hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a02dcdc5e16430e93de2bc6b0d9083af1a996e5c
codeql/go/ql/lib/CHANGELOG.md
github-actions[bot] a02dcdc5e1 Release preparation for version 2.11.1
2022-10-07 02:20:28 +00:00

2.5 KiB
Raw Blame History

0.3.1

Minor Analysis Improvements

  • Added support for BeegoInput.RequestBody as a source of untrusted data.

0.3.0

Deprecated APIs

  • Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias.

0.2.5

0.2.4

Minor Analysis Improvements

  • Go 1.19 is now supported, including adding new taint propagation steps for new standard-library functions introduced in this release.
  • Most deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
  • Fixed data-flow to captured variable references.
  • We now assume that if a channel-typed field is only referred to twice in the user codebase, once in a send operation and once in a receive, then data flows from the send to the receive statement. This enables finding some cross-goroutine flow.

0.2.3

0.2.2

0.2.1

0.2.0

Deprecated APIs

  • The BarrierGuard class has been deprecated. Such barriers and sanitizers can now instead be created using the new BarrierGuard parameterized module.

0.1.4

0.1.3

0.1.2

New Features

  • Go 1.18 generics are now extracted and can be explored using the new CodeQL classes TypeParamDecl, GenericFunctionInstantiationExpr, GenericTypeInstantiationExpr, TypeSetTerm, and TypeSetLiteralType, as well as using new predicates defined on the existing InterfaceType. Class- and predicate-level documentation can be found in the Go CodeQL library reference.

0.1.1

Minor Analysis Improvements

  • The method predicate getACalleeIncludingExternals on DataFlow::CallNode and the function viableCallable in DataFlowDispatch now also work for calls to functions via a variable, where the function can be determined using local flow.

0.1.0

Minor Analysis Improvements

  • Fixed a bug where dataflow steps were ignored if both ends were inside the initialiser routine of a file-level variable.

0.0.12

0.0.11

0.0.10

0.0.9

0.0.8

0.0.7

Deprecated APIs

  • The codeql/go-upgrades CodeQL pack has been removed. All database upgrade scripts have been merged into the codeql/go-all CodeQL pack.

Bug Fixes

  • Function's predicate getACall now returns more results in some situations. It now always returns callers that may call a method indirectly via an interface method that it implements. Previously this only happened if the method was in the source code being analysed.

0.0.6

0.0.5

0.0.4

0.0.3