,7 @@ No user-facing changes.
|
||||
### New Features
|
||||
|
||||
* The Java extractor and QL libraries now support Java 23.
|
||||
* Kotlin versions up to 2.1.0\ *x* are now supported.
|
||||
* Kotlin versions up to 2.1.0*x* are now supported.
|
||||
|
||||
## 4.0.0
|
||||
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Kotlin versions up to 2.3.0\ *x* are now supported.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* Support for Kotlin 1.6.x and 1.7.x series has been dropped
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* When Maven-compatible private package registries are configured for an organisation for Default Setup, CodeQL will now configure Maven to also use these as plugin repositories. CodeQL previously already configured Maven to use them as regular package repositories. This should now allow Maven plugins to be obtained from private registries.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Kotlin: The Kotlin extractor now registers as the last IR generation extension, ensuring that code generated by other compiler plugins (such as kotlinx.serialization) is correctly captured.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added support for Struts 7.x package names in the Struts framework library. The library now recognizes both the legacy `com.opensymphony.xwork2` package names (Struts 2.x-6.x) and the new `org.apache.struts2` package names (Struts 7.x+), maintaining backward compatibility while enabling analysis of code using the latest Struts versions.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The query `java/unreleased-lock` no longer applies to lock types with names ending in "Pool", as these typically manage a collection of resources and the `lock` and `unlock` methods typically only lock one resource at a time. This may lead to a reduction in false positives.
|
||||
@@ -10,4 +10,4 @@
|
||||
### New Features
|
||||
|
||||
* The Java extractor and QL libraries now support Java 23.
|
||||
* Kotlin versions up to 2.1.0\ *x* are now supported.
|
||||
* Kotlin versions up to 2.1.0*x* are now supported.
|
||||
|
||||
@@ -2,4 +2,4 @@
|
||||
|
||||
### New Features
|
||||
|
||||
* Kotlin versions up to 2.2.0\ *x* are now supported. Support for the Kotlin 1.5.x series is dropped (so the minimum Kotlin version is now 1.6.0).
|
||||
* Kotlin versions up to 2.2.0*x* are now supported. Support for the Kotlin 1.5.x series is dropped (so the minimum Kotlin version is now 1.6.0).
|
||||
|
||||
@@ -2,4 +2,4 @@
|
||||
|
||||
### New Features
|
||||
|
||||
* Kotlin versions up to 2.2.2\ *x* are now supported.
|
||||
* Kotlin versions up to 2.2.2*x* are now supported.
|
||||
|
||||
20
java/ql/lib/change-notes/released/8.0.0.md
Normal file
20
java/ql/lib/change-notes/released/8.0.0.md
Normal file
@@ -0,0 +1,20 @@
|
||||
## 8.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* Support for Kotlin 1.6.x and 1.7.x series has been dropped
|
||||
|
||||
### New Features
|
||||
|
||||
* Kotlin versions up to 2.3.0 are now supported.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added support for Struts 7.x package names in the Struts framework library. The library now recognizes both the legacy `com.opensymphony.xwork2` package names (Struts 2.x-6.x) and the new `org.apache.struts2` package names (Struts 7.x+), maintaining backward compatibility while enabling analysis of code using the latest Struts versions.
|
||||
* The query `java/unreleased-lock` no longer applies to lock types with names ending in "Pool", as these typically manage a collection of resources and the `lock` and `unlock` methods typically only lock one resource at a time. This may lead to a reduction in false positives.
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
* When Maven-compatible private package registries are configured for an organisation for Default Setup, CodeQL will now configure Maven to also use these as plugin repositories. CodeQL previously already configured Maven to use them as regular package repositories. This should now allow Maven plugins to be obtained from private registries.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Kotlin: The Kotlin extractor now registers as the last IR generation extension, ensuring that code generated by other compiler plugins (such as kotlinx.serialization) is correctly captured.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.8.4
|
||||
lastReleaseVersion: 8.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 7.8.5-dev
|
||||
version: 8.0.1-dev
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.10.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.10.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
3
java/ql/src/change-notes/released/1.10.6.md
Normal file
3
java/ql/src/change-notes/released/1.10.6.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.10.6
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.10.5
|
||||
lastReleaseVersion: 1.10.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 1.10.6-dev
|
||||
version: 1.10.7-dev
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 2.6.21
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
|
||||
## 2.6.20
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 2.6.21
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.6.20
|
||||
lastReleaseVersion: 2.6.21
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 2.6.21-dev
|
||||
version: 2.6.22-dev
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 2.3.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 2.3.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
3
javascript/ql/src/change-notes/released/2.3.1.md
Normal file
3
javascript/ql/src/change-notes/released/2.3.1.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 2.3.1
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.3.0
|
||||
lastReleaseVersion: 2.3.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 2.3.1-dev
|
||||
version: 2.3.2-dev
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.41
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.40
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
misc/suite-helpers/change-notes/released/1.0.41.md
Normal file
3
misc/suite-helpers/change-notes/released/1.0.41.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.41
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.40
|
||||
lastReleaseVersion: 1.0.41
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: codeql/suite-helpers
|
||||
version: 1.0.41-dev
|
||||
version: 1.0.42-dev
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -1,3 +1,16 @@
|
||||
## 6.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
* It is now possible to refer to list elements in the Python models-as-data language, via the `ListElement` path.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
* Added experimental query `py/prompt-injection` to detect potential prompt injection vulnerabilities in code using LLMs.
|
||||
* Added taint flow model and type model for `agents` and `openai` modules.
|
||||
* Remote flow sources for the `websockets` package have been modeled.
|
||||
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Remote flow sources for the `websockets` package have been modeled.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added experimental query `py/prompt-injection` to detect potential prompt injection vulnerabilities in code using LLMs.
|
||||
* Added taint flow model and type model for `agents` and `openai` modules.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* It is now possible to refer to list elements in the Python models-as-data language, via the `ListElement` path.
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user