hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.8.4

Browse Source
This commit is contained in:
github-actions[bot]
2022-03-21 13:25:49 +00:00
parent c891c53835
commit dedc8c2254
90 changed files with 327 additions and 184 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,24 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* `DefaultOptions::exits` now holds for C11 functions with the `_Noreturn` or `noreturn` specifier.
* `hasImplicitCopyConstructor` and `hasImplicitCopyAssignmentOperator` now correctly handle implicitly-deleted operators in templates.
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
## 0.0.11 ## 0.0.11
### Minor Analysis Improvements ### Minor Analysis Improvements

4
cpp/ql/lib/change-notes/2022-02-07-deleted-deprecations.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

5
cpp/ql/lib/change-notes/2022-02-07-deprecated-acronyms.md
View File

@@ -1,5 +0,0 @@
---
category: deprecated
---
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

4
cpp/ql/lib/change-notes/2022-03-10-template-implicit-copy.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* `hasImplicitCopyConstructor` and `hasImplicitCopyAssignmentOperator` now correctly handle implicitly-deleted operators in templates.

4
cpp/ql/lib/change-notes/2022-03-14-c11-noreturn.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* `DefaultOptions::exits` now holds for C11 functions with the `_Noreturn` or `noreturn` specifier.

4
cpp/ql/lib/change-notes/2022-03-14-flow-state-barriers.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.

4
cpp/ql/lib/change-notes/2022-03-14-taint-interface-cleanup.md
View File

@@ -1,4 +0,0 @@
---
category: breaking
---
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.

20
cpp/ql/lib/change-notes/released/0.0.12.md Normal file
View File

@@ -0,0 +1,20 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* `DefaultOptions::exits` now holds for C11 functions with the `_Noreturn` or `noreturn` specifier.
* `hasImplicitCopyConstructor` and `hasImplicitCopyAssignmentOperator` now correctly handle implicitly-deleted operators in templates.
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.11 lastReleaseVersion: 0.0.12

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all name: codeql/cpp-all
version: 0.0.12-dev version: 0.0.12
groups: cpp groups: cpp
dbscheme: semmlecode.cpp.dbscheme dbscheme: semmlecode.cpp.dbscheme
extractor: cpp extractor: cpp

7
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 0.0.12
### Minor Analysis Improvements
* The `cpp/overflow-destination`, `cpp/unclear-array-index-validation`, and `cpp/uncontrolled-allocation-size` queries have been modernized and converted to `path-problem` queries and provide more true positive results.
* The `cpp/system-data-exposure` query has been increased from `medium` to `high` precision, following a number of improvements to the query logic.
## 0.0.11 ## 0.0.11
### Breaking Changes ### Breaking Changes

4
cpp/ql/src/change-notes/2022-03-07-system-data-exposure.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `cpp/system-data-exposure` query has been increased from `medium` to `high` precision, following a number of improvements to the query logic.

8
cpp/ql/src/change-notes/2022-03-10-port-three-queries-to-taint-tracking.md → cpp/ql/src/change-notes/released/0.0.12.md
View File

@@ -1,4 +1,6 @@
--- ## 0.0.12
category: minorAnalysis
--- ### Minor Analysis Improvements
* The `cpp/overflow-destination`, `cpp/unclear-array-index-validation`, and `cpp/uncontrolled-allocation-size` queries have been modernized and converted to `path-problem` queries and provide more true positive results. * The `cpp/overflow-destination`, `cpp/unclear-array-index-validation`, and `cpp/uncontrolled-allocation-size` queries have been modernized and converted to `path-problem` queries and provide more true positive results.
* The `cpp/system-data-exposure` query has been increased from `medium` to `high` precision, following a number of improvements to the query logic.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.11 lastReleaseVersion: 0.0.12

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries name: codeql/cpp-queries
version: 0.0.12-dev version: 0.0.12
groups: groups:
- cpp - cpp
- queries - queries

2
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,5 @@
## 1.0.6
## 1.0.5 ## 1.0.5
## 1.0.4 ## 1.0.4

1
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.6.md Normal file
View File

@@ -0,0 +1 @@
## 1.0.6

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 1.0.5 lastReleaseVersion: 1.0.6

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all name: codeql/csharp-solorigate-all
version: 1.0.6-dev version: 1.0.6
groups: groups:
- csharp - csharp
- solorigate - solorigate

2
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,5 @@
## 1.0.6
## 1.0.5 ## 1.0.5
## 1.0.4 ## 1.0.4

1
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.6.md Normal file
View File

@@ -0,0 +1 @@
## 1.0.6

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 1.0.5 lastReleaseVersion: 1.0.6

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries name: codeql/csharp-solorigate-queries
version: 1.0.6-dev version: 1.0.6
groups: groups:
- csharp - csharp
- solorigate - solorigate

19
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,22 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
## 0.0.11 ## 0.0.11
### Breaking Changes ### Breaking Changes

4
csharp/ql/lib/change-notes/2022-02-07-deleted-deprecations.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

5
csharp/ql/lib/change-notes/2022-02-07-deprecated-acronyms.md
View File

@@ -1,5 +0,0 @@
---
category: deprecated
---
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

4
csharp/ql/lib/change-notes/2022-03-14-flow-state-barriers.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.

4
csharp/ql/lib/change-notes/2022-03-14-taint-interface-cleanup.md
View File

@@ -1,4 +0,0 @@
---
category: breaking
---
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.

18
csharp/ql/lib/change-notes/released/0.0.12.md Normal file
View File

@@ -0,0 +1,18 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.11 lastReleaseVersion: 0.0.12

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all name: codeql/csharp-all
version: 0.0.12-dev version: 0.0.12
groups: csharp groups: csharp
dbscheme: semmlecode.csharp.dbscheme dbscheme: semmlecode.csharp.dbscheme
extractor: csharp extractor: csharp

2
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,5 @@
## 0.0.12
## 0.0.11 ## 0.0.11
### Minor Analysis Improvements ### Minor Analysis Improvements

1
csharp/ql/src/change-notes/released/0.0.12.md Normal file
View File

@@ -0,0 +1 @@
## 0.0.12

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.11 lastReleaseVersion: 0.0.12

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries name: codeql/csharp-queries
version: 0.0.12-dev version: 0.0.12
groups: groups:
- csharp - csharp
- queries - queries

21
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,24 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* Added support for detection of SSRF via JDBC database URLs, including connections made using the standard library (`java.sql`), Hikari Connection Pool, JDBI and Spring JDBC.
* Re-removed support for `CharacterLiteral` from `CompileTimeConstantExpr.getStringValue()` to restore the convention that that predicate only applies to `String`-typed constants.
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
## 0.0.11 ## 0.0.11
### New Features ### New Features

4
java/ql/lib/change-notes/2022-02-07-deleted-deprecations.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

5
java/ql/lib/change-notes/2022-02-07-deprecated-acronyms.md
View File

@@ -1,5 +0,0 @@
---
category: deprecated
---
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

4
java/ql/lib/change-notes/2022-03-11-revert-8325.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Re-removed support for `CharacterLiteral` from `CompileTimeConstantExpr.getStringValue()` to restore the convention that that predicate only applies to `String`-typed constants.

4
java/ql/lib/change-notes/2022-03-14-flow-state-barriers.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.

4
java/ql/lib/change-notes/2022-03-14-new-jdbc-ssrf-sinks.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added support for detection of SSRF via JDBC database URLs, including connections made using the standard library (`java.sql`), Hikari Connection Pool, JDBI and Spring JDBC.

4
java/ql/lib/change-notes/2022-03-14-taint-interface-cleanup.md
View File

@@ -1,4 +0,0 @@
---
category: breaking
---
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.

20
java/ql/lib/change-notes/released/0.0.12.md Normal file
View File

@@ -0,0 +1,20 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* Added support for detection of SSRF via JDBC database URLs, including connections made using the standard library (`java.sql`), Hikari Connection Pool, JDBI and Spring JDBC.
* Re-removed support for `CharacterLiteral` from `CompileTimeConstantExpr.getStringValue()` to restore the convention that that predicate only applies to `String`-typed constants.
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.11 lastReleaseVersion: 0.0.12

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all name: codeql/java-all
version: 0.0.12-dev version: 0.0.12
groups: java groups: java
dbscheme: config/semmlecode.dbscheme dbscheme: config/semmlecode.dbscheme
extractor: java extractor: java

12
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,15 @@
## 0.0.12
### New Queries
* The query "Insertion of sensitive information into log files" (`java/sensitive-logging`) has been promoted from experimental to the main query pack. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3090).
### Minor Analysis Improvements
* Added new guards `IsWindowsGuard`, `IsSpecificWindowsVariant`, `IsUnixGuard`, and `IsSpecificUnixVariant` to detect OS specific guards.
* Added a new predicate `getSystemProperty` that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, etc..).
* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
## 0.0.11 ## 0.0.11
## 0.0.10 ## 0.0.10

4
java/ql/src/change-notes/2022-03-11-sensitive-logging.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* The query "Insertion of sensitive information into log files" (`java/sensitive-logging`) has been promoted from experimental to the main query pack. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3090).

12
java/ql/src/change-notes/2022-02-14-os-guards.md → java/ql/src/change-notes/released/0.0.12.md
View File

@@ -1,7 +1,11 @@
--- ## 0.0.12
category: minorAnalysis
--- ### New Queries
* The query "Insertion of sensitive information into log files" (`java/sensitive-logging`) has been promoted from experimental to the main query pack. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3090).
### Minor Analysis Improvements
* Added new guards `IsWindowsGuard`, `IsSpecificWindowsVariant`, `IsUnixGuard`, and `IsSpecificUnixVariant` to detect OS specific guards. * Added new guards `IsWindowsGuard`, `IsSpecificWindowsVariant`, `IsUnixGuard`, and `IsSpecificUnixVariant` to detect OS specific guards.
* Added a new predicate `getSystemProperty` that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, etc..). * Added a new predicate `getSystemProperty` that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, etc..).
* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard. * Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.11 lastReleaseVersion: 0.0.12

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries name: codeql/java-queries
version: 0.0.12-dev version: 0.0.12
groups: groups:
- java - java
- queries - queries

15
javascript/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,18 @@
## 0.0.13
### Deprecated APIs
* Some predicates from `DefUse.qll`, `DataFlow.qll`, `TaintTracking.qll`, `DOM.qll`, `Definitions.qll` that weren't used by any query have been deprecated.
The documentation for each predicate points to an alternative.
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
* Some modules that started with a lowercase letter have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### Minor Analysis Improvements
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
## 0.0.12 ## 0.0.12
### Major Analysis Improvements ### Major Analysis Improvements

4
javascript/ql/lib/change-notes/2022-02-07-deleted-deprecations.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

5
javascript/ql/lib/change-notes/2022-02-07-deprecated-acronyms.md
View File

@@ -1,5 +0,0 @@
---
category: deprecated
---
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

5
javascript/ql/lib/change-notes/2022-02-07-deprecated-modules.md
View File

@@ -1,5 +0,0 @@
---
category: deprecated
---
* Some modules that started with a lowercase letter have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

5
javascript/ql/lib/change-notes/2022-02-14-deprecated-predicates.md
View File

@@ -1,5 +0,0 @@
---
category: deprecated
---
* Some predicates from `DefUse.qll`, `DataFlow.qll`, `TaintTracking.qll`, `DOM.qll`, `Definitions.qll` that weren't used by any query have been deprecated.
The documentation for each predicate points to an alternative.

14
javascript/ql/lib/change-notes/released/0.0.13.md Normal file
View File

@@ -0,0 +1,14 @@
## 0.0.13
### Deprecated APIs
* Some predicates from `DefUse.qll`, `DataFlow.qll`, `TaintTracking.qll`, `DOM.qll`, `Definitions.qll` that weren't used by any query have been deprecated.
The documentation for each predicate points to an alternative.
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
* Some modules that started with a lowercase letter have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### Minor Analysis Improvements
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

2
javascript/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.12 lastReleaseVersion: 0.0.13

2
javascript/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-all name: codeql/javascript-all
version: 0.0.13-dev version: 0.0.13
groups: javascript groups: javascript
dbscheme: semmlecode.javascript.dbscheme dbscheme: semmlecode.javascript.dbscheme
extractor: javascript extractor: javascript

8
javascript/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,11 @@
## 0.0.13
### Minor Analysis Improvements
* Fixed an issue that would sometimes prevent the data-flow analysis from finding flow
paths through a function that stores its result on an object.
This may lead to more results for the security queries.
## 0.0.12 ## 0.0.12
## 0.0.11 ## 0.0.11

7
javascript/ql/src/change-notes/2022-03-18-store-load-flow-context-sensitivity-bug.md → javascript/ql/src/change-notes/released/0.0.13.md
View File

@@ -1,6 +1,7 @@
--- ## 0.0.13
category: minorAnalysis
--- ### Minor Analysis Improvements
* Fixed an issue that would sometimes prevent the data-flow analysis from finding flow * Fixed an issue that would sometimes prevent the data-flow analysis from finding flow
paths through a function that stores its result on an object. paths through a function that stores its result on an object.
This may lead to more results for the security queries. This may lead to more results for the security queries.

2
javascript/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.12 lastReleaseVersion: 0.0.13

2
javascript/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-queries name: codeql/javascript-queries
version: 0.0.13-dev version: 0.0.13
groups: groups:
- javascript - javascript
- queries - queries

21
python/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,24 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
* Some modules that started with a lowercase letter have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
## 0.0.11 ## 0.0.11
### Minor Analysis Improvements ### Minor Analysis Improvements

4
python/ql/lib/change-notes/2022-02-07-deleted-deprecations.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

5
python/ql/lib/change-notes/2022-02-07-deprecated-acronyms.md
View File

@@ -1,5 +0,0 @@
---
category: deprecated
---
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

5
python/ql/lib/change-notes/2022-02-07-deprecated-modules.md
View File

@@ -1,5 +0,0 @@
---
category: deprecated
---
* Some modules that started with a lowercase letter have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

4
python/ql/lib/change-notes/2022-03-14-flow-state-barriers.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.

4
python/ql/lib/change-notes/2022-03-14-taint-interface-cleanup.md
View File

@@ -1,4 +0,0 @@
---
category: breaking
---
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.

20
python/ql/lib/change-notes/released/0.0.12.md Normal file
View File

@@ -0,0 +1,20 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
* Some modules that started with a lowercase letter have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

2
python/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.11 lastReleaseVersion: 0.0.12

2
python/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-all name: codeql/python-all
version: 0.0.12-dev version: 0.0.12
groups: python groups: python
dbscheme: semmlecode.python.dbscheme dbscheme: semmlecode.python.dbscheme
extractor: python extractor: python

2
python/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,5 @@
## 0.0.12
## 0.0.11 ## 0.0.11
### New Queries ### New Queries

1
python/ql/src/change-notes/released/0.0.12.md Normal file
View File

@@ -0,0 +1 @@
## 0.0.12

2
python/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.11 lastReleaseVersion: 0.0.12

2
python/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-queries name: codeql/python-queries
version: 0.0.12-dev version: 0.0.12
groups: groups:
- python - python
- queries - queries

21
ruby/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,24 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* `getConstantValue()` now returns the contents of strings and symbols after escape sequences have been interpreted. For example, for the Ruby string literal `"\n"`, `getConstantValue().getString()` previously returned a QL string with two characters, a backslash followed by `n`; now it returns the single-character string "\n" (U+000A, known as newline).
* `getConstantValue().getInt()` previously returned incorrect values for integers larger than 2<sup>31</sup>-1 (the largest value that can be represented by the QL `int` type). It now returns no result in those cases.
* Added `OrmWriteAccess` concept to model data written to a database using an object-relational mapping (ORM) library.
## 0.0.11 ## 0.0.11
### Minor Analysis Improvements ### Minor Analysis Improvements

5
ruby/ql/lib/change-notes/2022-02-07-deprecated-acronyms.md
View File

@@ -1,5 +0,0 @@
---
category: deprecated
---
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.

4
ruby/ql/lib/change-notes/2022-02-28-orm-write-access.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added `OrmWriteAccess` concept to model data written to a database using an object-relational mapping (ORM) library.

4
ruby/ql/lib/change-notes/2022-03-14-flow-state-barriers.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.

4
ruby/ql/lib/change-notes/2022-03-14-taint-interface-cleanup.md
View File

@@ -1,4 +0,0 @@
---
category: breaking
---
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.

5
ruby/ql/lib/change-notes/2022-03-16-string-escape-sequences.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* `getConstantValue()` now returns the contents of strings and symbols after escape sequences have been interpreted. For example, for the Ruby string literal `"\n"`, `getConstantValue().getString()` previously returned a QL string with two characters, a backslash followed by `n`; now it returns the single-character string "\n" (U+000A, known as newline).
* `getConstantValue().getInt()` previously returned incorrect values for integers larger than 2<sup>31</sup>-1 (the largest value that can be represented by the QL `int` type). It now returns no result in those cases.

20
ruby/ql/lib/change-notes/released/0.0.12.md Normal file
View File

@@ -0,0 +1,20 @@
## 0.0.12
### Breaking Changes
* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
### Deprecated APIs
* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide.
The old name still exists as a deprecated alias.
### New Features
* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
### Minor Analysis Improvements
* `getConstantValue()` now returns the contents of strings and symbols after escape sequences have been interpreted. For example, for the Ruby string literal `"\n"`, `getConstantValue().getString()` previously returned a QL string with two characters, a backslash followed by `n`; now it returns the single-character string "\n" (U+000A, known as newline).
* `getConstantValue().getInt()` previously returned incorrect values for integers larger than 2<sup>31</sup>-1 (the largest value that can be represented by the QL `int` type). It now returns no result in those cases.
* Added `OrmWriteAccess` concept to model data written to a database using an object-relational mapping (ORM) library.

2
ruby/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.11 lastReleaseVersion: 0.0.12

2
ruby/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-all name: codeql/ruby-all
version: 0.0.12-dev version: 0.0.12
groups: ruby groups: ruby
extractor: ruby extractor: ruby
dbscheme: ruby.dbscheme dbscheme: ruby.dbscheme

7
ruby/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 0.0.12
### New Queries
* Added a new query, `rb/clear-text-storage-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are stored as cleartext.
* Added a new query, `rb/incomplete-hostname-regexp`. The query finds instances where a hostname is incompletely sanitized due to an unescaped character in a regular expression.
## 0.0.11 ## 0.0.11
## 0.0.10 ## 0.0.10

4
ruby/ql/src/change-notes/2022-02-10-incomplete-hostname-regexp.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query, `rb/incomplete-hostname-regexp`. The query finds instances where a hostname is incompletely sanitized due to an unescaped character in a regular expression.

4
ruby/ql/src/change-notes/2022-03-05-rb-clear-text-storage-sensitive-data.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query, `rb/clear-text-storage-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are stored as cleartext.

6
ruby/ql/src/change-notes/released/0.0.12.md Normal file
View File

@@ -0,0 +1,6 @@
## 0.0.12
### New Queries
* Added a new query, `rb/clear-text-storage-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are stored as cleartext.
* Added a new query, `rb/incomplete-hostname-regexp`. The query finds instances where a hostname is incompletely sanitized due to an unescaped character in a regular expression.

2
ruby/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
--- ---
lastReleaseVersion: 0.0.11 lastReleaseVersion: 0.0.12

2
ruby/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-queries name: codeql/ruby-queries
version: 0.0.12-dev version: 0.0.12
groups: groups:
- ruby - ruby
- queries - queries