mirror of
https://github.com/github/codeql.git
synced 2026-05-18 05:07:06 +02:00
Compare commits
20 Commits
copilot/su
...
codeql-cli
| Author | SHA1 | Date | |
|---|---|---|---|
|
c5329f6f38 | ||
|
|
1739e135f5 | ||
|
|
783676566c | ||
|
|
4142b9c4ce | ||
|
|
bedb80346a | ||
|
|
dc7ce3fba3 | ||
|
|
f05bff01e4 | ||
|
|
08a6b99cfd | ||
|
|
5e9fd12d8c | ||
|
|
6da7890ff5 | ||
|
|
28681508f3 | ||
|
|
27a437a514 | ||
|
|
06cc323aee | ||
|
|
b47ae420ca | ||
|
|
0eadebcabd | ||
|
|
739ed4b3bb | ||
|
|
7ab52a81a7 | ||
|
|
2892ab61ae | ||
|
|
84f6b6f67a | ||
|
|
98c8b4c080 |
@@ -1,3 +1,9 @@
|
||||
## 0.4.26
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The query `actions/code-injection/medium` has been updated to include results which were incorrectly excluded while filtering out results that are reported by `actions/code-injection/critical`.
|
||||
|
||||
## 0.4.25
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
## 0.4.26
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The query `actions/code-injection/medium` has been updated to include results which were incorrectly excluded while filtering out results that are reported by `actions/code-injection/critical`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.4.25
|
||||
lastReleaseVersion: 0.4.26
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-all
|
||||
version: 0.4.26-dev
|
||||
version: 0.4.26
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.6.18
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.17
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
actions/ql/src/change-notes/released/0.6.18.md
Normal file
3
actions/ql/src/change-notes/released/0.6.18.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.6.18
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.17
|
||||
lastReleaseVersion: 0.6.18
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-queries
|
||||
version: 0.6.18-dev
|
||||
version: 0.6.18
|
||||
library: false
|
||||
warnOnImplicitThis: true
|
||||
groups: [actions, queries]
|
||||
|
||||
@@ -1,3 +1,27 @@
|
||||
## 7.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The `_Decimal32`, `_Decimal64`, and `_Decimal128` types are no longer exposed as builtin types. Support for these gcc-specific types was incomplete, and are generally not used in C/C++ codebases.
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `OverloadedArrayExpr::getArrayOffset/0` predicate has been deprecated. Use `OverloadedArrayExpr::getArrayOffset/1` and `OverloadedArrayExpr::getAnArrayOffset` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added subclasses of `BuiltInOperations` for the `__is_bitwise_cloneable`, `__is_invocable`, and `__is_nothrow_invocable` builtin operations.
|
||||
* Added a `isThisAccess` predicate to `ParamAccessForType` that holds when the access is to the implicit object parameter.
|
||||
* Predicates `getArrayOffset/1` and `getAnArrayOffset` have been added to the `OverloadedArrayExpr` class to support C++23 multidimensional subscript operators.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a bug in the `DataFlow::BarrierGuard<...>::getABarrierNode` predicate which caused the predicate to return `DataFlow::Node`s with incorrect indirections. If you use `getABarrierNode` to implement barriers in a dataflow/taint-tracking query it may result in more query results. You can use `DataFlow::BarrierGuard<...>::getAnIndirectBarrierNode` to remove those query results.
|
||||
|
||||
## 6.1.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* The `_Decimal32`, `_Decimal64`, and `_Decimal128` types are no longer exposed as builtin types. Support for these gcc-specific types was incomplete, and are generally not used in C/C++ codebases.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Predicates `getArrayOffset/1` and `getAnArrayOffset` have been added to the `OverloadedArrayExpr` class to support C++23 multidimensional subscript operators.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `OverloadedArrayExpr::getArrayOffset/0` predicate has been deprecated. Use `OverloadedArrayExpr::getArrayOffset/1` and `OverloadedArrayExpr::getAnArrayOffset` instead.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added subclasses of `BuiltInOperations` for the `__is_bitwise_cloneable`, `__is_invocable`, and `__is_nothrow_invocable` builtin operations.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a `isThisAccess` predicate to `ParamAccessForType` that holds when the access is to the implicit object parameter.
|
||||
23
cpp/ql/lib/change-notes/released/7.0.0.md
Normal file
23
cpp/ql/lib/change-notes/released/7.0.0.md
Normal file
@@ -0,0 +1,23 @@
|
||||
## 7.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The `_Decimal32`, `_Decimal64`, and `_Decimal128` types are no longer exposed as builtin types. Support for these gcc-specific types was incomplete, and are generally not used in C/C++ codebases.
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `OverloadedArrayExpr::getArrayOffset/0` predicate has been deprecated. Use `OverloadedArrayExpr::getArrayOffset/1` and `OverloadedArrayExpr::getAnArrayOffset` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added subclasses of `BuiltInOperations` for the `__is_bitwise_cloneable`, `__is_invocable`, and `__is_nothrow_invocable` builtin operations.
|
||||
* Added a `isThisAccess` predicate to `ParamAccessForType` that holds when the access is to the implicit object parameter.
|
||||
* Predicates `getArrayOffset/1` and `getAnArrayOffset` have been added to the `OverloadedArrayExpr` class to support C++23 multidimensional subscript operators.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a bug in the `DataFlow::BarrierGuard<...>::getABarrierNode` predicate which caused the predicate to return `DataFlow::Node`s with incorrect indirections. If you use `getABarrierNode` to implement barriers in a dataflow/taint-tracking query it may result in more query results. You can use `DataFlow::BarrierGuard<...>::getAnIndirectBarrierNode` to remove those query results.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 6.1.4
|
||||
lastReleaseVersion: 7.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 6.1.5-dev
|
||||
version: 7.0.0
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -156,7 +156,7 @@ class Node extends TIRDataFlowNode {
|
||||
* If `isGLValue()` holds, then the type of this node
|
||||
* should be thought of as "pointer to `getType()`".
|
||||
*/
|
||||
DataFlowType getType() { none() } // overridden in subclasses
|
||||
Type getType() { none() } // overridden in subclasses
|
||||
|
||||
/** Gets the instruction corresponding to this node, if any. */
|
||||
Instruction asInstruction() { result = this.(InstructionNode).getInstruction() }
|
||||
@@ -541,7 +541,7 @@ class Node extends TIRDataFlowNode {
|
||||
/**
|
||||
* Gets an upper bound on the type of this node.
|
||||
*/
|
||||
DataFlowType getTypeBound() { result = this.getType() }
|
||||
Type getTypeBound() { result = this.getType() }
|
||||
|
||||
/** Gets the location of this element. */
|
||||
cached
|
||||
@@ -585,7 +585,7 @@ private class Node0 extends Node, TNode0 {
|
||||
|
||||
override string toStringImpl() { result = node.toString() }
|
||||
|
||||
override DataFlowType getType() { result = node.getType() }
|
||||
override Type getType() { result = node.getType() }
|
||||
|
||||
override predicate isGLValue() { node.isGLValue() }
|
||||
}
|
||||
@@ -704,7 +704,7 @@ class SsaSynthNode extends Node, TSsaSynthNode {
|
||||
|
||||
override Declaration getFunction() { result = node.getBasicBlock().getEnclosingFunction() }
|
||||
|
||||
override DataFlowType getType() { result = node.getSourceVariable().getType() }
|
||||
override Type getType() { result = node.getSourceVariable().getType() }
|
||||
|
||||
override predicate isGLValue() { node.getSourceVariable().isGLValue() }
|
||||
|
||||
@@ -732,7 +732,7 @@ class SsaIteratorNode extends Node, TSsaIteratorNode {
|
||||
|
||||
override Declaration getFunction() { result = node.getFunction() }
|
||||
|
||||
override DataFlowType getType() { result = node.getType() }
|
||||
override Type getType() { result = node.getType() }
|
||||
|
||||
final override Location getLocationImpl() { result = node.getLocation() }
|
||||
|
||||
@@ -792,7 +792,7 @@ class FinalGlobalValue extends Node, TFinalGlobalValue {
|
||||
|
||||
override Declaration getFunction() { result = globalUse.getIRFunction().getFunction() }
|
||||
|
||||
override DataFlowType getType() {
|
||||
override Type getType() {
|
||||
exists(int indirectionIndex |
|
||||
indirectionIndex = globalUse.getIndirectionIndex() and
|
||||
result = getTypeImpl(globalUse.getUnderlyingType(), indirectionIndex)
|
||||
@@ -826,7 +826,7 @@ class InitialGlobalValue extends Node, TInitialGlobalValue {
|
||||
|
||||
final override predicate isGLValue() { globalDef.getIndirectionIndex() = 0 }
|
||||
|
||||
override DataFlowType getType() { result = globalDef.getUnderlyingType() }
|
||||
override Type getType() { result = globalDef.getUnderlyingType() }
|
||||
|
||||
final override Location getLocationImpl() { result = globalDef.getLocation() }
|
||||
|
||||
@@ -853,7 +853,7 @@ class BodyLessParameterNodeImpl extends Node, TBodyLessParameterNodeImpl {
|
||||
/** Gets the indirection index of this node. */
|
||||
int getIndirectionIndex() { result = indirectionIndex }
|
||||
|
||||
override DataFlowType getType() {
|
||||
override Type getType() {
|
||||
result = getTypeImpl(p.getUnderlyingType(), this.getIndirectionIndex())
|
||||
}
|
||||
|
||||
@@ -1117,8 +1117,8 @@ private module RawIndirectNodes {
|
||||
|
||||
override predicate isGLValue() { this.getOperand().isGLValue() }
|
||||
|
||||
override DataFlowType getType() {
|
||||
exists(int sub, DataFlowType type, boolean isGLValue |
|
||||
override Type getType() {
|
||||
exists(int sub, Type type, boolean isGLValue |
|
||||
type = getOperandType(this.getOperand(), isGLValue) and
|
||||
if isGLValue = true then sub = 1 else sub = 0
|
||||
|
|
||||
@@ -1163,8 +1163,8 @@ private module RawIndirectNodes {
|
||||
|
||||
override predicate isGLValue() { this.getInstruction().isGLValue() }
|
||||
|
||||
override DataFlowType getType() {
|
||||
exists(int sub, DataFlowType type, boolean isGLValue |
|
||||
override Type getType() {
|
||||
exists(int sub, Type type, boolean isGLValue |
|
||||
type = getInstructionType(this.getInstruction(), isGLValue) and
|
||||
if isGLValue = true then sub = 1 else sub = 0
|
||||
|
|
||||
@@ -1263,7 +1263,7 @@ class FinalParameterNode extends Node, TFinalParameterNode {
|
||||
result.asSourceCallable() = this.getFunction()
|
||||
}
|
||||
|
||||
override DataFlowType getType() { result = getTypeImpl(p.getUnderlyingType(), indirectionIndex) }
|
||||
override Type getType() { result = getTypeImpl(p.getUnderlyingType(), indirectionIndex) }
|
||||
|
||||
final override Location getLocationImpl() {
|
||||
// Parameters can have multiple locations. When there's a unique location we use
|
||||
@@ -1539,7 +1539,7 @@ abstract class PostUpdateNode extends Node {
|
||||
*/
|
||||
abstract Node getPreUpdateNode();
|
||||
|
||||
final override DataFlowType getType() { result = this.getPreUpdateNode().getType() }
|
||||
final override Type getType() { result = this.getPreUpdateNode().getType() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1632,9 +1632,7 @@ class VariableNode extends Node, TGlobalLikeVariableNode {
|
||||
result.asSourceCallable() = v
|
||||
}
|
||||
|
||||
override DataFlowType getType() {
|
||||
result = getTypeImpl(v.getUnderlyingType(), indirectionIndex - 1)
|
||||
}
|
||||
override Type getType() { result = getTypeImpl(v.getUnderlyingType(), indirectionIndex - 1) }
|
||||
|
||||
final override Location getLocationImpl() {
|
||||
// Certain variables (such as parameters) can have multiple locations.
|
||||
|
||||
@@ -53,7 +53,7 @@ private module SourceVariables {
|
||||
* the type of this source variable should be thought of as "pointer
|
||||
* to `getType()`".
|
||||
*/
|
||||
DataFlowType getType() {
|
||||
Type getType() {
|
||||
if this.isGLValue()
|
||||
then result = base.getType()
|
||||
else result = getTypeImpl(base.getType(), ind - 1)
|
||||
@@ -1064,8 +1064,15 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {
|
||||
DataFlowIntegrationInput::Guard g, SsaImpl::Definition def, IRGuards::GuardValue val,
|
||||
int indirectionIndex
|
||||
) {
|
||||
IRGuards::Guards_v1::ParameterizedValidationWrapper<int, guardChecksInstr/4>::guardChecksDef(g,
|
||||
def, val, indirectionIndex)
|
||||
exists(Instruction e |
|
||||
IRGuards::Guards_v1::ParameterizedValidationWrapper<int, guardChecksInstr/4>::guardChecks(g,
|
||||
e, val, indirectionIndex)
|
||||
|
|
||||
indirectionIndex = 0 and
|
||||
def.(Definition).getAUse().getDef() = e
|
||||
or
|
||||
def.(Definition).getAnIndirectUse(indirectionIndex).getDef() = e
|
||||
)
|
||||
}
|
||||
|
||||
Node getABarrierNode(int indirectionIndex) {
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.5.9
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `cpp/constant-comparison` query has been updated to not produce false positives for constants that are now represented by their unfolded expression trees.
|
||||
|
||||
## 1.5.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -122,7 +122,8 @@ module Config implements DataFlow::ConfigSig {
|
||||
|
||||
predicate isBarrier(DataFlow::Node node) {
|
||||
// Block flow if the node is guarded by any <, <= or = operations.
|
||||
node = DataFlow::BarrierGuard<lessThanOrEqual/3>::getABarrierNode()
|
||||
node = DataFlow::BarrierGuard<lessThanOrEqual/3>::getABarrierNode() or
|
||||
node = DataFlow::BarrierGuard<lessThanOrEqual/3>::getAnIndirectBarrierNode()
|
||||
}
|
||||
|
||||
predicate observeDiffInformedIncrementalMode() { any() }
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.5.9
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `cpp/constant-comparison` query has been updated to not produce false positives for constants that are now represented by their unfolded expression trees.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.5.8
|
||||
lastReleaseVersion: 1.5.9
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.5.9-dev
|
||||
version: 1.5.9
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -78,7 +78,7 @@ module ModelGeneratorCommonInput implements ModelGeneratorCommonInputSig<Cpp::Lo
|
||||
{
|
||||
private module DataFlow = Df::DataFlow;
|
||||
|
||||
class Type = DataFlowPrivate::DataFlowType;
|
||||
class Type = Cpp::Type;
|
||||
|
||||
// Note: This also includes `this`
|
||||
class Parameter = DataFlow::ParameterNode;
|
||||
|
||||
@@ -4,6 +4,12 @@ void sink(int);
|
||||
|
||||
void testCheckArgument(int* p) {
|
||||
if (checkArgument(p)) {
|
||||
sink(*p); // $ barrier barrier=1
|
||||
sink(*p); // $ indirect_barrier=int barrier=int*
|
||||
}
|
||||
}
|
||||
|
||||
void testCheckArgument(int p) {
|
||||
if (checkArgument(&p)) {
|
||||
sink(p); // $ barrier=glval<int> indirect_barrier=int
|
||||
}
|
||||
}
|
||||
@@ -13,26 +13,33 @@ predicate instructionGuardChecks(IRGuardCondition gc, Instruction checked, boole
|
||||
|
||||
module BarrierGuard = DataFlow::InstructionBarrierGuard<instructionGuardChecks/3>;
|
||||
|
||||
predicate indirectBarrierGuard(DataFlow::Node node, int indirectionIndex) {
|
||||
node = BarrierGuard::getAnIndirectBarrierNode(indirectionIndex)
|
||||
predicate indirectBarrierGuard(DataFlow::Node node, string s) {
|
||||
node = BarrierGuard::getAnIndirectBarrierNode(_) and
|
||||
if node.isGLValue()
|
||||
then s = "glval<" + node.getType().toString().replaceAll(" ", "") + ">"
|
||||
else s = node.getType().toString().replaceAll(" ", "")
|
||||
}
|
||||
|
||||
predicate barrierGuard(DataFlow::Node node) { node = BarrierGuard::getABarrierNode() }
|
||||
predicate barrierGuard(DataFlow::Node node, string s) {
|
||||
node = BarrierGuard::getABarrierNode() and
|
||||
if node.isGLValue()
|
||||
then s = "glval<" + node.getType().toString().replaceAll(" ", "") + ">"
|
||||
else s = node.getType().toString().replaceAll(" ", "")
|
||||
}
|
||||
|
||||
module Test implements TestSig {
|
||||
string getARelevantTag() { result = "barrier" }
|
||||
string getARelevantTag() { result = ["barrier", "indirect_barrier"] }
|
||||
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(DataFlow::Node node |
|
||||
barrierGuard(node) and
|
||||
value = ""
|
||||
exists(DataFlow::Node node, string s |
|
||||
indirectBarrierGuard(node, s) and
|
||||
value = s and
|
||||
tag = "indirect_barrier"
|
||||
or
|
||||
exists(int indirectionIndex |
|
||||
indirectBarrierGuard(node, indirectionIndex) and
|
||||
value = indirectionIndex.toString()
|
||||
)
|
||||
barrierGuard(node, s) and
|
||||
value = s and
|
||||
tag = "barrier"
|
||||
|
|
||||
tag = "barrier" and
|
||||
element = node.toString() and
|
||||
location = node.getLocation()
|
||||
)
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.57
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.56
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.57
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.56
|
||||
lastReleaseVersion: 1.7.57
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.57-dev
|
||||
version: 1.7.57
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.57
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.56
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.57
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.56
|
||||
lastReleaseVersion: 1.7.57
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.57-dev
|
||||
version: 1.7.57
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,22 @@
|
||||
## 5.4.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the C# extractor's search for `.config`, `.props`, XML and project files.
|
||||
* Updated the generated .NET “models as data” runtime models to cover .NET 10.
|
||||
* C# 14: Support for *implicit* span conversions in the QL library.
|
||||
* Basic extractor support for .NET 10 is now available. Extraction is supported for .NET 10 projects in both traced mode and `build mode: none`. However, code that uses language features new to C# 14 is not yet fully supported for extraction and analysis.
|
||||
* Added autobuilder and `build-mode: none` support for `.slnx` solution files.
|
||||
* In `build mode: none`, .NET 10 is now used by default unless a specific .NET version is specified elsewhere.
|
||||
* Added implicit reads of `System.Collections.Generic.KeyValuePair.Value` at taint-tracking sinks and at inputs to additional taint steps. As a result, taint-tracking queries will now produce more results when a container is tainted.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed two issues affecting build mode `none`:
|
||||
* Corrected version sorting logic when detecting the newest .NET framework to use.
|
||||
* Improved stability for .NET 10 compatibility.
|
||||
* Fixed an issue where compiler-generated files were not being extracted. The extractor now runs after compilation completes to ensure all generated files are properly analyzed.
|
||||
|
||||
## 5.4.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added implicit reads of `System.Collections.Generic.KeyValuePair.Value` at taint-tracking sinks and at inputs to additional taint steps. As a result, taint-tracking queries will now produce more results when a container is tainted.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed an issue where compiler-generated files were not being extracted. The extractor now runs after compilation completes to ensure all generated files are properly analyzed.
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed two issues affecting build mode `none`:
|
||||
* Corrected version sorting logic when detecting the newest .NET framework to use.
|
||||
* Improved stability for .NET 10 compatibility.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* In `build mode: none`, .NET 10 is now used by default unless a specific .NET version is specified elsewhere.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Basic extractor support for .NET 10 is now available. Extraction is supported for .NET 10 projects in both traced mode and `build mode: none`. However, code that uses language features new to C# 14 is not yet fully supported for extraction and analysis.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added autobuilder and `build-mode: none` support for `.slnx` solution files.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* C# 14: Support for *implicit* span conversions in the QL library.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Updated the generated .NET “models as data” runtime models to cover .NET 10.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the C# extractor's search for `.config`, `.props`, XML and project files.
|
||||
18
csharp/ql/lib/change-notes/released/5.4.5.md
Normal file
18
csharp/ql/lib/change-notes/released/5.4.5.md
Normal file
@@ -0,0 +1,18 @@
|
||||
## 5.4.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the C# extractor's search for `.config`, `.props`, XML and project files.
|
||||
* Updated the generated .NET “models as data” runtime models to cover .NET 10.
|
||||
* C# 14: Support for *implicit* span conversions in the QL library.
|
||||
* Basic extractor support for .NET 10 is now available. Extraction is supported for .NET 10 projects in both traced mode and `build mode: none`. However, code that uses language features new to C# 14 is not yet fully supported for extraction and analysis.
|
||||
* Added autobuilder and `build-mode: none` support for `.slnx` solution files.
|
||||
* In `build mode: none`, .NET 10 is now used by default unless a specific .NET version is specified elsewhere.
|
||||
* Added implicit reads of `System.Collections.Generic.KeyValuePair.Value` at taint-tracking sinks and at inputs to additional taint steps. As a result, taint-tracking queries will now produce more results when a container is tainted.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed two issues affecting build mode `none`:
|
||||
* Corrected version sorting logic when detecting the newest .NET framework to use.
|
||||
* Improved stability for .NET 10 compatibility.
|
||||
* Fixed an issue where compiler-generated files were not being extracted. The extractor now runs after compilation completes to ensure all generated files are properly analyzed.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.4.4
|
||||
lastReleaseVersion: 5.4.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 5.4.5-dev
|
||||
version: 5.4.5
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 1.6.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* Updated the `name`, `description`, and alert message of `cs/path-combine` to have more details about why it's a problem.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks.
|
||||
* The `Missing cross-site request forgery token validation` query was extended to support ASP.NET Core.
|
||||
|
||||
## 1.5.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `Missing cross-site request forgery token validation` query was extended to support ASP.NET Core.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
* Updated the `name`, `description`, and alert message of `cs/path-combine` to have more details about why it's a problem.
|
||||
10
csharp/ql/src/change-notes/released/1.6.0.md
Normal file
10
csharp/ql/src/change-notes/released/1.6.0.md
Normal file
@@ -0,0 +1,10 @@
|
||||
## 1.6.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* Updated the `name`, `description`, and alert message of `cs/path-combine` to have more details about why it's a problem.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks.
|
||||
* The `Missing cross-site request forgery token validation` query was extended to support ASP.NET Core.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.5.4
|
||||
lastReleaseVersion: 1.6.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.5.5-dev
|
||||
version: 1.6.0
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.40
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.39
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.0.40
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.39
|
||||
lastReleaseVersion: 1.0.40
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.40-dev
|
||||
version: 1.0.40
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Go extractor's search for `.vue` and HTML files.
|
||||
|
||||
## 5.0.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Go extractor's search for `.vue` and HTML files.
|
||||
9
go/ql/lib/change-notes/released/6.0.0.md
Normal file
9
go/ql/lib/change-notes/released/6.0.0.md
Normal file
@@ -0,0 +1,9 @@
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Go extractor's search for `.vue` and HTML files.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.0.6
|
||||
lastReleaseVersion: 6.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 5.0.7-dev
|
||||
version: 6.0.0
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.5.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.5.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
go/ql/src/change-notes/released/1.5.4.md
Normal file
3
go/ql/src/change-notes/released/1.5.4.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.5.4
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.5.3
|
||||
lastReleaseVersion: 1.5.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.5.4-dev
|
||||
version: 1.5.4
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 7.8.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Java extractor's search for XML and properties files.
|
||||
* Additional remote flow sources from the `org.springframework.web.socket` package have been modeled.
|
||||
* A sanitizer has been added to `java/ssrf` to remove alerts when a regular expression check is used to verify that the value is safe.
|
||||
* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`.
|
||||
* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`.
|
||||
|
||||
## 7.8.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* A sanitizer has been added to `java/ssrf` to remove alerts when a regular expression check is used to verify that the value is safe.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Additional remote flow sources from the `org.springframework.web.socket` package have been modeled.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Java extractor's search for XML and properties files.
|
||||
9
java/ql/lib/change-notes/released/7.8.4.md
Normal file
9
java/ql/lib/change-notes/released/7.8.4.md
Normal file
@@ -0,0 +1,9 @@
|
||||
## 7.8.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Java extractor's search for XML and properties files.
|
||||
* Additional remote flow sources from the `org.springframework.web.socket` package have been modeled.
|
||||
* A sanitizer has been added to `java/ssrf` to remove alerts when a regular expression check is used to verify that the value is safe.
|
||||
* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`.
|
||||
* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.8.3
|
||||
lastReleaseVersion: 7.8.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 7.8.4-dev
|
||||
version: 7.8.4
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 1.10.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Credentials queries.
|
||||
* Java thread safety analysis now understands initialization to thread safe classes inside constructors.
|
||||
|
||||
## 1.10.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Java thread safety analysis now understands initialization to thread safe classes inside constructors.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Cretentials queries.
|
||||
6
java/ql/src/change-notes/released/1.10.5.md
Normal file
6
java/ql/src/change-notes/released/1.10.5.md
Normal file
@@ -0,0 +1,6 @@
|
||||
## 1.10.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Credentials queries.
|
||||
* Java thread safety analysis now understands initialization to thread safe classes inside constructors.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.10.4
|
||||
lastReleaseVersion: 1.10.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 1.10.5-dev
|
||||
version: 1.10.5
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -408,8 +408,10 @@ public class AutoBuild {
|
||||
for (String extension : fileTypes.keySet()) patterns.add("**/*" + extension);
|
||||
|
||||
// exclude files whose name strongly suggests they are minified
|
||||
patterns.add("-**/*.min.js");
|
||||
patterns.add("-**/*-min.js");
|
||||
if (!EnvironmentVariables.allowMinifiedFiles()) {
|
||||
patterns.add("-**/*.min.js");
|
||||
patterns.add("-**/*-min.js");
|
||||
}
|
||||
|
||||
// exclude `node_modules` and `bower_components`
|
||||
patterns.add("-**/node_modules");
|
||||
@@ -1074,6 +1076,7 @@ protected DependencyInstallationResult preparePackagesAndDependencies(Set<Path>
|
||||
config = config.withSourceType(getSourceType());
|
||||
config = config.withVirtualSourceRoot(virtualSourceRoot);
|
||||
if (defaultEncoding != null) config = config.withDefaultEncoding(defaultEncoding);
|
||||
config = config.withAllowMinified(EnvironmentVariables.allowMinifiedFiles());
|
||||
return config;
|
||||
}
|
||||
|
||||
|
||||
@@ -101,4 +101,12 @@ public class EnvironmentVariables {
|
||||
public static boolean isActionsExtractor() {
|
||||
return Env.systemEnv().getNonEmpty(CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE_ENV_VAR) != null;
|
||||
}
|
||||
|
||||
public static boolean allowMinifiedFiles() {
|
||||
String env = Env.systemEnv().getNonEmpty("CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES");
|
||||
if (env == null) {
|
||||
return false; // default is to not allow minified files
|
||||
}
|
||||
return Boolean.parseBoolean(env);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -205,6 +205,9 @@ public class ExtractorConfig {
|
||||
/** Should parse errors be reported as violations instead of aborting extraction? */
|
||||
private boolean tolerateParseErrors;
|
||||
|
||||
/** Should minified files be allowed? */
|
||||
private boolean allowMinified;
|
||||
|
||||
/** How should HTML files be extracted? */
|
||||
private HtmlPopulator.Config htmlHandling;
|
||||
|
||||
@@ -236,6 +239,7 @@ public class ExtractorConfig {
|
||||
this.sourceType = SourceType.AUTO;
|
||||
this.htmlHandling = HtmlPopulator.Config.ELEMENTS;
|
||||
this.tolerateParseErrors = true;
|
||||
this.allowMinified = false;
|
||||
if (experimental) {
|
||||
this.mozExtensions = true;
|
||||
this.jscript = true;
|
||||
@@ -258,6 +262,7 @@ public class ExtractorConfig {
|
||||
this.v8Extensions = that.v8Extensions;
|
||||
this.e4x = that.e4x;
|
||||
this.tolerateParseErrors = that.tolerateParseErrors;
|
||||
this.allowMinified = that.allowMinified;
|
||||
this.fileType = that.fileType;
|
||||
this.sourceType = that.sourceType;
|
||||
this.htmlHandling = that.htmlHandling;
|
||||
@@ -357,6 +362,16 @@ public class ExtractorConfig {
|
||||
return res;
|
||||
}
|
||||
|
||||
public boolean isAllowMinified() {
|
||||
return allowMinified;
|
||||
}
|
||||
|
||||
public ExtractorConfig withAllowMinified(boolean allowMinified) {
|
||||
ExtractorConfig res = new ExtractorConfig(this);
|
||||
res.allowMinified = allowMinified;
|
||||
return res;
|
||||
}
|
||||
|
||||
public boolean hasFileType() {
|
||||
return fileType != null;
|
||||
}
|
||||
@@ -467,6 +482,8 @@ public class ExtractorConfig {
|
||||
+ e4x
|
||||
+ ", tolerateParseErrors="
|
||||
+ tolerateParseErrors
|
||||
+ ", allowMinified="
|
||||
+ allowMinified
|
||||
+ ", htmlHandling="
|
||||
+ htmlHandling
|
||||
+ ", fileType="
|
||||
|
||||
@@ -549,10 +549,15 @@ public class FileExtractor {
|
||||
new TextualExtractor(
|
||||
trapwriter, locationManager, source, config.getExtractLines(), metrics, extractedFile);
|
||||
ParseResultInfo loc = extractor.extract(textualExtractor);
|
||||
int numLines = textualExtractor.isSnippet() ? 0 : textualExtractor.getNumLines();
|
||||
int linesOfCode = loc.getLinesOfCode(), linesOfComments = loc.getLinesOfComments();
|
||||
trapwriter.addTuple("numlines", fileLabel, numLines, linesOfCode, linesOfComments);
|
||||
trapwriter.addTuple("filetype", fileLabel, fileType.toString());
|
||||
if (loc.getSkipReason() != null) {
|
||||
System.err.println("Skipping file " + extractedFile + ": " + loc.getSkipReason());
|
||||
System.err.flush();
|
||||
} else {
|
||||
int numLines = textualExtractor.isSnippet() ? 0 : textualExtractor.getNumLines();
|
||||
int linesOfCode = loc.getLinesOfCode(), linesOfComments = loc.getLinesOfComments();
|
||||
trapwriter.addTuple("numlines", fileLabel, numLines, linesOfCode, linesOfComments);
|
||||
trapwriter.addTuple("filetype", fileLabel, fileType.toString());
|
||||
}
|
||||
metrics.stopPhase(ExtractionPhase.FileExtractor_extractContents);
|
||||
metrics.writeTimingsToTrap(trapwriter);
|
||||
successful = true;
|
||||
|
||||
@@ -10,6 +10,7 @@ import java.util.List;
|
||||
public class ParseResultInfo {
|
||||
private int linesOfCode, linesOfComments;
|
||||
private List<ParseError> parseErrors;
|
||||
private String skipReason;
|
||||
|
||||
public ParseResultInfo(int linesOfCode, int linesOfComments, List<ParseError> parseErrors) {
|
||||
this.linesOfCode = linesOfCode;
|
||||
@@ -17,6 +18,19 @@ public class ParseResultInfo {
|
||||
this.parseErrors = new ArrayList<>(parseErrors);
|
||||
}
|
||||
|
||||
private ParseResultInfo() {
|
||||
this.linesOfCode = 0;
|
||||
this.linesOfComments = 0;
|
||||
this.parseErrors = new ArrayList<>();
|
||||
this.skipReason = null;
|
||||
}
|
||||
|
||||
public static final ParseResultInfo skipped(String reason) {
|
||||
ParseResultInfo info = new ParseResultInfo();
|
||||
info.skipReason = reason;
|
||||
return info;
|
||||
}
|
||||
|
||||
public void add(ParseResultInfo that) {
|
||||
this.linesOfCode += that.linesOfCode;
|
||||
this.linesOfComments += that.linesOfComments;
|
||||
@@ -41,4 +55,11 @@ public class ParseResultInfo {
|
||||
public List<ParseError> getParseErrors() {
|
||||
return parseErrors;
|
||||
}
|
||||
|
||||
/**
|
||||
* If extraction of this file was skipped, gets the reason for skipping it.
|
||||
*/
|
||||
public String getSkipReason() {
|
||||
return skipReason;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -38,10 +38,34 @@ public class ScriptExtractor implements IExtractor {
|
||||
return extension.equals(".cjs") || (extension.equals(".js") && "commonjs".equals(packageType));
|
||||
}
|
||||
|
||||
private boolean isMinified(String source) {
|
||||
// If the average line length is over 200 characters, consider the file minified.
|
||||
int numberOfLineBreaks = 0;
|
||||
for (int i = 0; i < source.length(); i++) {
|
||||
char c = source.charAt(i);
|
||||
if (c == '\n') {
|
||||
numberOfLineBreaks++;
|
||||
} else if (c == '\r') {
|
||||
numberOfLineBreaks++;
|
||||
if (i + 1 < source.length() && source.charAt(i + 1) == '\n') {
|
||||
i++; // skip the next \n in case of \r\n
|
||||
}
|
||||
}
|
||||
}
|
||||
int averageLineLength =
|
||||
numberOfLineBreaks == 0 ? source.length() : source.length() / numberOfLineBreaks;
|
||||
return averageLineLength > 200;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ParseResultInfo extract(TextualExtractor textualExtractor) {
|
||||
LocationManager locationManager = textualExtractor.getLocationManager();
|
||||
String source = textualExtractor.getSource();
|
||||
|
||||
if (!config.isAllowMinified() && isMinified(source)) {
|
||||
return ParseResultInfo.skipped("File appears to be minified.");
|
||||
}
|
||||
|
||||
String shebangLine = null, shebangLineTerm = null;
|
||||
|
||||
if (source.startsWith("#!")) {
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
## 2.6.20
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Support `use cache` directives for Next.js 16.
|
||||
* Added `PreCallGraphStep` flow model for React's `useRef` hook.
|
||||
* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook.
|
||||
|
||||
## 2.6.19
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `PreCallGraphStep` flow model for React's `useRef` hook.
|
||||
* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
|
||||
- Support `use cache` directives for Next.js 16.
|
||||
7
javascript/ql/lib/change-notes/released/2.6.20.md
Normal file
7
javascript/ql/lib/change-notes/released/2.6.20.md
Normal file
@@ -0,0 +1,7 @@
|
||||
## 2.6.20
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Support `use cache` directives for Next.js 16.
|
||||
* Added `PreCallGraphStep` flow model for React's `useRef` hook.
|
||||
* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.6.19
|
||||
lastReleaseVersion: 2.6.20
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 2.6.20-dev
|
||||
version: 2.6.20
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,20 @@
|
||||
## 2.3.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* JavaScript files with an average line length greater than 200 are now considered minified and will no longer be analyzed.
|
||||
For use-cases where minified files should be analyzed, the original behavior can be restored by setting the environment variable
|
||||
`CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES=true`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The model of `vue-router` now properly detects taint sources in cases where
|
||||
the `props` property is a callback.
|
||||
* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files
|
||||
named `route` or `page` appearing outside `api` and `pages` folders.
|
||||
* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header
|
||||
is set, since the content type defaults to `text/plain`.
|
||||
|
||||
## 2.2.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files
|
||||
named `route` or `page` appearing outside `api` and `pages` folders.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header
|
||||
is set, since the content type defaults to `text/plain`.
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user