github · alexet · Jan 8, 2024 · Jan 8, 2024
@@ -1,3 +1,24 @@
+## 0.12.3
+
+### Deprecated APIs
+
+* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead.
+
+### New Features
+
+* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides.
+
+### Minor Analysis Improvements
+
+* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has.
+* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition.
+* The deprecated `DefaultTaintTracking` library has been removed.
+* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases.
+
+### Bug Fixes
+
+* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`.
+
 ## 0.12.2
 
 No user-facing changes.

@@ -0,0 +1,20 @@
+## 0.12.3
+
+### Deprecated APIs
+
+* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead.
+
+### New Features
+
+* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides.
+
+### Minor Analysis Improvements
+
+* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has.
+* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition.
+* The deprecated `DefaultTaintTracking` library has been removed.
+* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases.
+
+### Bug Fixes
+
+* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.2
+lastReleaseVersion: 0.12.3
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.3-dev
+version: 0.12.3
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,14 @@
+## 0.9.2
+
+### New Queries
+
+* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately.
+* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there.
+
+### Minor Analysis Improvements
+
+* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur.
+
 ## 0.9.1
 
 No user-facing changes.

@@ -0,0 +1,10 @@
+## 0.9.2
+
+### New Queries
+
+* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately.
+* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there.
+
+### Minor Analysis Improvements
+
+* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.1
+lastReleaseVersion: 0.9.2
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.2-dev
+version: 0.9.2
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.6
+
+No user-facing changes.
+
 ## 1.7.5
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.6
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.5
+lastReleaseVersion: 1.7.6
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.6-dev
+version: 1.7.6
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.6
+
+No user-facing changes.
+
 ## 1.7.5
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.6
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.5
+lastReleaseVersion: 1.7.6
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.6-dev
+version: 1.7.6
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,11 @@
+## 0.8.6
+
+### Minor Analysis Improvements
+
+* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters.
+* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`.
+* Additional support for `Amazon.Lambda` SDK
+
 ## 0.8.5
 
 No user-facing changes.

@@ -1,5 +1,7 @@
----
-category: minorAnalysis
----
+## 0.8.6
 
-* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`.
+### Minor Analysis Improvements
+
+* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters.
+* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`.
+* Additional support for `Amazon.Lambda` SDK
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.5
+lastReleaseVersion: 0.8.6
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.6-dev
+version: 0.8.6
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,10 @@
+## 0.8.6
+
+### Minor Analysis Improvements
+
+* Fixed a Log forging false positive when using `String.Replace` to sanitize the input.    
+* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()`
+
 ## 0.8.5
 
 No user-facing changes.

@@ -0,0 +1,6 @@
+## 0.8.6
+
+### Minor Analysis Improvements
+
+* Fixed a Log forging false positive when using `String.Replace` to sanitize the input.    
+* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()`
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.5
+lastReleaseVersion: 0.8.6
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.6-dev
+version: 0.8.6
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 0.0.5
+
+No user-facing changes.
+
 ## 0.0.4
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.0.5
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.4
+lastReleaseVersion: 0.0.5
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.5-dev
+version: 0.0.5
 groups:
   - go
   - queries

@@ -1,3 +1,11 @@
+## 0.7.6
+
+### Minor Analysis Improvements
+
+* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned.
+* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package.
+* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant.
+
 ## 0.7.5
 
 No user-facing changes.

@@ -0,0 +1,7 @@
+## 0.7.6
+
+### Minor Analysis Improvements
+
+* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned.
+* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package.
+* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.5
+lastReleaseVersion: 0.7.6
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.6-dev
+version: 0.7.6
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,9 @@
+## 0.7.6
+
+### Minor Analysis Improvements
+
+* There was a bug in the query `go/incorrect-integer-conversion` which meant that upper bound checks using a strict inequality (`<`) and comparing against `math.MaxInt` or `math.MaxUint` were not considered correctly, which led to false positives. This has now been fixed.
+
 ## 0.7.5
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.7.6
+
+### Minor Analysis Improvements
+
 * There was a bug in the query `go/incorrect-integer-conversion` which meant that upper bound checks using a strict inequality (`<`) and comparing against `math.MaxInt` or `math.MaxUint` were not considered correctly, which led to false positives. This has now been fixed.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.5
+lastReleaseVersion: 0.7.6
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.6-dev
+version: 0.7.6
 groups:
   - go
   - queries

@@ -1,3 +1,7 @@
+## 0.0.12
+
+No user-facing changes.
+
 ## 0.0.11
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.0.12
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.11
+lastReleaseVersion: 0.0.12