mirror of
https://github.com/github/codeql.git
synced 2026-05-30 02:51:24 +02:00
Compare commits
1 Commits
copilot/re
...
codeql-spa
| Author | SHA1 | Date | |
|---|---|---|---|
|
11cd069ce2 |
2
.github/workflows/mad_modelDiff.yml
vendored
2
.github/workflows/mad_modelDiff.yml
vendored
@@ -70,7 +70,7 @@ jobs:
|
||||
SHORTNAME=`basename $DATABASE`
|
||||
python misc/scripts/models-as-data/generate_mad.py --language java --with-summaries --with-sinks $DATABASE $SHORTNAME/$QL_VARIANT
|
||||
mkdir -p $MODELS/$SHORTNAME
|
||||
mv java/ql/lib/ext/generated/modelgenerator/$SHORTNAME/$QL_VARIANT $MODELS/$SHORTNAME
|
||||
mv java/ql/lib/ext/generated/$SHORTNAME/$QL_VARIANT $MODELS/$SHORTNAME
|
||||
cd ..
|
||||
}
|
||||
|
||||
|
||||
2
.github/workflows/python-tooling.yml
vendored
2
.github/workflows/python-tooling.yml
vendored
@@ -5,7 +5,7 @@ on:
|
||||
paths:
|
||||
- "misc/bazel/**"
|
||||
- "misc/codegen/**"
|
||||
- "misc/scripts/models-as-data/*.py"
|
||||
- "misc/scripts/models-as-data/bulk_generate_mad.py"
|
||||
- "*.bazel*"
|
||||
- .github/workflows/codegen.yml
|
||||
- .pre-commit-config.yaml
|
||||
|
||||
46
Cargo.lock
generated
46
Cargo.lock
generated
@@ -240,9 +240,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "cc"
|
||||
version = "1.2.61"
|
||||
version = "1.2.37"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d16d90359e986641506914ba71350897565610e87ce0ad9e6f28569db3dd5c6d"
|
||||
checksum = "65193589c6404eb80b450d618eaf9a2cafaaafd57ecce47370519ef674a7bd44"
|
||||
dependencies = [
|
||||
"find-msvc-tools",
|
||||
"jobserver",
|
||||
@@ -416,7 +416,6 @@ dependencies = [
|
||||
"tree-sitter",
|
||||
"tree-sitter-json",
|
||||
"tree-sitter-ql",
|
||||
"yeast",
|
||||
"zstd",
|
||||
]
|
||||
|
||||
@@ -755,9 +754,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "find-msvc-tools"
|
||||
version = "0.1.9"
|
||||
version = "0.1.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
|
||||
checksum = "7fd99930f64d146689264c637b5af2f0233a933bef0d8570e2526bf9e083192d"
|
||||
|
||||
[[package]]
|
||||
name = "fixedbitset"
|
||||
@@ -2854,9 +2853,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "tree-sitter"
|
||||
version = "0.26.8"
|
||||
version = "0.25.9"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "887bd495d0582c5e3e0d8ece2233666169fa56a9644d172fc22ad179ab2d0538"
|
||||
checksum = "ccd2a058a86cfece0bf96f7cce1021efef9c8ed0e892ab74639173e5ed7a34fa"
|
||||
dependencies = [
|
||||
"cc",
|
||||
"regex",
|
||||
@@ -2892,16 +2891,6 @@ version = "0.1.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c4013970217383f67b18aef68f6fb2e8d409bc5755227092d32efb0422ba24b8"
|
||||
|
||||
[[package]]
|
||||
name = "tree-sitter-python"
|
||||
version = "0.23.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3d065aaa27f3aaceaf60c1f0e0ac09e1cb9eb8ed28e7bcdaa52129cffc7f4b04"
|
||||
dependencies = [
|
||||
"cc",
|
||||
"tree-sitter-language",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "tree-sitter-ql"
|
||||
version = "0.23.1"
|
||||
@@ -3378,29 +3367,6 @@ version = "1.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cfe53a6657fd280eaa890a3bc59152892ffa3e30101319d168b781ed6529b049"
|
||||
|
||||
[[package]]
|
||||
name = "yeast"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"clap",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"serde_yaml",
|
||||
"tree-sitter",
|
||||
"tree-sitter-python",
|
||||
"tree-sitter-ruby",
|
||||
"yeast-macros",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "yeast-macros"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "yoke"
|
||||
version = "0.8.0"
|
||||
|
||||
@@ -4,8 +4,6 @@
|
||||
resolver = "2"
|
||||
members = [
|
||||
"shared/tree-sitter-extractor",
|
||||
"shared/yeast",
|
||||
"shared/yeast-macros",
|
||||
"ruby/extractor",
|
||||
"rust/extractor",
|
||||
"rust/extractor/macros",
|
||||
|
||||
@@ -141,16 +141,14 @@ use_repo(
|
||||
"vendor_ts__serde-1.0.228",
|
||||
"vendor_ts__serde_json-1.0.145",
|
||||
"vendor_ts__serde_with-3.14.1",
|
||||
"vendor_ts__serde_yaml-0.9.34-deprecated",
|
||||
"vendor_ts__syn-2.0.106",
|
||||
"vendor_ts__toml-0.9.7",
|
||||
"vendor_ts__tracing-0.1.41",
|
||||
"vendor_ts__tracing-flame-0.2.0",
|
||||
"vendor_ts__tracing-subscriber-0.3.20",
|
||||
"vendor_ts__tree-sitter-0.26.8",
|
||||
"vendor_ts__tree-sitter-0.25.9",
|
||||
"vendor_ts__tree-sitter-embedded-template-0.25.0",
|
||||
"vendor_ts__tree-sitter-json-0.24.8",
|
||||
"vendor_ts__tree-sitter-python-0.23.6",
|
||||
"vendor_ts__tree-sitter-ql-0.23.1",
|
||||
"vendor_ts__tree-sitter-ruby-0.23.1",
|
||||
"vendor_ts__triomphe-0.1.14",
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 0.4.35
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.4.34
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Altered 2 patterns in the `poisonable_steps` modelling. Extra sinks are detected in the following cases: scripts executed via python modules and `go run` in directories are detected as potential mechanisms of injection. For the go execution pattern, the pattern is updated to now ignore flags that occur between go and the specific command. This change may lead to more results being detected by the following queries: `actions/untrusted-checkout/high`, `actions/untrusted-checkout/critical`, `actions/untrusted-checkout-toctou/high`, `actions/untrusted-checkout-toctou/critical`, `actions/cache-poisoning/poisonable-step`, `actions/cache-poisoning/direct-cache` and `actions/artifact-poisoning/path-traversal`.
|
||||
@@ -1,3 +0,0 @@
|
||||
## 0.4.35
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.4.35
|
||||
lastReleaseVersion: 0.4.34
|
||||
|
||||
@@ -70,7 +70,7 @@ extensions:
|
||||
- ["(source|sh|bash|zsh|fish)\\s+([^\\s]+)\\b", 2]
|
||||
- ["(node)\\s+([^\\s]+)(\\.js|\\.ts)\\b", 2]
|
||||
- ["(python[\\d\\.]*)\\s+([^\\s]+)\\.py\\b", 2]
|
||||
- ["(python[\\d\\.]*)\\s+-m\\s+([A-Za-z_][\\w\\.]*)\\b", 2] # eg: pythonX -m anything(dir or file)
|
||||
- ["(ruby)\\s+([^\\s]+)\\.rb\\b", 2]
|
||||
- ["(go)\\s+(generate|run)(?:\\s+-[^\\s]+)*\\s+([^\\s]+)", 3]
|
||||
- ["(go)\\s+(generate|run)\\s+([^\\s]+)\\.go\\b", 3]
|
||||
- ["(dotnet)\\s+([^\\s]+)\\.csproj\\b", 2]
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-all
|
||||
version: 0.4.36-dev
|
||||
version: 0.4.35-dev
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 0.6.27
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.26
|
||||
|
||||
### Major Analysis Improvements
|
||||
@@ -177,7 +173,7 @@ No user-facing changes.
|
||||
* `actions/if-expression-always-true/critical`
|
||||
* `actions/if-expression-always-true/high`
|
||||
* `actions/unnecessary-use-of-advanced-config`
|
||||
|
||||
|
||||
* The following query has been moved from the `code-scanning` suite to the `security-extended`
|
||||
suite. Any existing alerts for this query will be closed automatically unless the analysis is
|
||||
configured to use the `security-extended` suite.
|
||||
|
||||
@@ -1,35 +1,6 @@
|
||||
## Overview
|
||||
|
||||
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. Under certain conditions described below, attackers can take over a repository by opening malicious PRs from forks. The attacks can result in malicious code execution causing unauthorized changes to the repository or exfiltration of repository secrets and a compromise of connected systems.
|
||||
|
||||
## Workflow Security Model
|
||||
|
||||
In GitHub Actions, there is a distinction between unprivileged and privileged workflows. For example, a workflow with a `pull_request` trigger is unprivileged while a workflow with `pull_request_target` is privileged.
|
||||
|
||||
This is relevant especially for PRs from forks. Normal PRs can only be submitted by people who have write access to a repository, while PRs from forks can be submitted by anyone.
|
||||
|
||||
On a PR from a fork, an unprivileged `pull_request` workflow has only limited capabilities but a privileged `pull_request_target` workflow is much more dangerous. A privileged workflow:
|
||||
|
||||
* Runs in the context of the base repository
|
||||
* Has access to organization and repository secrets (e.g., API keys, deployment tokens)
|
||||
* Has a read/write `GITHUB_TOKEN` by default
|
||||
* Can access private resources
|
||||
|
||||
Certain triggers automatically grant a workflow elevated privileges:
|
||||
|
||||
* `pull_request_target` as described above
|
||||
* `workflow_run`: Triggered when another workflow completes.
|
||||
* `issue_comment`: Triggered when a comment is made on an issue or PR.
|
||||
|
||||
## Attack Details
|
||||
|
||||
* A repository has a privileged workflow
|
||||
* An attacker forks the repository and adds malicious code (e.g., in the build script)
|
||||
* The attacker opens a PR from the fork, and, if needed, comments on the PR
|
||||
* The workflow in the base repository checks out the forked code
|
||||
* The workflow runs, (e.g. the build script etc.), which contains the malicious code
|
||||
|
||||
Please note that not only build scripts can be malicious code vectors. There is a large number of other possibilities. Some of them are listed in the [LOTP](https://boostsecurityio.github.io/lotp/) catalog.
|
||||
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed (e.g., due to a modified build script) in a privileged job.
|
||||
|
||||
## Recommendation
|
||||
|
||||
@@ -162,5 +133,3 @@ jobs:
|
||||
## References
|
||||
|
||||
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).
|
||||
- Mitigating risks of untrusted checkout: [GitHub Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/reference/security/secure-use#mitigating-the-risks-of-untrusted-code-checkout).
|
||||
- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/).
|
||||
|
||||
@@ -1,35 +1,6 @@
|
||||
## Overview
|
||||
|
||||
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. Under certain conditions described below, attackers can take over a repository by opening malicious PRs from forks. The attacks can result in malicious code execution causing unauthorized changes to the repository or exfiltration of repository secrets and a compromise of connected systems.
|
||||
|
||||
## Workflow Security Model
|
||||
|
||||
In GitHub Actions, there is a distinction between unprivileged and privileged workflows. For example, a workflow with a `pull_request` trigger is unprivileged while a workflow with `pull_request_target` is privileged.
|
||||
|
||||
This is relevant especially for PRs from forks. Normal PRs can only be submitted by people who have write access to a repository, while PRs from forks can be submitted by anyone.
|
||||
|
||||
On a PR from a fork, an unprivileged `pull_request` workflow has only limited capabilities but a privileged `pull_request_target` workflow is much more dangerous. A privileged workflow:
|
||||
|
||||
* Runs in the context of the base repository
|
||||
* Has access to organization and repository secrets (e.g., API keys, deployment tokens)
|
||||
* Has a read/write `GITHUB_TOKEN` by default
|
||||
* Can access private resources
|
||||
|
||||
Certain triggers automatically grant a workflow elevated privileges:
|
||||
|
||||
* `pull_request_target` as described above
|
||||
* `workflow_run`: Triggered when another workflow completes.
|
||||
* `issue_comment`: Triggered when a comment is made on an issue or PR.
|
||||
|
||||
## Attack Details
|
||||
|
||||
* A repository has a privileged workflow
|
||||
* An attacker forks the repository and adds malicious code (e.g., in the build script)
|
||||
* The attacker opens a PR from the fork, and, if needed, comments on the PR
|
||||
* The workflow in the base repository checks out the forked code
|
||||
* The workflow runs, (e.g. the build script etc.), which contains the malicious code
|
||||
|
||||
Please note that not only build scripts can be malicious code vectors. There is a large number of other possibilities. Some of them are listed in the [LOTP](https://boostsecurityio.github.io/lotp/) catalog.
|
||||
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed (e.g., due to a modified build script) in a privileged job.
|
||||
|
||||
## Recommendation
|
||||
|
||||
@@ -162,5 +133,3 @@ jobs:
|
||||
## References
|
||||
|
||||
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).
|
||||
- Mitigating risks of untrusted checkout: [GitHub Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/reference/security/secure-use#mitigating-the-risks-of-untrusted-code-checkout).
|
||||
- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/).
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* @name Checkout of untrusted code in privileged context without privileged context use
|
||||
* @name Checkout of untrusted code in trusted context
|
||||
* @description Privileged workflows have read/write access to the base repository and access to secrets.
|
||||
* By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
|
||||
* that is able to push to the base repository and to access secrets.
|
||||
|
||||
@@ -1,35 +1,6 @@
|
||||
## Overview
|
||||
|
||||
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. Under certain conditions described below, attackers can take over a repository by opening malicious PRs from forks. The attacks can result in malicious code execution causing unauthorized changes to the repository or exfiltration of repository secrets and a compromise of connected systems.
|
||||
|
||||
## Workflow Security Model
|
||||
|
||||
In GitHub Actions, there is a distinction between unprivileged and privileged workflows. For example, a workflow with a `pull_request` trigger is unprivileged while a workflow with `pull_request_target` is privileged.
|
||||
|
||||
This is relevant especially for PRs from forks. Normal PRs can only be submitted by people who have write access to a repository, while PRs from forks can be submitted by anyone.
|
||||
|
||||
On a PR from a fork, an unprivileged `pull_request` workflow has only limited capabilities but a privileged `pull_request_target` workflow is much more dangerous. A privileged workflow:
|
||||
|
||||
* Runs in the context of the base repository
|
||||
* Has access to organization and repository secrets (e.g., API keys, deployment tokens)
|
||||
* Has a read/write `GITHUB_TOKEN` by default
|
||||
* Can access private resources
|
||||
|
||||
Certain triggers automatically grant a workflow elevated privileges:
|
||||
|
||||
* `pull_request_target` as described above
|
||||
* `workflow_run`: Triggered when another workflow completes.
|
||||
* `issue_comment`: Triggered when a comment is made on an issue or PR.
|
||||
|
||||
## Attack Details
|
||||
|
||||
* A repository has a privileged workflow
|
||||
* An attacker forks the repository and adds malicious code (e.g., in the build script)
|
||||
* The attacker opens a PR from the fork, and, if needed, comments on the PR
|
||||
* The workflow in the base repository checks out the forked code
|
||||
* The workflow runs, (e.g. the build script etc.), which contains the malicious code
|
||||
|
||||
Please note that not only build scripts can be malicious code vectors. There is a large number of other possibilities. Some of them are listed in the [LOTP](https://boostsecurityio.github.io/lotp/) catalog.
|
||||
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed (e.g., due to a modified build script) in a privileged job.
|
||||
|
||||
## Recommendation
|
||||
|
||||
@@ -162,5 +133,3 @@ jobs:
|
||||
## References
|
||||
|
||||
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).
|
||||
- Mitigating risks of untrusted checkout: [GitHub Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/reference/security/secure-use#mitigating-the-risks-of-untrusted-code-checkout).
|
||||
- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/).
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Previously the messages were unclear as to why and how the vulnerabilities could occur.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
* Adjusted the name of `actions/untrusted-checkout/high` to more clearly describe which parts of the scenario are in a privileged context.
|
||||
@@ -1,3 +0,0 @@
|
||||
## 0.6.27
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.27
|
||||
lastReleaseVersion: 0.6.26
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-queries
|
||||
version: 0.6.28-dev
|
||||
version: 0.6.27-dev
|
||||
library: false
|
||||
warnOnImplicitThis: true
|
||||
groups: [actions, queries]
|
||||
|
||||
@@ -1,14 +1,3 @@
|
||||
## 10.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
* A new predicate `getSwitchCase` was added to the `SwitchStmt` class, which yields the `n`th `case` statement from a `switch` statement.
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for C and C++](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-cpp/).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added taint flow models for the `Strsafe.h` header from the Windows SDK.
|
||||
|
||||
## 10.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for C and C++](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-cpp/).
|
||||
4
cpp/ql/lib/change-notes/2026-03-28-switch-stmt.md
Normal file
4
cpp/ql/lib/change-notes/2026-03-28-switch-stmt.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* A new predicate `getSwitchCase` was added to the `SwitchStmt` class, which yields the `n`th `case` statement from a `switch` statement.
|
||||
4
cpp/ql/lib/change-notes/2026-04-28-strsafe.md
Normal file
4
cpp/ql/lib/change-notes/2026-04-28-strsafe.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added taint flow models for the `Strsafe.h` header from the Windows SDK.
|
||||
@@ -1,10 +0,0 @@
|
||||
## 10.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
* A new predicate `getSwitchCase` was added to the `SwitchStmt` class, which yields the `n`th `case` statement from a `switch` statement.
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for C and C++](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-cpp/).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added taint flow models for the `Strsafe.h` header from the Windows SDK.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 10.1.0
|
||||
lastReleaseVersion: 10.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 10.1.1-dev
|
||||
version: 10.0.1-dev
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.6.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.6.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
@@ -370,7 +366,7 @@ No user-facing changes.
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "non-constant format string" query (`cpp/non-constant-format`) has been updated to produce fewer false positives.
|
||||
* Added dataflow models for the `gettext` function variants.
|
||||
* Added dataflow models for the `gettext` function variants.
|
||||
|
||||
## 0.9.4
|
||||
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.6.2
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.2
|
||||
lastReleaseVersion: 1.6.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.6.3-dev
|
||||
version: 1.6.2-dev
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.7.66
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.65
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.66
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.66
|
||||
lastReleaseVersion: 1.7.65
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.67-dev
|
||||
version: 1.7.66-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.7.66
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.65
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.66
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.66
|
||||
lastReleaseVersion: 1.7.65
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.67-dev
|
||||
version: 1.7.66-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,42 +1,3 @@
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The C# control flow graph (CFG) implementation has been completely
|
||||
rewritten. The CFG now includes additional nodes to more accurately represent
|
||||
certain constructs. This also means that any existing code that implicitly
|
||||
relies on very specific details about the CFG may need to be updated.
|
||||
The CFG no longer uses splitting, which means that AST nodes now have a unique
|
||||
CFG node representation.
|
||||
Additionally, the following breaking changes have been made:
|
||||
- `ControlFlow::Node` has been renamed to `ControlFlowNode`.
|
||||
- `ControlFlow::Nodes` has been renamed to `ControlFlowNodes`.
|
||||
- `BasicBlock.getCallable` has been renamed to `BasicBlock.getEnclosingCallable`.
|
||||
- `BasicBlocks.qll` has been deleted.
|
||||
- `ControlFlowNode.getAstNode` has changed its meaning. The AST-to-CFG
|
||||
mapping remains one-to-many, but now for a different reason. It used to be
|
||||
because of splitting, but now it's because of additional "helper" CFG
|
||||
nodes. To get the (now canonical) CFG node for a given AST node, use
|
||||
`ControlFlowNode.asExpr()` or `ControlFlowNode.asStmt()` or
|
||||
`ControlFlowElement.getControlFlowNode()` instead.
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The QL classes in the C# SSA library have been renamed to improve consistency between languages. Any custom QL code that makes use of SSA needs to be updated. The old classes have been deprecated and include more detailed migration instructions in their qldoc.
|
||||
|
||||
### New Features
|
||||
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/).
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* When resolving dependencies in `build-mode: none`, `dotnet restore` now explicitly receives reachable NuGet feeds configured in `nuget.config` when feed responsiveness checking is enabled (the default), and any private registries directly, improving reliability when default feeds are unavailable or restricted.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Expanded ASP and ASP.NET remote source modeling to cover additional sources, including fields of tainted parameters as well as properties and fields that become tainted transitively.
|
||||
* C# 14: Added support for user-defined compound assignment operators.
|
||||
|
||||
## 5.5.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* C# 14: Added support for user-defined compound assignment operators.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/).
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Expanded ASP and ASP.NET remote source modeling to cover additional sources, including fields of tainted parameters as well as properties and fields that become tainted transitively.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* When resolving dependencies in `build-mode: none`, `dotnet restore` now explicitly receives reachable NuGet feeds configured in `nuget.config` when feed responsiveness checking is enabled (the default), and any private registries directly, improving reliability when default feeds are unavailable or restricted.
|
||||
20
csharp/ql/lib/change-notes/2026-04-13-cfg.md
Normal file
20
csharp/ql/lib/change-notes/2026-04-13-cfg.md
Normal file
@@ -0,0 +1,20 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* The C# control flow graph (CFG) implementation has been completely
|
||||
rewritten. The CFG now includes additional nodes to more accurately represent
|
||||
certain constructs. This also means that any existing code that implicitly
|
||||
relies on very specific details about the CFG may need to be updated.
|
||||
The CFG no longer uses splitting, which means that AST nodes now have a unique
|
||||
CFG node representation.
|
||||
Additionally, the following breaking changes have been made:
|
||||
- `ControlFlow::Node` has been renamed to `ControlFlowNode`.
|
||||
- `ControlFlow::Nodes` has been renamed to `ControlFlowNodes`.
|
||||
- `BasicBlock.getCallable` has been renamed to `BasicBlock.getEnclosingCallable`.
|
||||
- `BasicBlocks.qll` has been deleted.
|
||||
- `ControlFlowNode.getAstNode` has changed its meaning. The AST-to-CFG
|
||||
mapping remains one-to-many, but now for a different reason. It used to be
|
||||
because of splitting, but now it's because of additional "helper" CFG
|
||||
nodes. To get the (now canonical) CFG node for a given AST node, use
|
||||
`ControlFlowNode.asExpr()` or `ControlFlowNode.asStmt()` or
|
||||
`ControlFlowElement.getControlFlowNode()` instead.
|
||||
4
csharp/ql/lib/change-notes/2026-05-01-ssa-replacement.md
Normal file
4
csharp/ql/lib/change-notes/2026-05-01-ssa-replacement.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The QL classes in the C# SSA library have been renamed to improve consistency between languages. Any custom QL code that makes use of SSA needs to be updated. The old classes have been deprecated and include more detailed migration instructions in their qldoc.
|
||||
@@ -1,38 +0,0 @@
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The C# control flow graph (CFG) implementation has been completely
|
||||
rewritten. The CFG now includes additional nodes to more accurately represent
|
||||
certain constructs. This also means that any existing code that implicitly
|
||||
relies on very specific details about the CFG may need to be updated.
|
||||
The CFG no longer uses splitting, which means that AST nodes now have a unique
|
||||
CFG node representation.
|
||||
Additionally, the following breaking changes have been made:
|
||||
- `ControlFlow::Node` has been renamed to `ControlFlowNode`.
|
||||
- `ControlFlow::Nodes` has been renamed to `ControlFlowNodes`.
|
||||
- `BasicBlock.getCallable` has been renamed to `BasicBlock.getEnclosingCallable`.
|
||||
- `BasicBlocks.qll` has been deleted.
|
||||
- `ControlFlowNode.getAstNode` has changed its meaning. The AST-to-CFG
|
||||
mapping remains one-to-many, but now for a different reason. It used to be
|
||||
because of splitting, but now it's because of additional "helper" CFG
|
||||
nodes. To get the (now canonical) CFG node for a given AST node, use
|
||||
`ControlFlowNode.asExpr()` or `ControlFlowNode.asStmt()` or
|
||||
`ControlFlowElement.getControlFlowNode()` instead.
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The QL classes in the C# SSA library have been renamed to improve consistency between languages. Any custom QL code that makes use of SSA needs to be updated. The old classes have been deprecated and include more detailed migration instructions in their qldoc.
|
||||
|
||||
### New Features
|
||||
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/).
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* When resolving dependencies in `build-mode: none`, `dotnet restore` now explicitly receives reachable NuGet feeds configured in `nuget.config` when feed responsiveness checking is enabled (the default), and any private registries directly, improving reliability when default feeds are unavailable or restricted.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Expanded ASP and ASP.NET remote source modeling to cover additional sources, including fields of tainted parameters as well as properties and fields that become tainted transitively.
|
||||
* C# 14: Added support for user-defined compound assignment operators.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 6.0.0
|
||||
lastReleaseVersion: 5.5.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 6.0.1-dev
|
||||
version: 5.5.1-dev
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.7.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.2
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.2
|
||||
lastReleaseVersion: 1.7.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.7.3-dev
|
||||
version: 1.7.2-dev
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -47,7 +47,7 @@ C/C++
|
||||
* The "Multiplication result converted to larger type" (:code:`cpp/integer-multiplication-cast-to-long`) query has been upgraded to :code:`high` precision. This query will now run in the default code scanning suite.
|
||||
* The "Suspicious add with sizeof" (:code:`cpp/suspicious-add-sizeof`) query has been upgraded to :code:`high` precision. This query will now run in the default code scanning suite.
|
||||
* The "Wrong type of arguments to formatting function" (:code:`cpp/wrong-type-format-argument`) query has been upgraded to :code:`high` precision. This query will now run in the default code scanning suite.
|
||||
* The "Implicit function declaration" (:code:`cpp/implicit-function-declaration`) query has been upgraded to :code:`high` precision. However, for :code:`build-mode: none` databases, it no longer produces any results. The results in this mode were found to be very noisy and fundamentally imprecise.
|
||||
* The "Implicit function declaration" (:code:`cpp/implicit-function-declaration`) query has been upgraded to :code:`high` precision. However, for :code:`build mode: none` databases, it no longer produces any results. The results in this mode were found to be very noisy and fundamentally imprecise.
|
||||
|
||||
C#
|
||||
""
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.0.49
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.48
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.0.49
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.49
|
||||
lastReleaseVersion: 1.0.48
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.50-dev
|
||||
version: 1.0.49-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,9 +1,3 @@
|
||||
## 7.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for Go](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-go/).
|
||||
|
||||
## 7.0.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
## 7.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for Go](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-go/).
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.1.0
|
||||
lastReleaseVersion: 7.0.6
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 7.1.1-dev
|
||||
version: 7.0.7-dev
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.6.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.6.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.6.2
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.2
|
||||
lastReleaseVersion: 1.6.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.6.3-dev
|
||||
version: 1.6.2-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,18 +1,3 @@
|
||||
## 9.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added `sql-injection` sink models for the Hibernate `org.hibernate.query.QueryProducer` methods `createNativeMutationQuery`, `createMutationQuery`, and `createSelectionQuery`.
|
||||
* The `java/partial-path-traversal` and `java/partial-path-traversal-from-remote` queries now correctly recognize file separator appends using `+=`.
|
||||
* The `java/path-injection` and `java/zipslip` queries now recognize `Path.toRealPath()` as a path normalization sanitizer, consistent with the existing treatment of `Path.normalize()` and `File.getCanonicalPath()`. This reduces false positives for code that uses the NIO.2 API for path canonicalization.
|
||||
* The `java/sensitive-log` query now excludes additional common variable naming patterns that do not hold sensitive data, reducing false positives. This includes pagination/iteration tokens (`nextToken`, `pageToken`, `continuationToken`), token metadata (`tokenType`, `tokenEndpoint`, `tokenCount`), and secret metadata (`secretName`, `secretId`, `secretVersion`).
|
||||
* The `java/sensitive-log` query now treats method calls whose names contain "encrypt", "hash", or "digest" as sanitizers, consistent with the existing treatment in `java/cleartext-storage-in-log`. This reduces false positives when sensitive data is hashed or encrypted before logging.
|
||||
* The `java/trust-boundary-violation` query now recognizes regular expression checks (including `String.matches()` guards and `@javax.validation.constraints.Pattern` annotations) as sanitizers, consistent with the existing treatment of ESAPI validators. This reduces false positives when input is validated against a pattern before being stored in a session.
|
||||
|
||||
## 9.0.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/).
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `java/path-injection` and `java/zipslip` queries now recognize `Path.toRealPath()` as a path normalization sanitizer, consistent with the existing treatment of `Path.normalize()` and `File.getCanonicalPath()`. This reduces false positives for code that uses the NIO.2 API for path canonicalization.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `java/sensitive-log` query now excludes additional common variable naming patterns that do not hold sensitive data, reducing false positives. This includes pagination/iteration tokens (`nextToken`, `pageToken`, `continuationToken`), token metadata (`tokenType`, `tokenEndpoint`, `tokenCount`), and secret metadata (`secretName`, `secretId`, `secretVersion`).
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `java/sensitive-log` query now treats method calls whose names contain "encrypt", "hash", or "digest" as sanitizers, consistent with the existing treatment in `java/cleartext-storage-in-log`. This reduces false positives when sensitive data is hashed or encrypted before logging.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `java/trust-boundary-violation` query now recognizes regular expression checks (including `String.matches()` guards and `@javax.validation.constraints.Pattern` annotations) as sanitizers, consistent with the existing treatment of ESAPI validators. This reduces false positives when input is validated against a pattern before being stored in a session.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `java/partial-path-traversal` and `java/partial-path-traversal-from-remote` queries now correctly recognize file separator appends using `+=`.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `sql-injection` sink models for the Hibernate `org.hibernate.query.QueryProducer` methods `createNativeMutationQuery`, `createMutationQuery`, and `createSelectionQuery`.
|
||||
@@ -1,14 +0,0 @@
|
||||
## 9.1.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added `sql-injection` sink models for the Hibernate `org.hibernate.query.QueryProducer` methods `createNativeMutationQuery`, `createMutationQuery`, and `createSelectionQuery`.
|
||||
* The `java/partial-path-traversal` and `java/partial-path-traversal-from-remote` queries now correctly recognize file separator appends using `+=`.
|
||||
* The `java/path-injection` and `java/zipslip` queries now recognize `Path.toRealPath()` as a path normalization sanitizer, consistent with the existing treatment of `Path.normalize()` and `File.getCanonicalPath()`. This reduces false positives for code that uses the NIO.2 API for path canonicalization.
|
||||
* The `java/sensitive-log` query now excludes additional common variable naming patterns that do not hold sensitive data, reducing false positives. This includes pagination/iteration tokens (`nextToken`, `pageToken`, `continuationToken`), token metadata (`tokenType`, `tokenEndpoint`, `tokenCount`), and secret metadata (`secretName`, `secretId`, `secretVersion`).
|
||||
* The `java/sensitive-log` query now treats method calls whose names contain "encrypt", "hash", or "digest" as sanitizers, consistent with the existing treatment in `java/cleartext-storage-in-log`. This reduces false positives when sensitive data is hashed or encrypted before logging.
|
||||
* The `java/trust-boundary-violation` query now recognizes regular expression checks (including `String.matches()` guards and `@javax.validation.constraints.Pattern` annotations) as sanitizers, consistent with the existing treatment of ESAPI validators. This reduces false positives when input is validated against a pattern before being stored in a session.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 9.1.0
|
||||
lastReleaseVersion: 9.0.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 9.1.1-dev
|
||||
version: 9.0.5-dev
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.11.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.11.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.11.2
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.11.2
|
||||
lastReleaseVersion: 1.11.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 1.11.3-dev
|
||||
version: 1.11.2-dev
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,10 +1,3 @@
|
||||
## 2.7.0
|
||||
|
||||
### New Features
|
||||
|
||||
* Added support for [`@vercel/node`](https://www.npmjs.com/package/@vercel/node) Vercel serverless functions. Handlers are recognized via the `VercelRequest`/`VercelResponse` TypeScript parameter types, and standard security queries (`js/reflected-xss`, `js/request-forgery`, `js/sql-injection`, `js/command-line-injection`, etc.) now detect vulnerabilities in Vercel API route files.
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for JavaScript](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/).
|
||||
|
||||
## 2.6.28
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for JavaScript](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/).
|
||||
@@ -1,6 +1,4 @@
|
||||
## 2.7.0
|
||||
|
||||
### New Features
|
||||
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added support for [`@vercel/node`](https://www.npmjs.com/package/@vercel/node) Vercel serverless functions. Handlers are recognized via the `VercelRequest`/`VercelResponse` TypeScript parameter types, and standard security queries (`js/reflected-xss`, `js/request-forgery`, `js/sql-injection`, `js/command-line-injection`, etc.) now detect vulnerabilities in Vercel API route files.
|
||||
* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for JavaScript](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/).
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.7.0
|
||||
lastReleaseVersion: 2.6.28
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 2.7.1-dev
|
||||
version: 2.6.29-dev
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 2.3.9
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 2.3.8
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 2.3.9
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.3.9
|
||||
lastReleaseVersion: 2.3.8
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 2.3.10-dev
|
||||
version: 2.3.9-dev
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
30
misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.bazel
generated
vendored
30
misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.bazel
generated
vendored
@@ -529,18 +529,6 @@ alias(
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "serde_yaml-0.9.34+deprecated",
|
||||
actual = "@vendor_ts__serde_yaml-0.9.34-deprecated//:serde_yaml",
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "serde_yaml",
|
||||
actual = "@vendor_ts__serde_yaml-0.9.34-deprecated//:serde_yaml",
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "syn-2.0.106",
|
||||
actual = "@vendor_ts__syn-2.0.106//:syn",
|
||||
@@ -602,14 +590,14 @@ alias(
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "tree-sitter-0.26.8",
|
||||
actual = "@vendor_ts__tree-sitter-0.26.8//:tree_sitter",
|
||||
name = "tree-sitter-0.25.9",
|
||||
actual = "@vendor_ts__tree-sitter-0.25.9//:tree_sitter",
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "tree-sitter",
|
||||
actual = "@vendor_ts__tree-sitter-0.26.8//:tree_sitter",
|
||||
actual = "@vendor_ts__tree-sitter-0.25.9//:tree_sitter",
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
@@ -637,18 +625,6 @@ alias(
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "tree-sitter-python-0.23.6",
|
||||
actual = "@vendor_ts__tree-sitter-python-0.23.6//:tree_sitter_python",
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "tree-sitter-python",
|
||||
actual = "@vendor_ts__tree-sitter-python-0.23.6//:tree_sitter_python",
|
||||
tags = ["manual"],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "tree-sitter-ql-0.23.1",
|
||||
actual = "@vendor_ts__tree-sitter-ql-0.23.1//:tree_sitter_ql",
|
||||
|
||||
@@ -96,9 +96,9 @@ rust_library(
|
||||
"@rules_rust//rust/platform:x86_64-unknown-uefi": [],
|
||||
"//conditions:default": ["@platforms//:incompatible"],
|
||||
}),
|
||||
version = "1.2.61",
|
||||
version = "1.2.37",
|
||||
deps = [
|
||||
"@vendor_ts__find-msvc-tools-0.1.9//:find_msvc_tools",
|
||||
"@vendor_ts__find-msvc-tools-0.1.1//:find_msvc_tools",
|
||||
"@vendor_ts__jobserver-0.1.34//:jobserver",
|
||||
"@vendor_ts__shlex-1.3.0//:shlex",
|
||||
] + select({
|
||||
@@ -93,5 +93,5 @@ rust_library(
|
||||
"@rules_rust//rust/platform:x86_64-unknown-uefi": [],
|
||||
"//conditions:default": ["@platforms//:incompatible"],
|
||||
}),
|
||||
version = "0.1.9",
|
||||
version = "0.1.1",
|
||||
)
|
||||
@@ -154,7 +154,7 @@ cargo_build_script(
|
||||
version = "0.1.2",
|
||||
visibility = ["//visibility:private"],
|
||||
deps = [
|
||||
"@vendor_ts__cc-1.2.61//:cc",
|
||||
"@vendor_ts__cc-1.2.37//:cc",
|
||||
],
|
||||
)
|
||||
|
||||
|
||||
@@ -101,12 +101,12 @@ rust_library(
|
||||
"@rules_rust//rust/platform:x86_64-unknown-uefi": [],
|
||||
"//conditions:default": ["@platforms//:incompatible"],
|
||||
}),
|
||||
version = "0.26.8",
|
||||
version = "0.25.9",
|
||||
deps = [
|
||||
"@vendor_ts__regex-1.11.3//:regex",
|
||||
"@vendor_ts__regex-syntax-0.8.6//:regex_syntax",
|
||||
"@vendor_ts__streaming-iterator-0.1.9//:streaming_iterator",
|
||||
"@vendor_ts__tree-sitter-0.26.8//:build_script_build",
|
||||
"@vendor_ts__tree-sitter-0.25.9//:build_script_build",
|
||||
"@vendor_ts__tree-sitter-language-0.1.5//:tree_sitter_language",
|
||||
],
|
||||
)
|
||||
@@ -164,10 +164,10 @@ cargo_build_script(
|
||||
"noclippy",
|
||||
"norustfmt",
|
||||
],
|
||||
version = "0.26.8",
|
||||
version = "0.25.9",
|
||||
visibility = ["//visibility:private"],
|
||||
deps = [
|
||||
"@vendor_ts__cc-1.2.61//:cc",
|
||||
"@vendor_ts__cc-1.2.37//:cc",
|
||||
"@vendor_ts__serde_json-1.0.145//:serde_json",
|
||||
],
|
||||
)
|
||||
@@ -155,7 +155,7 @@ cargo_build_script(
|
||||
version = "0.25.0",
|
||||
visibility = ["//visibility:private"],
|
||||
deps = [
|
||||
"@vendor_ts__cc-1.2.61//:cc",
|
||||
"@vendor_ts__cc-1.2.37//:cc",
|
||||
],
|
||||
)
|
||||
|
||||
|
||||
2
misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-json-0.24.8.bazel
generated
vendored
2
misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-json-0.24.8.bazel
generated
vendored
@@ -155,7 +155,7 @@ cargo_build_script(
|
||||
version = "0.24.8",
|
||||
visibility = ["//visibility:private"],
|
||||
deps = [
|
||||
"@vendor_ts__cc-1.2.61//:cc",
|
||||
"@vendor_ts__cc-1.2.37//:cc",
|
||||
],
|
||||
)
|
||||
|
||||
|
||||
166
misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-python-0.23.6.bazel
generated
vendored
166
misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-python-0.23.6.bazel
generated
vendored
@@ -1,166 +0,0 @@
|
||||
###############################################################################
|
||||
# @generated
|
||||
# DO NOT MODIFY: This file is auto-generated by a crate_universe tool. To
|
||||
# regenerate this file, run the following:
|
||||
#
|
||||
# bazel run @@//misc/bazel/3rdparty:vendor_tree_sitter_extractors
|
||||
###############################################################################
|
||||
|
||||
load(
|
||||
"@rules_rust//cargo:defs.bzl",
|
||||
"cargo_build_script",
|
||||
"cargo_toml_env_vars",
|
||||
)
|
||||
load("@rules_rust//rust:defs.bzl", "rust_library")
|
||||
|
||||
package(default_visibility = ["//visibility:public"])
|
||||
|
||||
cargo_toml_env_vars(
|
||||
name = "cargo_toml_env_vars",
|
||||
src = "Cargo.toml",
|
||||
)
|
||||
|
||||
rust_library(
|
||||
name = "tree_sitter_python",
|
||||
srcs = glob(
|
||||
include = ["**/*.rs"],
|
||||
allow_empty = True,
|
||||
),
|
||||
compile_data = glob(
|
||||
include = ["**"],
|
||||
allow_empty = True,
|
||||
exclude = [
|
||||
"**/* *",
|
||||
".tmp_git_root/**/*",
|
||||
"BUILD",
|
||||
"BUILD.bazel",
|
||||
"WORKSPACE",
|
||||
"WORKSPACE.bazel",
|
||||
],
|
||||
),
|
||||
crate_root = "bindings/rust/lib.rs",
|
||||
edition = "2021",
|
||||
rustc_env_files = [
|
||||
":cargo_toml_env_vars",
|
||||
],
|
||||
rustc_flags = [
|
||||
"--cap-lints=allow",
|
||||
],
|
||||
tags = [
|
||||
"cargo-bazel",
|
||||
"crate-name=tree-sitter-python",
|
||||
"manual",
|
||||
"noclippy",
|
||||
"norustfmt",
|
||||
],
|
||||
target_compatible_with = select({
|
||||
"@rules_rust//rust/platform:aarch64-apple-darwin": [],
|
||||
"@rules_rust//rust/platform:aarch64-apple-ios": [],
|
||||
"@rules_rust//rust/platform:aarch64-apple-ios-sim": [],
|
||||
"@rules_rust//rust/platform:aarch64-linux-android": [],
|
||||
"@rules_rust//rust/platform:aarch64-pc-windows-msvc": [],
|
||||
"@rules_rust//rust/platform:aarch64-unknown-fuchsia": [],
|
||||
"@rules_rust//rust/platform:aarch64-unknown-linux-gnu": [],
|
||||
"@rules_rust//rust/platform:aarch64-unknown-nixos-gnu": [],
|
||||
"@rules_rust//rust/platform:aarch64-unknown-nto-qnx710": [],
|
||||
"@rules_rust//rust/platform:aarch64-unknown-uefi": [],
|
||||
"@rules_rust//rust/platform:arm-unknown-linux-gnueabi": [],
|
||||
"@rules_rust//rust/platform:arm-unknown-linux-musleabi": [],
|
||||
"@rules_rust//rust/platform:armv7-linux-androideabi": [],
|
||||
"@rules_rust//rust/platform:armv7-unknown-linux-gnueabi": [],
|
||||
"@rules_rust//rust/platform:i686-apple-darwin": [],
|
||||
"@rules_rust//rust/platform:i686-linux-android": [],
|
||||
"@rules_rust//rust/platform:i686-pc-windows-msvc": [],
|
||||
"@rules_rust//rust/platform:i686-unknown-freebsd": [],
|
||||
"@rules_rust//rust/platform:i686-unknown-linux-gnu": [],
|
||||
"@rules_rust//rust/platform:powerpc-unknown-linux-gnu": [],
|
||||
"@rules_rust//rust/platform:riscv32imc-unknown-none-elf": [],
|
||||
"@rules_rust//rust/platform:riscv64gc-unknown-linux-gnu": [],
|
||||
"@rules_rust//rust/platform:riscv64gc-unknown-none-elf": [],
|
||||
"@rules_rust//rust/platform:s390x-unknown-linux-gnu": [],
|
||||
"@rules_rust//rust/platform:thumbv7em-none-eabi": [],
|
||||
"@rules_rust//rust/platform:thumbv8m.main-none-eabi": [],
|
||||
"@rules_rust//rust/platform:wasm32-unknown-emscripten": [],
|
||||
"@rules_rust//rust/platform:wasm32-unknown-unknown": [],
|
||||
"@rules_rust//rust/platform:wasm32-wasip1": [],
|
||||
"@rules_rust//rust/platform:wasm32-wasip1-threads": [],
|
||||
"@rules_rust//rust/platform:wasm32-wasip2": [],
|
||||
"@rules_rust//rust/platform:x86_64-apple-darwin": [],
|
||||
"@rules_rust//rust/platform:x86_64-apple-ios": [],
|
||||
"@rules_rust//rust/platform:x86_64-linux-android": [],
|
||||
"@rules_rust//rust/platform:x86_64-pc-windows-msvc": [],
|
||||
"@rules_rust//rust/platform:x86_64-unknown-freebsd": [],
|
||||
"@rules_rust//rust/platform:x86_64-unknown-fuchsia": [],
|
||||
"@rules_rust//rust/platform:x86_64-unknown-linux-gnu": [],
|
||||
"@rules_rust//rust/platform:x86_64-unknown-nixos-gnu": [],
|
||||
"@rules_rust//rust/platform:x86_64-unknown-none": [],
|
||||
"@rules_rust//rust/platform:x86_64-unknown-uefi": [],
|
||||
"//conditions:default": ["@platforms//:incompatible"],
|
||||
}),
|
||||
version = "0.23.6",
|
||||
deps = [
|
||||
"@vendor_ts__tree-sitter-language-0.1.5//:tree_sitter_language",
|
||||
"@vendor_ts__tree-sitter-python-0.23.6//:build_script_build",
|
||||
],
|
||||
)
|
||||
|
||||
cargo_build_script(
|
||||
name = "_bs",
|
||||
srcs = glob(
|
||||
include = ["**/*.rs"],
|
||||
allow_empty = True,
|
||||
),
|
||||
compile_data = glob(
|
||||
include = ["**"],
|
||||
allow_empty = True,
|
||||
exclude = [
|
||||
"**/* *",
|
||||
"**/*.rs",
|
||||
".tmp_git_root/**/*",
|
||||
"BUILD",
|
||||
"BUILD.bazel",
|
||||
"WORKSPACE",
|
||||
"WORKSPACE.bazel",
|
||||
],
|
||||
),
|
||||
crate_name = "build_script_build",
|
||||
crate_root = "bindings/rust/build.rs",
|
||||
data = glob(
|
||||
include = ["**"],
|
||||
allow_empty = True,
|
||||
exclude = [
|
||||
"**/* *",
|
||||
".tmp_git_root/**/*",
|
||||
"BUILD",
|
||||
"BUILD.bazel",
|
||||
"WORKSPACE",
|
||||
"WORKSPACE.bazel",
|
||||
],
|
||||
),
|
||||
edition = "2021",
|
||||
pkg_name = "tree-sitter-python",
|
||||
rustc_env_files = [
|
||||
":cargo_toml_env_vars",
|
||||
],
|
||||
rustc_flags = [
|
||||
"--cap-lints=allow",
|
||||
],
|
||||
tags = [
|
||||
"cargo-bazel",
|
||||
"crate-name=tree-sitter-python",
|
||||
"manual",
|
||||
"noclippy",
|
||||
"norustfmt",
|
||||
],
|
||||
version = "0.23.6",
|
||||
visibility = ["//visibility:private"],
|
||||
deps = [
|
||||
"@vendor_ts__cc-1.2.61//:cc",
|
||||
],
|
||||
)
|
||||
|
||||
alias(
|
||||
name = "build_script_build",
|
||||
actual = ":_bs",
|
||||
tags = ["manual"],
|
||||
)
|
||||
2
misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-ql-0.23.1.bazel
generated
vendored
2
misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-ql-0.23.1.bazel
generated
vendored
@@ -155,7 +155,7 @@ cargo_build_script(
|
||||
version = "0.23.1",
|
||||
visibility = ["//visibility:private"],
|
||||
deps = [
|
||||
"@vendor_ts__cc-1.2.61//:cc",
|
||||
"@vendor_ts__cc-1.2.37//:cc",
|
||||
],
|
||||
)
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user