hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.17.0

Browse Source
This commit is contained in:
github-actions[bot]
2024-04-01 13:46:57 +00:00
parent d889e3cf98
commit ec97d9a304
173 changed files with 478 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/automodel/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.0.20
No user-facing changes.
## 0.0.19
No user-facing changes.

3
java/ql/automodel/src/change-notes/released/0.0.20.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.0.20
No user-facing changes.

2
java/ql/automodel/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.19
lastReleaseVersion: 0.0.20

2
java/ql/automodel/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-automodel-queries
version: 0.0.20-dev
version: 0.0.20
groups:
- java
- automodel

13
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,16 @@
## 0.9.0
### Breaking Changes
* The Java extractor no longer supports the `ODASA_SNAPSHOT` legacy environment variable.
### Minor Analysis Improvements
* Increased the precision of some dataflow models of the class `java.net.URL` by distinguishing the parts of a URL.
* The Java extractor and QL libraries now support Java 22, including support for anonymous variables, lambda parameters and patterns.
* Pattern cases with multiple patterns and that fall through to or from other pattern cases are now supported. The `PatternCase` class gains the new `getPatternAtIndex` and `getAPattern` predicates, and deprecates `getPattern`.
* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class.
## 0.8.12
No user-facing changes.

4
java/ql/lib/change-notes/2024-03-11-add-parcelfiledescriptor-open-model.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class.

4
java/ql/lib/change-notes/2024-03-21-env-vars.md
View File

@@ -1,4 +0,0 @@
---
category: breaking
---
* The Java extractor no longer supports the `ODASA_SNAPSHOT` legacy environment variable.

5
java/ql/lib/change-notes/2024-03-22-anonymous-variables.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* The Java extractor and QL libraries now support Java 22, including support for anonymous variables, lambda parameters and patterns.
* Pattern cases with multiple patterns and that fall through to or from other pattern cases are now supported. The `PatternCase` class gains the new `getPatternAtIndex` and `getAPattern` predicates, and deprecates `getPattern`.

4
java/ql/lib/change-notes/2024-03-26-url-models-precision.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Increased the precision of some dataflow models of the class `java.net.URL` by distinguishing the parts of a URL.

12
java/ql/lib/change-notes/released/0.9.0.md Normal file
View File

@@ -0,0 +1,12 @@
## 0.9.0
### Breaking Changes
* The Java extractor no longer supports the `ODASA_SNAPSHOT` legacy environment variable.
### Minor Analysis Improvements
* Increased the precision of some dataflow models of the class `java.net.URL` by distinguishing the parts of a URL.
* The Java extractor and QL libraries now support Java 22, including support for anonymous variables, lambda parameters and patterns.
* Pattern cases with multiple patterns and that fall through to or from other pattern cases are now supported. The `PatternCase` class gains the new `getPatternAtIndex` and `getAPattern` predicates, and deprecates `getPattern`.
* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.8.12
lastReleaseVersion: 0.9.0

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 0.8.13-dev
version: 0.9.0
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

15
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,18 @@
## 0.8.13
### New Queries
* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286).
### Major Analysis Improvements
* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.
### Minor Analysis Improvements
* Variables named `tokenImage` are no longer sources for the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.
* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries.
## 0.8.12
No user-facing changes.

4
java/ql/src/change-notes/2024-03-06-url-forward-query.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286).

4
java/ql/src/change-notes/2024-03-12-request-sanitizers.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries.

4
java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Variables named `tokenImage` are no longer sources for the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.

4
java/ql/src/change-notes/2024-03-27-MissingEnumInSwitch.md
View File

@@ -1,4 +0,0 @@
---
category: majorAnalysis
---
* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.

14
java/ql/src/change-notes/released/0.8.13.md Normal file
View File

@@ -0,0 +1,14 @@
## 0.8.13
### New Queries
* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286).
### Major Analysis Improvements
* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.
### Minor Analysis Improvements
* Variables named `tokenImage` are no longer sources for the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.
* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.8.12
lastReleaseVersion: 0.8.13

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 0.8.13-dev
version: 0.8.13
groups:
- java
- queries