mirror of
https://github.com/github/codeql.git
synced 2026-05-30 02:51:24 +02:00
Compare commits
17 Commits
erik-krogh
...
atm-experi
| Author | SHA1 | Date | |
|---|---|---|---|
|
335ae4a2d7 | ||
|
|
28fe7a7660 | ||
|
|
104ac05f49 | ||
|
|
5abb0338b9 | ||
|
|
f71807c968 | ||
|
|
2052494eee | ||
|
|
f020fdbda3 | ||
|
|
34cbc6678f | ||
|
|
5780f156d1 | ||
|
|
5e5e2646e2 | ||
|
|
8cd261af0e | ||
|
|
42f05dadc4 | ||
|
|
3d072abcff | ||
|
|
deddc52666 | ||
|
|
009ba4c280 | ||
|
|
673355df65 | ||
|
|
1f1b364feb |
2115
cpp/downgrades/19e31bf071f588bb7efd1e4d5a185ce4f6fbbd84/old.dbscheme
Normal file
2115
cpp/downgrades/19e31bf071f588bb7efd1e4d5a185ce4f6fbbd84/old.dbscheme
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,3 @@
|
||||
description: Add relation for tracking C++ braced initializers
|
||||
compatibility: full
|
||||
braced_initialisers.rel: delete
|
||||
@@ -1,3 +1,19 @@
|
||||
## 0.2.3
|
||||
|
||||
### New Features
|
||||
|
||||
* An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.
|
||||
|
||||
## 0.2.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.
|
||||
|
||||
### New Features
|
||||
|
||||
* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.
|
||||
|
||||
## 0.2.1
|
||||
|
||||
## 0.2.0
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.
|
||||
9
cpp/ql/lib/change-notes/released/0.2.2.md
Normal file
9
cpp/ql/lib/change-notes/released/0.2.2.md
Normal file
@@ -0,0 +1,9 @@
|
||||
## 0.2.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.
|
||||
|
||||
### New Features
|
||||
|
||||
* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.
|
||||
5
cpp/ql/lib/change-notes/released/0.2.3.md
Normal file
5
cpp/ql/lib/change-notes/released/0.2.3.md
Normal file
@@ -0,0 +1,5 @@
|
||||
## 0.2.3
|
||||
|
||||
### New Features
|
||||
|
||||
* An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.1
|
||||
lastReleaseVersion: 0.2.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 0.2.2-dev
|
||||
version: 0.2.3
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -51,4 +51,7 @@ class Initializer extends ControlFlowNode, @initialiser {
|
||||
override Function getControlFlowScope() { result = this.getExpr().getEnclosingFunction() }
|
||||
|
||||
override Stmt getEnclosingStmt() { result = this.getExpr().getEnclosingStmt() }
|
||||
|
||||
/** Holds if the initializer used the C++ braced initializer notation. */
|
||||
predicate isBraced() { braced_initialisers(underlyingElement(this)) }
|
||||
}
|
||||
|
||||
@@ -1436,6 +1436,10 @@ initialisers(
|
||||
int location: @location_expr ref
|
||||
);
|
||||
|
||||
braced_initialisers(
|
||||
int init: @initialiser ref
|
||||
);
|
||||
|
||||
/**
|
||||
* An ancestor for the expression, for cases in which we cannot
|
||||
* otherwise find the expression's parent.
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,2 @@
|
||||
description: Add relation for tracking C++ braced initializers
|
||||
compatibility: backwards
|
||||
@@ -1,3 +1,12 @@
|
||||
## 0.1.4
|
||||
|
||||
## 0.1.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`.
|
||||
* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers.
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`.
|
||||
6
cpp/ql/src/change-notes/released/0.1.3.md
Normal file
6
cpp/ql/src/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1,6 @@
|
||||
## 0.1.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`.
|
||||
* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers.
|
||||
1
cpp/ql/src/change-notes/released/0.1.4.md
Normal file
1
cpp/ql/src/change-notes/released/0.1.4.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.4
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.4
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.1.4
|
||||
|
||||
## 1.1.3
|
||||
|
||||
## 1.1.2
|
||||
|
||||
## 1.1.1
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
## 1.1.3
|
||||
@@ -0,0 +1 @@
|
||||
## 1.1.4
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.2
|
||||
lastReleaseVersion: 1.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.1.3-dev
|
||||
version: 1.1.4
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.1.4
|
||||
|
||||
## 1.1.3
|
||||
|
||||
## 1.1.2
|
||||
|
||||
## 1.1.1
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
## 1.1.3
|
||||
@@ -0,0 +1 @@
|
||||
## 1.1.4
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.1.2
|
||||
lastReleaseVersion: 1.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.1.3-dev
|
||||
version: 1.1.4
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.2.3
|
||||
|
||||
## 0.2.2
|
||||
|
||||
## 0.2.1
|
||||
|
||||
## 0.2.0
|
||||
|
||||
1
csharp/ql/lib/change-notes/released/0.2.2.md
Normal file
1
csharp/ql/lib/change-notes/released/0.2.2.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.2.2
|
||||
1
csharp/ql/lib/change-notes/released/0.2.3.md
Normal file
1
csharp/ql/lib/change-notes/released/0.2.3.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.2.3
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.1
|
||||
lastReleaseVersion: 0.2.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 0.2.2-dev
|
||||
version: 0.2.3
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -777,10 +777,10 @@ module Private {
|
||||
predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) {
|
||||
exists(ParamNode p, Node mid, ParameterPosition ppos, Node ret |
|
||||
p = summaryArgParam0(_, arg, sc) and
|
||||
p.isParameterOf(_, ppos) and
|
||||
p.isParameterOf(_, pragma[only_bind_into](ppos)) and
|
||||
summaryLocalStep(p, mid, true) and
|
||||
summaryLocalStep(mid, ret, true) and
|
||||
isParameterPostUpdate(ret, _, ppos)
|
||||
isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos))
|
||||
|
|
||||
summaryClearsContent(mid, _) or
|
||||
summaryExpectsContent(mid, _)
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.1.4
|
||||
|
||||
## 0.1.3
|
||||
|
||||
## 0.1.2
|
||||
|
||||
## 0.1.1
|
||||
|
||||
1
csharp/ql/src/change-notes/released/0.1.3.md
Normal file
1
csharp/ql/src/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.3
|
||||
1
csharp/ql/src/change-notes/released/0.1.4.md
Normal file
1
csharp/ql/src/change-notes/released/0.1.4.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.4
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.4
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.1.4
|
||||
|
||||
## 0.1.3
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### New Features
|
||||
|
||||
1
go/ql/lib/change-notes/released/0.1.3.md
Normal file
1
go/ql/lib/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.3
|
||||
1
go/ql/lib/change-notes/released/0.1.4.md
Normal file
1
go/ql/lib/change-notes/released/0.1.4.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.4
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.4
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.1.4
|
||||
|
||||
## 0.1.3
|
||||
|
||||
## 0.1.2
|
||||
|
||||
## 0.1.1
|
||||
|
||||
1
go/ql/src/change-notes/released/0.1.3.md
Normal file
1
go/ql/src/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.3
|
||||
1
go/ql/src/change-notes/released/0.1.4.md
Normal file
1
go/ql/src/change-notes/released/0.1.4.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.4
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.4
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
@@ -8,4 +8,4 @@ extractor: go
|
||||
defaultSuiteFile: codeql-suites/go-code-scanning.qls
|
||||
dependencies:
|
||||
codeql/go-all: "*"
|
||||
codeql/suite-helpers: ~0.0.2
|
||||
codeql/suite-helpers: "*"
|
||||
|
||||
@@ -1,3 +1,16 @@
|
||||
## 0.2.3
|
||||
|
||||
## 0.2.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered
|
||||
safe against intent redirection, both its package name and class name must be checked.
|
||||
|
||||
## 0.2.1
|
||||
|
||||
### New Features
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered
|
||||
safe against intent redirection, both its package name and class name must be checked.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`.
|
||||
10
java/ql/lib/change-notes/released/0.2.2.md
Normal file
10
java/ql/lib/change-notes/released/0.2.2.md
Normal file
@@ -0,0 +1,10 @@
|
||||
## 0.2.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered
|
||||
safe against intent redirection, both its package name and class name must be checked.
|
||||
1
java/ql/lib/change-notes/released/0.2.3.md
Normal file
1
java/ql/lib/change-notes/released/0.2.3.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.2.3
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.1
|
||||
lastReleaseVersion: 0.2.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 0.2.2-dev
|
||||
version: 0.2.3
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -777,10 +777,10 @@ module Private {
|
||||
predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) {
|
||||
exists(ParamNode p, Node mid, ParameterPosition ppos, Node ret |
|
||||
p = summaryArgParam0(_, arg, sc) and
|
||||
p.isParameterOf(_, ppos) and
|
||||
p.isParameterOf(_, pragma[only_bind_into](ppos)) and
|
||||
summaryLocalStep(p, mid, true) and
|
||||
summaryLocalStep(mid, ret, true) and
|
||||
isParameterPostUpdate(ret, _, ppos)
|
||||
isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos))
|
||||
|
|
||||
summaryClearsContent(mid, _) or
|
||||
summaryExpectsContent(mid, _)
|
||||
|
||||
@@ -1,3 +1,19 @@
|
||||
## 0.1.4
|
||||
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added.
|
||||
These queries help find instances of Regular Expression Denial of Service vulnerabilities.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Query `java/sensitive-log` has received several improvements.
|
||||
* It no longer considers usernames as sensitive information.
|
||||
* The conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened.
|
||||
* A sanitizer has been added to handle certain elements introduced by a Kotlin compiler plugin that have deceptive names.
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### Query Metadata Changes
|
||||
@@ -39,7 +55,7 @@ this respect.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
|
||||
* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
|
||||
|
||||
## 0.0.11
|
||||
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
|
||||
* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added.
|
||||
These queries help find instances of Regular Expression Denial of Service vulnerabilities.
|
||||
@@ -1,6 +1,12 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added.
|
||||
These queries help find instances of Regular Expression Denial of Service vulnerabilities.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Query `java/sensitive-log` has received several improvements.
|
||||
* It no longer considers usernames as sensitive information.
|
||||
* The conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened.
|
||||
1
java/ql/src/change-notes/released/0.1.4.md
Normal file
1
java/ql/src/change-notes/released/0.1.4.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.4
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.4
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
dependencies:
|
||||
codeql/javascript-experimental-atm-model:
|
||||
version: 0.1.0
|
||||
version: 0.2.0
|
||||
compiled: false
|
||||
lockVersion: 1.0.0
|
||||
|
||||
@@ -8,4 +8,4 @@ groups:
|
||||
- experimental
|
||||
dependencies:
|
||||
codeql/javascript-experimental-atm-lib: "*"
|
||||
codeql/javascript-experimental-atm-model: "0.1.0"
|
||||
codeql/javascript-experimental-atm-model: "0.2.0"
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
## 0.1.4
|
||||
|
||||
## 0.1.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `isLibaryFile` predicate from `ClassifyFiles.qll` has been renamed to `isLibraryFile` to fix a typo.
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.1.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `isLibaryFile` predicate from `ClassifyFiles.qll` has been renamed to `isLibraryFile` to fix a typo.
|
||||
1
javascript/ql/lib/change-notes/released/0.1.4.md
Normal file
1
javascript/ql/lib/change-notes/released/0.1.4.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.4
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.4
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 0.1.4
|
||||
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* The `js/actions/command-injection` query has been added. It highlights GitHub Actions workflows that may allow an
|
||||
attacker to execute arbitrary code in the workflow.
|
||||
The query previously existed an experimental query.
|
||||
* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default.
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### New Queries
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default.
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* The `js/actions/injection` query has been added. It highlights GitHub Actions workflows that may allow an
|
||||
attacker to execute arbitrary code in the workflow.
|
||||
The query previously existed an experimental query.
|
||||
8
javascript/ql/src/change-notes/released/0.1.3.md
Normal file
8
javascript/ql/src/change-notes/released/0.1.3.md
Normal file
@@ -0,0 +1,8 @@
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* The `js/actions/command-injection` query has been added. It highlights GitHub Actions workflows that may allow an
|
||||
attacker to execute arbitrary code in the workflow.
|
||||
The query previously existed an experimental query.
|
||||
* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default.
|
||||
1
javascript/ql/src/change-notes/released/0.1.4.md
Normal file
1
javascript/ql/src/change-notes/released/0.1.4.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.4
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.4
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
## 0.4.1
|
||||
|
||||
## 0.4.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* `API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used.
|
||||
|
||||
## 0.3.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
`API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used.
|
||||
5
python/ql/lib/change-notes/released/0.4.0.md
Normal file
5
python/ql/lib/change-notes/released/0.4.0.md
Normal file
@@ -0,0 +1,5 @@
|
||||
## 0.4.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* `API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used.
|
||||
1
python/ql/lib/change-notes/released/0.4.1.md
Normal file
1
python/ql/lib/change-notes/released/0.4.1.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.4.1
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.3.0
|
||||
lastReleaseVersion: 0.4.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-all
|
||||
version: 0.3.1-dev
|
||||
version: 0.4.1
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
## 0.1.4
|
||||
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* The query "PAM authorization bypass due to incorrect usage" (`py/pam-auth-bypass`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/8595).
|
||||
|
||||
## 0.1.2
|
||||
|
||||
### New Queries
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
## 0.1.3
|
||||
|
||||
### New Queries
|
||||
|
||||
* The query "PAM authorization bypass due to incorrect usage" (`py/pam-auth-bypass`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/8595).
|
||||
1
python/ql/src/change-notes/released/0.1.4.md
Normal file
1
python/ql/src/change-notes/released/0.1.4.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.1.4
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.1.2
|
||||
lastReleaseVersion: 0.1.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/python-queries
|
||||
version: 0.1.3-dev
|
||||
version: 0.1.4
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,16 @@
|
||||
## 0.2.3
|
||||
|
||||
## 0.2.2
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Support for data flow through instance variables has been added.
|
||||
* Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`.
|
||||
|
||||
## 0.2.1
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html).
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
Support for data flow through instance variables has been added.
|
||||
10
ruby/ql/lib/change-notes/released/0.2.2.md
Normal file
10
ruby/ql/lib/change-notes/released/0.2.2.md
Normal file
@@ -0,0 +1,10 @@
|
||||
## 0.2.2
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Support for data flow through instance variables has been added.
|
||||
* Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`.
|
||||
1
ruby/ql/lib/change-notes/released/0.2.3.md
Normal file
1
ruby/ql/lib/change-notes/released/0.2.3.md
Normal file
@@ -0,0 +1 @@
|
||||
## 0.2.3
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.2.1
|
||||
lastReleaseVersion: 0.2.3
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user