hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move older change notes to old-change-notes

Browse Source 
Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there.

I'm working on a document to describe how and when to create change notes for packs separately.
This commit is contained in:
Dave Bartolomeo
2021-12-14 12:35:04 -05:00
parent a62f181d42
commit fa40d59332
401 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/old-change-notes/2020-05-21-mongodb-sql-injection-sinks.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The SQL injection queries have been improved to recognize MongoDB injection sinks.

3
java/old-change-notes/2020-05-21-websocket-taintsource.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* Reads from `java.net.http.WebSocket` have been added as sources of tainted data for all
security queries.

2
java/old-change-notes/2020-06-30-jooq-sql-injection-sinks.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The SQL injection queries have been improved to recognize unsafe jOOQ methods.

3
java/old-change-notes/2020-07-03-more-pathcreations.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* The query "Uncontrolled data used in path expression" (`java/path-injection`) has been
improved to recognize more path creation entry points.

9
java/old-change-notes/2020-07-09-untrusted-data-to-external-api.md Normal file
View File

@@ -0,0 +1,9 @@
lgtm,codescanning
* Two new queries, "Untrusted data passed to external API" (`java/untrusted-data-to-external-api`)
and "Frequency counts for external APIs that are used with untrusted data"
(`java/count-untrusted-data-external-api`), have been added. These queries
should not be run by default as they are designed to have a low "true
positive" rate. However, they allow you to review the use of untrusted data
in an application to find new security vulnerabilities that are not found by
the default security queries, as well as identifying opportunities to improve
or add modeling of taint steps and sinks.

4
java/old-change-notes/2020-07-13-stacktraceexposure-fp-fix.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* The query "Information exposure through a stack trace" (`java/stack-trace-exposure`) has been
improved to report fewer false positives when `super.printStackTrace()` is called
in an overridden method.

3
java/old-change-notes/2020-08-11-printwriter-format-xss-sink.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* The query "Cross-site scripting" (`java/xss`) has been improved to recognize
`PrintWriter.format` as an XSS sink.

4
java/old-change-notes/2020-08-14-dataflow-dispatch-instance-arg-ctx.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* Virtual dispatch in data flow has been improved to take call-context-specific type
improvements to instance arguments into account. This improves precision for certain
code patterns involving heavy virtual dispatch.

2
java/old-change-notes/2020-08-17-string-formatted.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The string format queries now recognize the Java 14 `String.formatted` method.

2
java/old-change-notes/2020-08-24-records-flow.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Data flow is now supported through Java 14 records.

4
java/old-change-notes/2020-08-31-extensible-security-queries.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* Several security queries have been refactored to make them easier to extend with additional
sinks and/or taint steps. Sink definitions have generally been moved to importable libraries,
which can then be extended in `Customizations.qll`.

2
java/old-change-notes/2020-09-08-blockstmt.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The QL class `Block`, denoting the `{ ... }` statement, is renamed to `BlockStmt`.

4
java/old-change-notes/2020-09-17-exectainted-array.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* The query "Uncontrolled command line" (`java/command-line-injection`) has
been improved to better distinguish between command injection and safe
command arguments.

4
java/old-change-notes/2020-09-21-jhipster-gen-prng-query.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* A new query "Detect JHipster Generator Vulnerability CVE-2019-16303"
(`java/jhipster-prng`) has been added. This query finds weak random number generators
in security-sensitive methods generated by a vulnerable version of JHipster.

3
java/old-change-notes/2020-09-22-hibernate-sql-sinks.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* Support for the [Hibernate ORM](https://hibernate.org/orm/) library (specifically, its Query
creation methods) has been improved, which may lead to more results from the security queries.

3
java/old-change-notes/2020-09-23-spring-multipart-request-sources.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* The methods of the [Spring Web MultipartRequest](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/multipart/MultipartRequest.html)
class have been added as sources of remote user input, which may lead to more results from the security queries.

3
java/old-change-notes/2020-10-03-android-intent-taintsource.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* Exported Android `Intent`s have been added as sources of tainted data for all
security queries.

3
java/old-change-notes/2020-10-07-fastjson-deserialization-sink.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* The "Deserialization of user-controlled data" (`java/unsafe-deserialization`) query
now recognizes `FastJson` deserialization.

2
java/old-change-notes/2020-10-16-guava-flow-steps.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Some methods of the [Guava](https://guava.dev/) framework have been added as flow steps (specifically those of the [Splitter](https://guava.dev/releases/30.0-jre/api/docs/com/google/common/base/Splitter.html), [Joiner](https://guava.dev/releases/30.0-jre/api/docs/com/google/common/base/Joiner.html), and [Strings](https://guava.dev/releases/30.0-jre/api/docs/com/google/common/base/Strings.html) classes), which may lead to more results from the security queries.

5
java/old-change-notes/2020-10-27-insecure-bean-validation.md Normal file
View File

@@ -0,0 +1,5 @@
lgtm,codescanning
* A new query "Insecure Bean Validation" (`java/insecure-bean-validation`) has been added. This query
finds server-side template injections caused by untrusted data flowing from a bean
property into a custom error message for a constraint validator. This
vulnerability can lead to arbitrary code execution.

3
java/old-change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* The query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) has been improved to recognize unsafe Apache Commons Lang(3) methods.
* The SnakeYAML Unsafe Deserialization sink has been improved to recognize `compose` and `composeAll` unsafe methods.

4
java/old-change-notes/2020-12-09-xxe-fp-fix.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* The query "Resolving XML external entity in user-controlled data" (`java/xxe`) has been improved to report fewer false positives when a `SAXParserFactory` is configured safely.

4
java/old-change-notes/2021-01-12-unsafe-hostname-verification.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* A new query "Unsafe hostname verification"
(`java/unsafe-hostname-verification`) has been added. This query finds unsafe
`HostnameVerifier`s that allow man-in-the-middle attacks.

2
java/old-change-notes/2021-01-14-java-15-support.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The Java extractor has been upgraded to support Java 15.

2
java/old-change-notes/2021-01-19-struts-xml-extraction.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* XML files named `struts.xml` are now extracted by default.

2
java/old-change-notes/2021-02-09-commons-string-utils.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added support for the Apache Commons Lang StringUtils library.

2
java/old-change-notes/2021-02-15-commons-array-utils.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added support for the Apache Commons Lang ArrayUtils library.

5
java/old-change-notes/2021-02-15-snakeyaml-fn-fix.md Normal file
View File

@@ -0,0 +1,5 @@
lgtm,codescanning
* The query "Unsafe Deserialization" (`java/unsafe-deserialization`) has been
improved to report those cases where SnakeYaml `Constructor` is used to fix
the unmarshaled object graph root's type but injection is still possible in
nested nodes of the object graph.

2
java/old-change-notes/2021-02-17-apache-http.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added support for the Apache Http components core library (`org.apache.http.*` and `org.apache.hc.core5.*`); adding additional remote flow sources, sinks for the XSS and Open Redirect queries, and additional taint steps.

4
java/old-change-notes/2021-02-23-deprecated-jcenter-bintray.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* A new query "Depending upon JCenter/Bintray as an artifact repository"
(`java/maven/dependency-upon-bintray`) has been added.
This query finds uses of the deprecated JCenter/Bintray artifact respositories.

2
java/old-change-notes/2021-03-01-fluent-interface-data-flow.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The data-flow library now recognises more side-effects of method chaining (e.g. `someObject.setX(clean).setY(tainted).setZ...` having a side-effect on `someObject`), as well as other related circumstances where a function input is directly passed to its output. All queries that use data-flow analysis, including most security queries, may return more results accordingly.

2
java/old-change-notes/2021-03-02-apache-text-misc.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models for the Apache Commons Lang (and Commons Text) classes WordUtils, StrTokenizer, StrLookup and StrSubstitutor. This may result in extra results for a wide array of queries where any of these text-processing classes are used.

2
java/old-change-notes/2021-03-02-guava-io.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Increased coverage of the Guava framework by including classes in the `com.google.common.io` package.

2
java/old-change-notes/2021-03-05-commons-lang-randomutils.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models for the Apache Commons Lang `RandomUtils` class. This may lead to extra results from queries that check for proper use of random-number generators or those which check the range of possible random values that could be returned, including `java/improper-validation-of-array-index-code-specified` and `java/uncontrolled-arithmetic`.

2
java/old-change-notes/2021-03-05-commons-object-utils.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models for `ObjectUtils` methods in the Apache Commons Lang library. This may lead to more results from any dataflow query where traversal of `ObjectUtils` methods means we can now complete a path from a source of tainted data to a corresponding sink.

2
java/old-change-notes/2021-03-05-play-framework.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added support for the Play framework core library (`play.mvc.*`); adding additional remote flow sources.

2
java/old-change-notes/2021-03-05-regex-utils.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models for Apache Commons Lang's `RegExUtils` class. This means that any query that tracks tainted data may return additional results in cases where a `RegExUtils` transformation is part of the path from source to sink.

2
java/old-change-notes/2021-03-10-guava-base.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Increased coverage of the Guava framework by modelling additional classes in the `com.google.common.base` package. This may result in more results for security queries on projects where the Guava framework is used.

2
java/old-change-notes/2021-03-11-commons-strbuilder.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added support for the Apache Commons Lang and Commons Text StrBuilder class, and its successor TextStringBuilder.

2
java/old-change-notes/2021-03-18-commons-tostring-builder.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models for Apache Commons Lang's `ToStringBuilder` class. This may lead to more results from any data-flow query where ToStringBuilder operations fall between the relevant untrusted source and vulnerable sink.

2
java/old-change-notes/2021-03-22-jax-rs-improvements.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added support for detecting XSS via JAX-RS sinks, and propagating tainted data via various container types (e.g. Form, Cookie, MultivaluedMap).

2
java/old-change-notes/2021-03-23-guava-collections-and-preconditions.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Increase coverage of the Guava framework, including flow steps through various collection utilities in `com.google.common.collect`, as well as through `Preconditions.checkNotNull`.

2
java/old-change-notes/2021-03-25-remove-legacy-code-duplication-library.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The legacy code duplication library has been removed.

2
java/old-change-notes/2021-03-25-remove-legacy-filter-queries.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Legacy filter queries have been removed.

2
java/old-change-notes/2021-04-02-add-spring-validation-errors.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added additional taint steps modeling the Spring `validation.Errors` class (`org.springframework.validation.Errors`).

4
java/old-change-notes/2021-04-06-ssrf-query.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* The query "Server-side request forgery (SSRF)" (`java/ssrf`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/3454).
* Models for `URI` and `HttpRequest` in the `java.net` package have been improved. This may lead to more results from any query where these types' methods are relevant.
* Models for Apache HttpComponents' `RequestLine` and `BasicRequestLine` types. This may lead to more results from any query where these types' methods are relevant.

2
java/old-change-notes/2021-04-14-membertype.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* A CodeQL class `MemberType` is introduced to describe nested classes. Its `getQualifiedName` method returns `$`-delimited nested type names (for example, `mypackage.Outer$Middle$Inner`), where previously the same type would be named differently depending on whether it was addressed as a `NestedType` or a `Member`.

2
java/old-change-notes/2021-04-26-xpath-injection-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "XPath injection" (`java/xml/xpath-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @SpaceWhite](https://github.com/github/codeql/pull/2800)

2
java/old-change-notes/2021-05-03-guava-first-non-null.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Increase coverage of the Guava framework by adding support for `com.google.common.base.MoreObjects#firstNonNull`.

2
java/old-change-notes/2021-05-03-jackson-dataflow-deserialization.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Increase coverage of dataflow through Jackson JSON deserialized objects.

2
java/old-change-notes/2021-05-04-jexl-injection-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Expression language injection (JEXL)" (`java/jexl-expression-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @artem-smotrakov](https://github.com/github/codeql/pull/4965)

3
java/old-change-notes/2021-05-05-kryo-improvements.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* Add support for version 5 of the Kryo serialization/deserialization framework.
* Add support for detecting safe uses of Kryo utilizing `KryoPool.Builder`. [#4992](https://github.com/github/codeql/issues/4992)

2
java/old-change-notes/2021-05-06-unsafe-android-access-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Unsafe resource fetching in Android WebView" (`java/android/unsafe-android-webview-fetch`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3706).

2
java/old-change-notes/2021-05-11-apache-tuples.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models for the Apache Commons Lang tuple types (Pair, Triple and their immutable and mutable implementations). This may lead to more results from any query using data-flow analysis where a relevant path uses one of these container types.

2
java/old-change-notes/2021-05-11-ratpack-support.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Add support for [Ratpack](https://ratpack.io/) HTTP framework.

3
java/old-change-notes/2021-05-12-hardcoded-azure-credentials-in-api-call.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`)
now recognizes hard-coded authentication credentials passed to the Azure SDK for Java.

2
java/old-change-notes/2021-05-12-xxe-fp-fix.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Resolving XML external entity in user-controlled data" (`java/xxe`) has been improved to report fewer false positives when a Builder / Factory (e.g. an `XMLInputFactory`) is configured safely by using a boxed boolean as second argument to one or more of its configuration methods.

2
java/old-change-notes/2021-05-13-ognl-injection-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "OGNL Expression Language statement with user-controlled input" (`java/ognl-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @ggolawski](https://github.com/github/codeql/pull/3294).

2
java/old-change-notes/2021-05-14-close-resource-leaks-improvements.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The "Potential input resource leak" (`java/input-resource-leak`) and "Potential output resource leak" (`java/output-resource-leak`) queries no longer confuse `java.io` classes such as `Reader` with others that happen to share the same base name. Additionally the number of false positives has been reduced by recognizing `CharArrayReader` and `CharArrayWriter` as types that don't need to be closed.

3
java/old-change-notes/2021-05-17-add-unsafe-deserialization-sinks.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* The "Deserialization of user-controlled data" (`java/unsafe-deserialization`) query
now recognizes `JYaml`, `JsonIO`, `YAMLBeans`, `Castor`, `Hessian` and `Burlap` deserialization.

3
java/old-change-notes/2021-05-17-jackson-deserialization-sink.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* The "Deserialization of user-controlled data" (`java/unsafe-deserialization`) query
now recognizes `Jackson` deserialization.

2
java/old-change-notes/2021-05-17-missing-jwt-signature-check-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Missing JWT signature check" (`java/missing-jwt-signature-check`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @intrigus-lgtm](https://github.com/github/codeql/pull/5597).

2
java/old-change-notes/2021-05-20-jndi-injection-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "JNDI lookup with user-controlled name" (`java/jndi-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @ggolawski](https://github.com/github/codeql/pull/3288).

3
java/old-change-notes/2021-05-20-savedrequest-taintsources.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* Invocations of methods from `org.springframework.security.web.savedrequest.SavedRequest`
have been added as sources of tainted data for all security queries.

3
java/old-change-notes/2021-05-24-hardcoded-shiro-key-in-api-call.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`) can now detect a hard-coded Apache Shiro cipher key.
* The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`) now detects hard-coded credentials that are Base64 encoded or decoded before use.

2
java/old-change-notes/2021-05-28-remove-senderror-xss-sink.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Cross-site scripting" (`java/xss`) has been improved to report fewer false positives by removing the `javax.servlet.http.HttpServletResponse.sendError` sink since Servlet API implementations generally already escape the error message, preventing script injection.

2
java/old-change-notes/2021-05-31-add-spring-stringutils.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added additional taint steps modeling the Spring `util` package (`org.springframework.util`).

5
java/old-change-notes/2021-06-01-collection-flow.md Normal file
View File

@@ -0,0 +1,5 @@
lgtm,codescanning
* Data flow now tracks steps through collections and arrays more precisely.
That means that collection and array read steps are now matched up with
preceding store steps. This results in increased precision for all flow-based
queries, in particular most of the security queries.

2
java/old-change-notes/2021-06-01-insecure-basic-auth-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Insecure basic authentication" (`java/insecure-basic-auth`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3976).

2
java/old-change-notes/2021-06-01-statement-toString.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The CodeQL predicate `toString()` has been overridden for subclasses of `Stmt` to be more descriptive.

2
java/old-change-notes/2021-06-02-mvel-injection-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Expression language injection (MVEL) (`java/mvel-expression-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @artem-smotrakov](https://github.com/github/codeql/pull/3329)

2
java/old-change-notes/2021-06-08-spel-injection-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Expression language injection (Spring)" (`java/spel-expression-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @artem-smotrakov](https://github.com/github/codeql/pull/3291).

3
java/old-change-notes/2021-06-08-spring-http.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* Additional flow steps in the `org.springframework.http` package of the Spring framework have been modelled.
This may result in additional results for security queries on projects using this framework.

2
java/old-change-notes/2021-06-08-spring-propertyvalues.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added additional taint steps modeling the Spring classes `PropertyValue`, `PropertyValues` and `MutablePropertyValues`. (`org.springframework.beans.*`).

2
java/old-change-notes/2021-06-11-tainted-key-read-steps.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Data flow now propagates taint from tainted Maps to read steps of their keys (e.g. `tainted.keySet()`).

2
java/old-change-notes/2021-06-14-groovy-code-injection-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Groovy Language injection" (`java/groovy-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @p0wn4j](https://github.com/github/codeql/pull/5467).

2
java/old-change-notes/2021-06-16-xslt-injection-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "XSLT transformation with user-controlled stylesheet" (`java/xslt-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @ggolawski](https://github.com/github/codeql/pull/3363).

2
java/old-change-notes/2021-06-18-apache-mutable.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models for the Apache Commons Lang Mutable types. This may lead to more results from any query using data-flow analysis where a relevant path uses one of these container types.

2
java/old-change-notes/2021-06-18-insecure-java-mail-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Insecure JavaMail SSL Configuration" (`java/insecure-smtp-ssl`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3491).

2
java/old-change-notes/2021-06-22-more-steps-for-bytebuffer-inputstream.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added more taint propagation models of some `java.io.InputStream` and `java.nio.ByteBuffer` methods. This may lead to extra results from queries concerning data-flow whenever a relevant path involves an instance of one of those types.

2
java/old-change-notes/2021-06-22-util-optional.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Models for java.util.Optional added. This may lead to more results whenever a data-flow path involves this type.

2
java/old-change-notes/2021-06-23-generic-type-names.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Static inner classes and static methods' enclosing and declaring types are now unbound rather than raw types. This means that, for example, Map.Entry's name is now `Map$Entry` not `Map<>$Entry` as before. This may impact custom queries that explicitly named these types.

2
java/old-change-notes/2021-06-24-dataflow-implicit-reads.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The DataFlow libraries have been augmented with support for `Configuration`-specific in-place read steps at, for example, sinks and custom taint steps. This means that it is now possible to specify sinks that accept flow with non-empty access paths.

2
java/old-change-notes/2021-06-25-apache-collections-maputils-keyvalue.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models for the package `keyvalue` and the classes `KeyValue` and `MapUtils` from Apache Commons Collections. This may lead to more results from any query using data-flow analysis where a relevant path uses one of these container types.

2
java/old-change-notes/2021-06-25-jax-rs-content-types.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The XSS query now accounts for more ways to set the content-type of an entity served via a Jax-RS HTTP endpoint. This may flag more cases where an XSS-vulnerable content-type is set, and exclude more cases where a non-vulnerable content-type such as `application/json` is set.

2
java/old-change-notes/2021-06-29-javax-json-models.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models of `javax.json` classes and methods. This may lead to more results where tracking tainted dataflow across JSON encoding or decoding is needed to diagnose a security or other issue.

4
java/old-change-notes/2021-07-01-spring-collections.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* Additional flow steps in the `org.springframework.ui`, and `org.springframework.cache` packages of
the Spring framework have been modelled. This may result in additional results for security
queries on projects using this framework.

4
java/old-change-notes/2021-07-01-spring-webmultipart.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* Additional flow steps in the `org.springframework.web.multipart` package of the Spring framework
have been modelled. This may result in additional results for security queries on projects using
this framework.

4
java/old-change-notes/2021-07-01-spring-webutil.md Normal file
View File

@@ -0,0 +1,4 @@
lgtm,codescanning
* Additional flow steps in the `org.springframework.web.util` package of the Spring framework have
been modelled. This may result in additional results for security queries on projects using this
framework.

2
java/old-change-notes/2021-07-01-url-classloader-reactive-webclient.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added support for two new APIs susceptible to server-side request forgery (SSRF): using a `URLClassLoader`, and using Spring Web Reactive's `WebClient`.

2
java/old-change-notes/2021-07-02-split-queries.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Library `semmle.code.java.security.Random` is split into `RandomQuery`, for use by randomness-related queries, and `RandomValueSource`, for use by libraries wishing to augment the built-in set of random value sources. Any code importing `Random` will need changing to import one or other of these.

2
java/old-change-notes/2021-07-14-spring-jdbc.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* SQL-injection vulnerabilities relating to the `org.springframework.jdbc.object` are now recognised.

2
java/old-change-notes/2021-07-19-json-java.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models of the JSON-java library, also known by its package name `org.json`. This may lead to detection of more issues whenever JSON deserialization is involved in a relevant dataflow path.

2
java/old-change-notes/2021-07-22-model-collection-constructors.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added additional taint steps modeling constructors for collections in `java.util`.

2
java/old-change-notes/2021-07-27-apache-collections-base-package.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added models for the base package of Apache Commons Collections. This may lead to more results from any query using data-flow analysis where a relevant path uses one of these container types.

2
java/old-change-notes/2021-07-28-guava-cache.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Added additional taint steps modeling methods in the Guava cache package (`com.google.common.cache`)

5
java/old-change-notes/2021-08-02-android-intent-redirect-query.md Normal file
View File

@@ -0,0 +1,5 @@
lgtm,codescanning
* A new query "Android Intent redirection" (`java/android/intent-redirection`) has been added.
This query finds exported Android components using received Intents to start other components,
which can provide access to internal components of the application or cause other unintended
effects.

2
java/old-change-notes/2021-08-02-guava-collections.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Improved modelling for the `com.google.common.collect` package of the Guava framework.

2
java/old-change-notes/2021-08-03-spring-content-types.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The XSS query now accounts for more ways to set the content-type of an entity served via a Spring HTTP endpoint. This may flag more cases where an XSS-vulnerable content-type is set, and exclude more cases where a non-vulnerable content-type such as `application/json` is set.

2
java/old-change-notes/2021-08-04-jabsorb-unsafe-deserialization.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The "Deserialization of user-controlled data" (`java/unsafe-deserialization`) query now recognizes deserialization using the `Jabsorb` library.

Some files were not shown because too many files have changed in this diff Show More