From a6c8cc955143f43455d916c1f1aa0811787539fa Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 8 Jan 2024 13:11:26 +0000 Subject: [PATCH] Release preparation for version 2.16.0 --- cpp/ql/lib/CHANGELOG.md | 21 +++++++++++ .../2022-11-21-ir-guards-replacement.md | 4 --- ...23-11-25-default-taint-tracking-removal.md | 4 --- .../change-notes/2023-11-30-as-definition.md | 4 --- .../2023-12-08-ususerinput-deprecation.md | 4 --- .../2023-12-14-dataflow-tostring.md | 4 --- .../2023-12-22-unique-function.md | 4 --- .../change-notes/2024-01-02-function-types.md | 4 --- cpp/ql/lib/change-notes/released/0.12.3.md | 20 +++++++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 11 ++++++ .../2023-12-04-incorrectly-checked-scanf.md | 4 --- ...e-of-unique-pointer-after-lifetime-ends.md | 4 --- .../2023-12-15-badly-bounded-write.md | 4 --- cpp/ql/src/change-notes/released/0.9.2.md | 10 ++++++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 +++ .../lib/change-notes/released/1.7.6.md | 3 ++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 +++ .../src/change-notes/released/1.7.6.md | 3 ++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 8 +++++ .../2023-06-22-aws-lambda-models.md | 4 --- .../2023-12-20-arg-param-mapping.md | 5 --- .../0.8.6.md} | 10 +++--- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 7 ++++ .../2023-11-29-url-redirect-false-positive.md | 4 --- .../2024-01-03-logforging-false-positive.md | 4 --- csharp/ql/src/change-notes/released/0.8.6.md | 6 ++++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 +++ .../change-notes/released/0.0.5.md | 3 ++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 8 +++++ ...ind-more-callees-for-captured-functions.md | 4 --- ...2023-12-22-minor-analysis-xpath-libxml2.md | 4 --- .../2024-01-02-go-successfully-extracted.md | 4 --- go/ql/lib/change-notes/released/0.7.6.md | 7 ++++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 6 ++++ .../0.7.6.md} | 7 ++-- go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 4 +++ .../src/change-notes/released/0.0.12.md | 3 ++ java/ql/automodel/src/codeql-pack.release.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 35 +++++++++++++++++++ .../lib/change-notes/2023-10-24-new-models.md | 12 ------- .../lib/change-notes/2023-10-31-new-models.md | 16 --------- .../2023-11-29-new-spring-models.md | 5 --- .../2023-12-05-kotlin-array-get-set.md | 4 --- ...cate-reexport-of-old-dataflow-libraries.md | 4 --- ...12-19-add-replace-methods-to-mapmutator.md | 4 --- java/ql/lib/change-notes/released/0.8.6.md | 34 ++++++++++++++++++ java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 16 +++++++++ .../2023-11-08-weak-randomness-query.md | 5 --- ...2-android-certificate-pinning-precision.md | 4 --- .../2023-12-12-ognl-invalid-sinks.md | 4 --- .../2023-12-14-flowstatestring-deprecated.md | 4 --- ...ographic-algorithm-from-properties-file.md | 4 --- java/ql/src/change-notes/released/0.8.6.md | 15 ++++++++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 +++ .../ql/lib/change-notes/released/0.8.6.md | 3 ++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 4 +++ .../ql/src/change-notes/released/0.8.6.md | 3 ++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 +++ .../change-notes/released/0.7.6.md | 3 ++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 16 +++++++++ ...0-remove-essa-nodes-from-dataflow-graph.md | 5 --- .../2023-11-21-new-type-tracking-lib.md | 4 --- .../2023-12-08-automated-subclass-models.md | 4 --- .../2023-12-18-support-variable-capture.md | 4 --- ...-12-20-add-scope-entry-definition-nodes.md | 5 --- python/ql/lib/change-notes/released/0.11.6.md | 15 ++++++++ python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 +++ python/ql/src/change-notes/released/0.9.6.md | 3 ++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 8 +++++ .../2023-11-21-new-type-tracking-lib.md | 4 --- .../0.8.6.md} | 8 +++-- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 +++ ruby/ql/src/change-notes/released/0.8.6.md | 3 ++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 +++ .../change-notes/released/0.1.6.md | 3 ++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 6 ++++ .../0.1.6.md} | 7 ++-- shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 +++ shared/mad/change-notes/released/0.2.6.md | 3 ++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 +++ .../change-notes/released/0.0.5.md | 3 ++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 +++ shared/regex/change-notes/released/0.2.6.md | 3 ++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 +++ shared/ssa/change-notes/released/0.2.6.md | 3 ++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 +++ .../change-notes/released/0.0.5.md | 3 ++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 +++ .../tutorial/change-notes/released/0.2.6.md | 3 ++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 +++ .../change-notes/released/0.2.6.md | 3 ++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 +++ shared/typos/change-notes/released/0.2.6.md | 3 ++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 +++ shared/util/change-notes/released/0.2.6.md | 3 ++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 +++ shared/yaml/change-notes/released/0.2.6.md | 3 ++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 11 ++++++ .../change-notes/2023-10-24-pattern-types.md | 5 --- .../ql/lib/change-notes/2023-11-27-append.md | 4 --- .../ql/lib/change-notes/2023-12-05-seckey.md | 4 --- .../change-notes/2023-12-07-closure-models.md | 5 --- .../change-notes/2023-12-08-pointermodels.md | 4 --- swift/ql/lib/change-notes/released/0.3.6.md | 10 ++++++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 6 ++++ .../0.3.6.md} | 6 ++-- swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 171 files changed, 504 insertions(+), 265 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md delete mode 100644 cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md delete mode 100644 cpp/ql/lib/change-notes/2023-11-30-as-definition.md delete mode 100644 cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md delete mode 100644 cpp/ql/lib/change-notes/2023-12-14-dataflow-tostring.md delete mode 100644 cpp/ql/lib/change-notes/2023-12-22-unique-function.md delete mode 100644 cpp/ql/lib/change-notes/2024-01-02-function-types.md create mode 100644 cpp/ql/lib/change-notes/released/0.12.3.md delete mode 100644 cpp/ql/src/change-notes/2023-12-04-incorrectly-checked-scanf.md delete mode 100644 cpp/ql/src/change-notes/2023-12-12-use-of-unique-pointer-after-lifetime-ends.md delete mode 100644 cpp/ql/src/change-notes/2023-12-15-badly-bounded-write.md create mode 100644 cpp/ql/src/change-notes/released/0.9.2.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.6.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.6.md delete mode 100644 csharp/ql/lib/change-notes/2023-06-22-aws-lambda-models.md delete mode 100644 csharp/ql/lib/change-notes/2023-12-20-arg-param-mapping.md rename csharp/ql/lib/change-notes/{2023-12-07-stringbuilder.md => released/0.8.6.md} (60%) delete mode 100644 csharp/ql/src/change-notes/2023-11-29-url-redirect-false-positive.md delete mode 100644 csharp/ql/src/change-notes/2024-01-03-logforging-false-positive.md create mode 100644 csharp/ql/src/change-notes/released/0.8.6.md create mode 100644 go/ql/consistency-queries/change-notes/released/0.0.5.md delete mode 100644 go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md delete mode 100644 go/ql/lib/change-notes/2023-12-22-minor-analysis-xpath-libxml2.md delete mode 100644 go/ql/lib/change-notes/2024-01-02-go-successfully-extracted.md create mode 100644 go/ql/lib/change-notes/released/0.7.6.md rename go/ql/src/change-notes/{2023-12-17-incorrect-integer-conversion-fix.md => released/0.7.6.md} (86%) create mode 100644 java/ql/automodel/src/change-notes/released/0.0.12.md delete mode 100644 java/ql/lib/change-notes/2023-10-24-new-models.md delete mode 100644 java/ql/lib/change-notes/2023-10-31-new-models.md delete mode 100644 java/ql/lib/change-notes/2023-11-29-new-spring-models.md delete mode 100644 java/ql/lib/change-notes/2023-12-05-kotlin-array-get-set.md delete mode 100644 java/ql/lib/change-notes/2023-12-08-deprecate-reexport-of-old-dataflow-libraries.md delete mode 100644 java/ql/lib/change-notes/2023-12-19-add-replace-methods-to-mapmutator.md create mode 100644 java/ql/lib/change-notes/released/0.8.6.md delete mode 100644 java/ql/src/change-notes/2023-11-08-weak-randomness-query.md delete mode 100644 java/ql/src/change-notes/2023-12-12-android-certificate-pinning-precision.md delete mode 100644 java/ql/src/change-notes/2023-12-12-ognl-invalid-sinks.md delete mode 100644 java/ql/src/change-notes/2023-12-14-flowstatestring-deprecated.md delete mode 100644 java/ql/src/change-notes/2023-12-15-weak-cryptographic-algorithm-from-properties-file.md create mode 100644 java/ql/src/change-notes/released/0.8.6.md create mode 100644 javascript/ql/lib/change-notes/released/0.8.6.md create mode 100644 javascript/ql/src/change-notes/released/0.8.6.md create mode 100644 misc/suite-helpers/change-notes/released/0.7.6.md delete mode 100644 python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md delete mode 100644 python/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md delete mode 100644 python/ql/lib/change-notes/2023-12-08-automated-subclass-models.md delete mode 100644 python/ql/lib/change-notes/2023-12-18-support-variable-capture.md delete mode 100644 python/ql/lib/change-notes/2023-12-20-add-scope-entry-definition-nodes.md create mode 100644 python/ql/lib/change-notes/released/0.11.6.md create mode 100644 python/ql/src/change-notes/released/0.9.6.md delete mode 100644 ruby/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md rename ruby/ql/lib/change-notes/{2024-01-05-division-newline.md => released/0.8.6.md} (59%) create mode 100644 ruby/ql/src/change-notes/released/0.8.6.md create mode 100644 shared/controlflow/change-notes/released/0.1.6.md rename shared/dataflow/change-notes/{2023-12-08-dataflow-old-api-deprecated.md => released/0.1.6.md} (88%) create mode 100644 shared/mad/change-notes/released/0.2.6.md create mode 100644 shared/rangeanalysis/change-notes/released/0.0.5.md create mode 100644 shared/regex/change-notes/released/0.2.6.md create mode 100644 shared/ssa/change-notes/released/0.2.6.md create mode 100644 shared/threat-models/change-notes/released/0.0.5.md create mode 100644 shared/tutorial/change-notes/released/0.2.6.md create mode 100644 shared/typetracking/change-notes/released/0.2.6.md create mode 100644 shared/typos/change-notes/released/0.2.6.md create mode 100644 shared/util/change-notes/released/0.2.6.md create mode 100644 shared/yaml/change-notes/released/0.2.6.md delete mode 100644 swift/ql/lib/change-notes/2023-10-24-pattern-types.md delete mode 100644 swift/ql/lib/change-notes/2023-11-27-append.md delete mode 100644 swift/ql/lib/change-notes/2023-12-05-seckey.md delete mode 100644 swift/ql/lib/change-notes/2023-12-07-closure-models.md delete mode 100644 swift/ql/lib/change-notes/2023-12-08-pointermodels.md create mode 100644 swift/ql/lib/change-notes/released/0.3.6.md rename swift/ql/src/change-notes/{2023-11-20-cleartext-logging.md => released/0.3.6.md} (80%) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 1466e7ce645a..e3a13b1d5183 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,24 @@ +## 0.12.3 + +### Deprecated APIs + +* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead. + +### New Features + +* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides. + +### Minor Analysis Improvements + +* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has. +* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition. +* The deprecated `DefaultTaintTracking` library has been removed. +* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases. + +### Bug Fixes + +* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`. + ## 0.12.2 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md b/cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md deleted file mode 100644 index aa924c2a497e..000000000000 --- a/cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md b/cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md deleted file mode 100644 index b5ff6a11d0d2..000000000000 --- a/cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The deprecated `DefaultTaintTracking` library has been removed. diff --git a/cpp/ql/lib/change-notes/2023-11-30-as-definition.md b/cpp/ql/lib/change-notes/2023-11-30-as-definition.md deleted file mode 100644 index 0362929ca7f3..000000000000 --- a/cpp/ql/lib/change-notes/2023-11-30-as-definition.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition. diff --git a/cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md b/cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md deleted file mode 100644 index 89b7a9007c54..000000000000 --- a/cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead. diff --git a/cpp/ql/lib/change-notes/2023-12-14-dataflow-tostring.md b/cpp/ql/lib/change-notes/2023-12-14-dataflow-tostring.md deleted file mode 100644 index 94380c96ed12..000000000000 --- a/cpp/ql/lib/change-notes/2023-12-14-dataflow-tostring.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has. diff --git a/cpp/ql/lib/change-notes/2023-12-22-unique-function.md b/cpp/ql/lib/change-notes/2023-12-22-unique-function.md deleted file mode 100644 index bd5d84132abf..000000000000 --- a/cpp/ql/lib/change-notes/2023-12-22-unique-function.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-01-02-function-types.md b/cpp/ql/lib/change-notes/2024-01-02-function-types.md deleted file mode 100644 index 9ff5e582ae88..000000000000 --- a/cpp/ql/lib/change-notes/2024-01-02-function-types.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides. diff --git a/cpp/ql/lib/change-notes/released/0.12.3.md b/cpp/ql/lib/change-notes/released/0.12.3.md new file mode 100644 index 000000000000..6ae4af94795e --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.12.3.md @@ -0,0 +1,20 @@ +## 0.12.3 + +### Deprecated APIs + +* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead. + +### New Features + +* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides. + +### Minor Analysis Improvements + +* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has. +* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition. +* The deprecated `DefaultTaintTracking` library has been removed. +* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases. + +### Bug Fixes + +* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 8baa46a61508..65578a5162ee 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.12.2 +lastReleaseVersion: 0.12.3 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 1a1f2d1c7c78..8018ba065e31 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.12.3-dev +version: 0.12.3 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index e1485b436761..9c287ddfae82 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.9.2 + +### New Queries + +* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately. +* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there. + +### Minor Analysis Improvements + +* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur. + ## 0.9.1 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2023-12-04-incorrectly-checked-scanf.md b/cpp/ql/src/change-notes/2023-12-04-incorrectly-checked-scanf.md deleted file mode 100644 index 3bebd2dff46d..000000000000 --- a/cpp/ql/src/change-notes/2023-12-04-incorrectly-checked-scanf.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there. diff --git a/cpp/ql/src/change-notes/2023-12-12-use-of-unique-pointer-after-lifetime-ends.md b/cpp/ql/src/change-notes/2023-12-12-use-of-unique-pointer-after-lifetime-ends.md deleted file mode 100644 index a74017aa6a13..000000000000 --- a/cpp/ql/src/change-notes/2023-12-12-use-of-unique-pointer-after-lifetime-ends.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2023-12-15-badly-bounded-write.md b/cpp/ql/src/change-notes/2023-12-15-badly-bounded-write.md deleted file mode 100644 index 1dd4705754b3..000000000000 --- a/cpp/ql/src/change-notes/2023-12-15-badly-bounded-write.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur. diff --git a/cpp/ql/src/change-notes/released/0.9.2.md b/cpp/ql/src/change-notes/released/0.9.2.md new file mode 100644 index 000000000000..7945a450a4c3 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.9.2.md @@ -0,0 +1,10 @@ +## 0.9.2 + +### New Queries + +* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately. +* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there. + +### Minor Analysis Improvements + +* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 6789dcd18b70..e1eda5194355 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.1 +lastReleaseVersion: 0.9.2 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 9c5e81a6c314..96c8abf6b94d 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.9.2-dev +version: 0.9.2 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 881ef60c7c73..303e0da11759 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.6 + +No user-facing changes. + ## 1.7.5 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.6.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.6.md new file mode 100644 index 000000000000..fe2a0f02e7e9 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.6.md @@ -0,0 +1,3 @@ +## 1.7.6 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 83aebd7c12a0..1f68518dba9b 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.5 +lastReleaseVersion: 1.7.6 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index a2969f590b76..167689f15798 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.6-dev +version: 1.7.6 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 881ef60c7c73..303e0da11759 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.6 + +No user-facing changes. + ## 1.7.5 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.6.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.6.md new file mode 100644 index 000000000000..fe2a0f02e7e9 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.6.md @@ -0,0 +1,3 @@ +## 1.7.6 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 83aebd7c12a0..1f68518dba9b 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.5 +lastReleaseVersion: 1.7.6 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 9c9fb4bc5fcc..7313dee61111 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.6-dev +version: 1.7.6 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index fe7cf2a05a51..a0d1cbc59f86 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,11 @@ +## 0.8.6 + +### Minor Analysis Improvements + +* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters. +* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`. +* Additional support for `Amazon.Lambda` SDK + ## 0.8.5 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2023-06-22-aws-lambda-models.md b/csharp/ql/lib/change-notes/2023-06-22-aws-lambda-models.md deleted file mode 100644 index 9943af0797f6..000000000000 --- a/csharp/ql/lib/change-notes/2023-06-22-aws-lambda-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Additional support for `Amazon.Lambda` SDK \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2023-12-20-arg-param-mapping.md b/csharp/ql/lib/change-notes/2023-12-20-arg-param-mapping.md deleted file mode 100644 index f701d47ab543..000000000000 --- a/csharp/ql/lib/change-notes/2023-12-20-arg-param-mapping.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md b/csharp/ql/lib/change-notes/released/0.8.6.md similarity index 60% rename from csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md rename to csharp/ql/lib/change-notes/released/0.8.6.md index 8ea6ff9940f7..0e4cdca9e1a3 100644 --- a/csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md +++ b/csharp/ql/lib/change-notes/released/0.8.6.md @@ -1,5 +1,7 @@ ---- -category: minorAnalysis ---- +## 0.8.6 -* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`. \ No newline at end of file +### Minor Analysis Improvements + +* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters. +* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`. +* Additional support for `Amazon.Lambda` SDK diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index cbe6bc6b7c62..d67c1aac29de 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 4afc1644ba1d..49e5f54d8703 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.6-dev +version: 0.8.6 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0318549742f4..ebb31d1516f9 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.8.6 + +### Minor Analysis Improvements + +* Fixed a Log forging false positive when using `String.Replace` to sanitize the input. +* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()` + ## 0.8.5 No user-facing changes. diff --git a/csharp/ql/src/change-notes/2023-11-29-url-redirect-false-positive.md b/csharp/ql/src/change-notes/2023-11-29-url-redirect-false-positive.md deleted file mode 100644 index b993fb80dcf1..000000000000 --- a/csharp/ql/src/change-notes/2023-11-29-url-redirect-false-positive.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()` \ No newline at end of file diff --git a/csharp/ql/src/change-notes/2024-01-03-logforging-false-positive.md b/csharp/ql/src/change-notes/2024-01-03-logforging-false-positive.md deleted file mode 100644 index d2719cb3049b..000000000000 --- a/csharp/ql/src/change-notes/2024-01-03-logforging-false-positive.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a Log forging false positive when using `String.Replace` to sanitize the input. diff --git a/csharp/ql/src/change-notes/released/0.8.6.md b/csharp/ql/src/change-notes/released/0.8.6.md new file mode 100644 index 000000000000..d52c8b7f8a14 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.8.6.md @@ -0,0 +1,6 @@ +## 0.8.6 + +### Minor Analysis Improvements + +* Fixed a Log forging false positive when using `String.Replace` to sanitize the input. +* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()` diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index cbe6bc6b7c62..d67c1aac29de 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 006a95aa0f0a..77b4bdf2f30d 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.6-dev +version: 0.8.6 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 4ffbff1e0c4e..9b269441c000 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.5 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/0.0.5.md b/go/ql/consistency-queries/change-notes/released/0.0.5.md new file mode 100644 index 000000000000..766ec2723b56 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index ec411a674bcd..bb45a1ab0182 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 1b8ac8c1be93..05cf96dc4c9c 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.5-dev +version: 0.0.5 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 87ef5eb34433..048d598bf3b9 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,11 @@ +## 0.7.6 + +### Minor Analysis Improvements + +* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned. +* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package. +* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant. + ## 0.7.5 No user-facing changes. diff --git a/go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md b/go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md deleted file mode 100644 index 8a02c12fd917..000000000000 --- a/go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant. diff --git a/go/ql/lib/change-notes/2023-12-22-minor-analysis-xpath-libxml2.md b/go/ql/lib/change-notes/2023-12-22-minor-analysis-xpath-libxml2.md deleted file mode 100644 index 16baf7f5b07a..000000000000 --- a/go/ql/lib/change-notes/2023-12-22-minor-analysis-xpath-libxml2.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package. \ No newline at end of file diff --git a/go/ql/lib/change-notes/2024-01-02-go-successfully-extracted.md b/go/ql/lib/change-notes/2024-01-02-go-successfully-extracted.md deleted file mode 100644 index 7cc21215c817..000000000000 --- a/go/ql/lib/change-notes/2024-01-02-go-successfully-extracted.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned. diff --git a/go/ql/lib/change-notes/released/0.7.6.md b/go/ql/lib/change-notes/released/0.7.6.md new file mode 100644 index 000000000000..caaee4357a33 --- /dev/null +++ b/go/ql/lib/change-notes/released/0.7.6.md @@ -0,0 +1,7 @@ +## 0.7.6 + +### Minor Analysis Improvements + +* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned. +* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package. +* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index b5108ee0bda8..863f5a24cd20 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.7.6 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index b22fdbf06ab0..8fa1884d0e04 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.6-dev +version: 0.7.6 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 504a9aefdde2..702bdfd7f402 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.6 + +### Minor Analysis Improvements + +* There was a bug in the query `go/incorrect-integer-conversion` which meant that upper bound checks using a strict inequality (`<`) and comparing against `math.MaxInt` or `math.MaxUint` were not considered correctly, which led to false positives. This has now been fixed. + ## 0.7.5 No user-facing changes. diff --git a/go/ql/src/change-notes/2023-12-17-incorrect-integer-conversion-fix.md b/go/ql/src/change-notes/released/0.7.6.md similarity index 86% rename from go/ql/src/change-notes/2023-12-17-incorrect-integer-conversion-fix.md rename to go/ql/src/change-notes/released/0.7.6.md index 23f1e1e5f451..6ae8efc913b0 100644 --- a/go/ql/src/change-notes/2023-12-17-incorrect-integer-conversion-fix.md +++ b/go/ql/src/change-notes/released/0.7.6.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.7.6 + +### Minor Analysis Improvements + * There was a bug in the query `go/incorrect-integer-conversion` which meant that upper bound checks using a strict inequality (`<`) and comparing against `math.MaxInt` or `math.MaxUint` were not considered correctly, which led to false positives. This has now been fixed. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index b5108ee0bda8..863f5a24cd20 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.7.6 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 4d54626aa34b..7ac72a934a81 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.6-dev +version: 0.7.6 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 0a3a35ff891b..d1bc8b8ee5f1 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.12 + +No user-facing changes. + ## 0.0.11 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.12.md b/java/ql/automodel/src/change-notes/released/0.0.12.md new file mode 100644 index 000000000000..0e206033bc47 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.12.md @@ -0,0 +1,3 @@ +## 0.0.12 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index e679dc420925..997fb8da83cd 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.11 +lastReleaseVersion: 0.0.12 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 9939f0ef5553..d56d6f3167c6 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.12-dev +version: 0.0.12 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index bc07396977a9..dc0af8b76be7 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,38 @@ +## 0.8.6 + +### Deprecated APIs + +* Imports of the old dataflow libraries (e.g. `semmle.code.java.dataflow.DataFlow2`) have been deprecated in the libraries under the `semmle.code.java.security` namespace. + +### Minor Analysis Improvements + +* Added the `Map#replace` and `Map#replaceAll` methods to the `MapMutator` class in `semmle.code.java.Maps`. +* Taint tracking now understands Kotlin's `Array.get` and `Array.set` methods. +* Added a sink model for the `createRelative` method of the `org.springframework.core.io.Resource` interface. +* Added source models for methods of the `org.springframework.web.util.UrlPathHelper` class and removed their taint flow models. +* Added models for the following packages: + + * com.google.common.io + * hudson + * hudson.console + * java.lang + * java.net + * java.util.logging + * javax.imageio.stream + * org.apache.commons.io + * org.apache.hadoop.hive.ql.exec + * org.apache.hadoop.hive.ql.metadata + * org.apache.tools.ant.taskdefs +* Added models for the following packages: + + * com.alibaba.druid.sql.repository + * jakarta.persistence + * jakarta.persistence.criteria + * liquibase.database.jvm + * liquibase.statement.core + * org.apache.ibatis.mapping + * org.keycloak.models.map.storage + ## 0.8.5 No user-facing changes. diff --git a/java/ql/lib/change-notes/2023-10-24-new-models.md b/java/ql/lib/change-notes/2023-10-24-new-models.md deleted file mode 100644 index b587721af7b2..000000000000 --- a/java/ql/lib/change-notes/2023-10-24-new-models.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the following packages: - - * com.alibaba.druid.sql.repository - * jakarta.persistence - * jakarta.persistence.criteria - * liquibase.database.jvm - * liquibase.statement.core - * org.apache.ibatis.mapping - * org.keycloak.models.map.storage diff --git a/java/ql/lib/change-notes/2023-10-31-new-models.md b/java/ql/lib/change-notes/2023-10-31-new-models.md deleted file mode 100644 index 1c0fc3daa555..000000000000 --- a/java/ql/lib/change-notes/2023-10-31-new-models.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the following packages: - - * com.google.common.io - * hudson - * hudson.console - * java.lang - * java.net - * java.util.logging - * javax.imageio.stream - * org.apache.commons.io - * org.apache.hadoop.hive.ql.exec - * org.apache.hadoop.hive.ql.metadata - * org.apache.tools.ant.taskdefs diff --git a/java/ql/lib/change-notes/2023-11-29-new-spring-models.md b/java/ql/lib/change-notes/2023-11-29-new-spring-models.md deleted file mode 100644 index e513f71bda6d..000000000000 --- a/java/ql/lib/change-notes/2023-11-29-new-spring-models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a sink model for the `createRelative` method of the `org.springframework.core.io.Resource` interface. -* Added source models for methods of the `org.springframework.web.util.UrlPathHelper` class and removed their taint flow models. diff --git a/java/ql/lib/change-notes/2023-12-05-kotlin-array-get-set.md b/java/ql/lib/change-notes/2023-12-05-kotlin-array-get-set.md deleted file mode 100644 index 60c56a8f8f3f..000000000000 --- a/java/ql/lib/change-notes/2023-12-05-kotlin-array-get-set.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Taint tracking now understands Kotlin's `Array.get` and `Array.set` methods. diff --git a/java/ql/lib/change-notes/2023-12-08-deprecate-reexport-of-old-dataflow-libraries.md b/java/ql/lib/change-notes/2023-12-08-deprecate-reexport-of-old-dataflow-libraries.md deleted file mode 100644 index 789949147d1b..000000000000 --- a/java/ql/lib/change-notes/2023-12-08-deprecate-reexport-of-old-dataflow-libraries.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* Imports of the old dataflow libraries (e.g. `semmle.code.java.dataflow.DataFlow2`) have been deprecated in the libraries under the `semmle.code.java.security` namespace. diff --git a/java/ql/lib/change-notes/2023-12-19-add-replace-methods-to-mapmutator.md b/java/ql/lib/change-notes/2023-12-19-add-replace-methods-to-mapmutator.md deleted file mode 100644 index 9f69b26aefbd..000000000000 --- a/java/ql/lib/change-notes/2023-12-19-add-replace-methods-to-mapmutator.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added the `Map#replace` and `Map#replaceAll` methods to the `MapMutator` class in `semmle.code.java.Maps`. diff --git a/java/ql/lib/change-notes/released/0.8.6.md b/java/ql/lib/change-notes/released/0.8.6.md new file mode 100644 index 000000000000..4af302527a5f --- /dev/null +++ b/java/ql/lib/change-notes/released/0.8.6.md @@ -0,0 +1,34 @@ +## 0.8.6 + +### Deprecated APIs + +* Imports of the old dataflow libraries (e.g. `semmle.code.java.dataflow.DataFlow2`) have been deprecated in the libraries under the `semmle.code.java.security` namespace. + +### Minor Analysis Improvements + +* Added the `Map#replace` and `Map#replaceAll` methods to the `MapMutator` class in `semmle.code.java.Maps`. +* Taint tracking now understands Kotlin's `Array.get` and `Array.set` methods. +* Added a sink model for the `createRelative` method of the `org.springframework.core.io.Resource` interface. +* Added source models for methods of the `org.springframework.web.util.UrlPathHelper` class and removed their taint flow models. +* Added models for the following packages: + + * com.google.common.io + * hudson + * hudson.console + * java.lang + * java.net + * java.util.logging + * javax.imageio.stream + * org.apache.commons.io + * org.apache.hadoop.hive.ql.exec + * org.apache.hadoop.hive.ql.metadata + * org.apache.tools.ant.taskdefs +* Added models for the following packages: + + * com.alibaba.druid.sql.repository + * jakarta.persistence + * jakarta.persistence.criteria + * liquibase.database.jvm + * liquibase.statement.core + * org.apache.ibatis.mapping + * org.keycloak.models.map.storage diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index cbe6bc6b7c62..d67c1aac29de 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 77503a51cb30..f9d3e42fa3f5 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.6-dev +version: 0.8.6 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 58799c443cc3..89a3d694649d 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,19 @@ +## 0.8.6 + +### Deprecated Queries + +* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated. + +### New Queries + +* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. + +### Minor Analysis Improvements + +* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files. +* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem. +* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`. + ## 0.8.5 No user-facing changes. diff --git a/java/ql/src/change-notes/2023-11-08-weak-randomness-query.md b/java/ql/src/change-notes/2023-11-08-weak-randomness-query.md deleted file mode 100644 index 9022f825af6e..000000000000 --- a/java/ql/src/change-notes/2023-11-08-weak-randomness-query.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: newQuery ---- -* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. - diff --git a/java/ql/src/change-notes/2023-12-12-android-certificate-pinning-precision.md b/java/ql/src/change-notes/2023-12-12-android-certificate-pinning-precision.md deleted file mode 100644 index ae3742e9f83c..000000000000 --- a/java/ql/src/change-notes/2023-12-12-android-certificate-pinning-precision.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem. diff --git a/java/ql/src/change-notes/2023-12-12-ognl-invalid-sinks.md b/java/ql/src/change-notes/2023-12-12-ognl-invalid-sinks.md deleted file mode 100644 index f7c5197bf96f..000000000000 --- a/java/ql/src/change-notes/2023-12-12-ognl-invalid-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`. diff --git a/java/ql/src/change-notes/2023-12-14-flowstatestring-deprecated.md b/java/ql/src/change-notes/2023-12-14-flowstatestring-deprecated.md deleted file mode 100644 index 580f88c78074..000000000000 --- a/java/ql/src/change-notes/2023-12-14-flowstatestring-deprecated.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated. diff --git a/java/ql/src/change-notes/2023-12-15-weak-cryptographic-algorithm-from-properties-file.md b/java/ql/src/change-notes/2023-12-15-weak-cryptographic-algorithm-from-properties-file.md deleted file mode 100644 index 9b5436b4b250..000000000000 --- a/java/ql/src/change-notes/2023-12-15-weak-cryptographic-algorithm-from-properties-file.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files. diff --git a/java/ql/src/change-notes/released/0.8.6.md b/java/ql/src/change-notes/released/0.8.6.md new file mode 100644 index 000000000000..cb3d51c991d3 --- /dev/null +++ b/java/ql/src/change-notes/released/0.8.6.md @@ -0,0 +1,15 @@ +## 0.8.6 + +### Deprecated Queries + +* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated. + +### New Queries + +* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. + +### Minor Analysis Improvements + +* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files. +* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem. +* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index cbe6bc6b7c62..d67c1aac29de 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index a409cf51016f..ce12b520b714 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.6-dev +version: 0.8.6 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 7a9d08a50f2a..c963c1fd4ab7 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.6 + +No user-facing changes. + ## 0.8.5 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/0.8.6.md b/javascript/ql/lib/change-notes/released/0.8.6.md new file mode 100644 index 000000000000..76516cea7c8b --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.8.6.md @@ -0,0 +1,3 @@ +## 0.8.6 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index cbe6bc6b7c62..d67c1aac29de 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 3fa86edf3e3b..3960ed22f04d 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.6-dev +version: 0.8.6 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 1af40bc77b5a..3e8696d3fb10 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.6 + +No user-facing changes. + ## 0.8.5 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/0.8.6.md b/javascript/ql/src/change-notes/released/0.8.6.md new file mode 100644 index 000000000000..76516cea7c8b --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.8.6.md @@ -0,0 +1,3 @@ +## 0.8.6 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index cbe6bc6b7c62..d67c1aac29de 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 947d9c61bf75..5b2e528ec737 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.6-dev +version: 0.8.6 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 4048fb51cd93..5fd816aeb8c3 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.6 + +No user-facing changes. + ## 0.7.5 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.6.md b/misc/suite-helpers/change-notes/released/0.7.6.md new file mode 100644 index 000000000000..1370a410515a --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.6.md @@ -0,0 +1,3 @@ +## 0.7.6 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index b5108ee0bda8..863f5a24cd20 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.7.6 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 5ee25056a75a..eff9586b020f 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.6-dev +version: 0.7.6 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 8a570da513f0..f9f4fc8c8a46 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,19 @@ +## 0.11.6 + +### Major Analysis Improvements + +* Added support for global data-flow through captured variables. + +### Minor Analysis Improvements + +* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler. +* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated. + +### Bug Fixes + +- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly. +- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected. + ## 0.11.5 No user-facing changes. diff --git a/python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md b/python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md deleted file mode 100644 index e35eca34679b..000000000000 --- a/python/ql/lib/change-notes/2023-11-20-remove-essa-nodes-from-dataflow-graph.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: fix ---- - -- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected. diff --git a/python/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md b/python/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md deleted file mode 100644 index aef3146d6f2b..000000000000 --- a/python/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-12-08-automated-subclass-models.md b/python/ql/lib/change-notes/2023-12-08-automated-subclass-models.md deleted file mode 100644 index 8f9e4a1b6141..000000000000 --- a/python/ql/lib/change-notes/2023-12-08-automated-subclass-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler. diff --git a/python/ql/lib/change-notes/2023-12-18-support-variable-capture.md b/python/ql/lib/change-notes/2023-12-18-support-variable-capture.md deleted file mode 100644 index e7aee047fa15..000000000000 --- a/python/ql/lib/change-notes/2023-12-18-support-variable-capture.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Added support for global data-flow through captured variables. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-12-20-add-scope-entry-definition-nodes.md b/python/ql/lib/change-notes/2023-12-20-add-scope-entry-definition-nodes.md deleted file mode 100644 index f2fca008e44c..000000000000 --- a/python/ql/lib/change-notes/2023-12-20-add-scope-entry-definition-nodes.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: fix ---- - -- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly. diff --git a/python/ql/lib/change-notes/released/0.11.6.md b/python/ql/lib/change-notes/released/0.11.6.md new file mode 100644 index 000000000000..e24d66901fcd --- /dev/null +++ b/python/ql/lib/change-notes/released/0.11.6.md @@ -0,0 +1,15 @@ +## 0.11.6 + +### Major Analysis Improvements + +* Added support for global data-flow through captured variables. + +### Minor Analysis Improvements + +* Captured subclass relationships ahead-of-time for most popular PyPI packages so we are able to resolve subclass relationships even without having the packages installed. For example we have captured that `flask_restful.Resource` is a subclass of `flask.views.MethodView`, so our Flask modeling will still consider a function named `post` on a `class Foo(flask_restful.Resource):` as a HTTP request handler. +* Python now makes use of the shared type tracking library, exposed as `semmle.python.dataflow.new.TypeTracking`. The existing type tracking library, `semmle.python.dataflow.new.TypeTracker`, has consequently been deprecated. + +### Bug Fixes + +- We would previously confuse all captured variables into a single scope entry node. Now they each get their own node so they can be tracked properly. +- The dataflow graph no longer contains SSA variables. Instead, flow is directed via the corresponding controlflow nodes. This should make the graph and the flow simpler to understand. Minor improvements in flow computation has been observed, but in general negligible changes to alerts are expected. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index ca91bf6fce9c..100225af99d3 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.11.5 +lastReleaseVersion: 0.11.6 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 8a0e93bbe8e7..aee9bfc2d01d 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.6-dev +version: 0.11.6 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 175f47861b9c..ade5cb0cc54d 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.9.6 + +No user-facing changes. + ## 0.9.5 No user-facing changes. diff --git a/python/ql/src/change-notes/released/0.9.6.md b/python/ql/src/change-notes/released/0.9.6.md new file mode 100644 index 000000000000..1e5874c13a6f --- /dev/null +++ b/python/ql/src/change-notes/released/0.9.6.md @@ -0,0 +1,3 @@ +## 0.9.6 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 460240feafff..19139c132b2d 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.5 +lastReleaseVersion: 0.9.6 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 25594b06637b..9c3e9a4dd480 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.6-dev +version: 0.9.6 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 0641b60a508e..4a2cc6d2e24c 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,11 @@ +## 0.8.6 + +### Minor Analysis Improvements + +* Parsing of division operators (`/`) at the end of a line has been improved. Before they were wrongly interpreted as the start of a regular expression literal (`/.../`) leading to syntax errors. +* Parsing of `case` statements that are formatted with the value expression on a different line than the `case` keyword has been improved and should no longer lead to syntax errors. +* Ruby now makes use of the shared type tracking library, exposed as `codeql.ruby.typetracking.TypeTracking`. The existing type tracking library, `codeql.ruby.typetracking.TypeTracker`, has consequently been deprecated. + ## 0.8.5 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md b/ruby/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md deleted file mode 100644 index c03804e59750..000000000000 --- a/ruby/ql/lib/change-notes/2023-11-21-new-type-tracking-lib.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Ruby now makes use of the shared type tracking library, exposed as `codeql.ruby.typetracking.TypeTracking`. The existing type tracking library, `codeql.ruby.typetracking.TypeTracker`, has consequently been deprecated. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2024-01-05-division-newline.md b/ruby/ql/lib/change-notes/released/0.8.6.md similarity index 59% rename from ruby/ql/lib/change-notes/2024-01-05-division-newline.md rename to ruby/ql/lib/change-notes/released/0.8.6.md index 384542e4ea4a..ed73a368b674 100644 --- a/ruby/ql/lib/change-notes/2024-01-05-division-newline.md +++ b/ruby/ql/lib/change-notes/released/0.8.6.md @@ -1,5 +1,7 @@ ---- -category: minorAnalysis ---- +## 0.8.6 + +### Minor Analysis Improvements + * Parsing of division operators (`/`) at the end of a line has been improved. Before they were wrongly interpreted as the start of a regular expression literal (`/.../`) leading to syntax errors. * Parsing of `case` statements that are formatted with the value expression on a different line than the `case` keyword has been improved and should no longer lead to syntax errors. +* Ruby now makes use of the shared type tracking library, exposed as `codeql.ruby.typetracking.TypeTracking`. The existing type tracking library, `codeql.ruby.typetracking.TypeTracker`, has consequently been deprecated. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index cbe6bc6b7c62..d67c1aac29de 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index c460d2d3638b..6a8ad466f2da 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.6-dev +version: 0.8.6 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 0e589135e411..7d5c2de21319 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.6 + +No user-facing changes. + ## 0.8.5 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/0.8.6.md b/ruby/ql/src/change-notes/released/0.8.6.md new file mode 100644 index 000000000000..76516cea7c8b --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.8.6.md @@ -0,0 +1,3 @@ +## 0.8.6 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index cbe6bc6b7c62..d67c1aac29de 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.8.6 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 9dc44497c148..222dbb854db1 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.6-dev +version: 0.8.6 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index d14dc358bafa..71269fe4ba88 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.6 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.6.md b/shared/controlflow/change-notes/released/0.1.6.md new file mode 100644 index 000000000000..b856f15fe69b --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.6.md @@ -0,0 +1,3 @@ +## 0.1.6 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 157cff8108d3..d271632b3dde 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.1.6 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 9f1a41b9c158..86a30bba306b 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.6-dev +version: 0.1.6 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 39444bf389a2..a996595df47a 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.6 + +### Deprecated APIs + +* The old configuration-class based data flow api has been deprecated. The configuration-module based api should be used instead. For details, see https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries/. + ## 0.1.5 No user-facing changes. diff --git a/shared/dataflow/change-notes/2023-12-08-dataflow-old-api-deprecated.md b/shared/dataflow/change-notes/released/0.1.6.md similarity index 88% rename from shared/dataflow/change-notes/2023-12-08-dataflow-old-api-deprecated.md rename to shared/dataflow/change-notes/released/0.1.6.md index 628a0d906688..4df6b52a190e 100644 --- a/shared/dataflow/change-notes/2023-12-08-dataflow-old-api-deprecated.md +++ b/shared/dataflow/change-notes/released/0.1.6.md @@ -1,4 +1,5 @@ ---- -category: deprecated ---- +## 0.1.6 + +### Deprecated APIs + * The old configuration-class based data flow api has been deprecated. The configuration-module based api should be used instead. For details, see https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries/. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 157cff8108d3..d271632b3dde 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.1.6 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index d53e750de32e..c3331c55e393 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.6-dev +version: 0.1.6 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 8fdbd159d53b..514ddda4d2b1 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.6.md b/shared/mad/change-notes/released/0.2.6.md new file mode 100644 index 000000000000..edaefe75481e --- /dev/null +++ b/shared/mad/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 211454ed3064..248dd0f4594b 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 47c23b2976f7..c74a3990bfd4 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true dependencies: null diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index a66789ca7f5d..381b7ea88408 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.5 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/0.0.5.md b/shared/rangeanalysis/change-notes/released/0.0.5.md new file mode 100644 index 000000000000..766ec2723b56 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index ec411a674bcd..bb45a1ab0182 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index f0c5bd25a696..a549db3f1449 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.5-dev +version: 0.0.5 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 3cf342c9f29a..04bb2adcc0ab 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.6.md b/shared/regex/change-notes/released/0.2.6.md new file mode 100644 index 000000000000..edaefe75481e --- /dev/null +++ b/shared/regex/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 211454ed3064..248dd0f4594b 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 33b5952fe87c..e2931e467a28 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index d1f2a74fec09..3ba7f8edce16 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.2.6.md b/shared/ssa/change-notes/released/0.2.6.md new file mode 100644 index 000000000000..edaefe75481e --- /dev/null +++ b/shared/ssa/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 211454ed3064..248dd0f4594b 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 00e6b698e43b..de4724ebf2a0 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 4ffbff1e0c4e..9b269441c000 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.5 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/0.0.5.md b/shared/threat-models/change-notes/released/0.0.5.md new file mode 100644 index 000000000000..766ec2723b56 --- /dev/null +++ b/shared/threat-models/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index ec411a674bcd..bb45a1ab0182 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index abe9e10f4afa..40d1dba613ca 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.5-dev +version: 0.0.5 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index a0bfc02bcbfd..1523a1599c21 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.6.md b/shared/tutorial/change-notes/released/0.2.6.md new file mode 100644 index 000000000000..edaefe75481e --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 211454ed3064..248dd0f4594b 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 9e095cb2b6c6..e0d5641a1b71 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 2236b1a2d5d4..a8639d1de49a 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.6.md b/shared/typetracking/change-notes/released/0.2.6.md new file mode 100644 index 000000000000..edaefe75481e --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 211454ed3064..248dd0f4594b 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 24301a5c13e8..88865eedf548 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 9db98dbb2d0a..bd1c41f82970 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.6.md b/shared/typos/change-notes/released/0.2.6.md new file mode 100644 index 000000000000..edaefe75481e --- /dev/null +++ b/shared/typos/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 211454ed3064..248dd0f4594b 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 3c4ea9d6fb2c..e39af7faad09 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index a1df29447d57..677b82a2b4e6 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/util/change-notes/released/0.2.6.md b/shared/util/change-notes/released/0.2.6.md new file mode 100644 index 000000000000..edaefe75481e --- /dev/null +++ b/shared/util/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 211454ed3064..248dd0f4594b 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 6652d73fba1f..65dac9155830 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index aa342042f471..e043461448eb 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.6 + +No user-facing changes. + ## 0.2.5 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.6.md b/shared/yaml/change-notes/released/0.2.6.md new file mode 100644 index 000000000000..edaefe75481e --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.6.md @@ -0,0 +1,3 @@ +## 0.2.6 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 211454ed3064..248dd0f4594b 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.2.6 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index f13f8aeca746..ca586959f2b0 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.6-dev +version: 0.2.6 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 16d44561346e..7236e3740d94 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.3.6 + +### Minor Analysis Improvements + +* Expanded flow models for `UnsafePointer` and similar classes. +* Added flow models for non-member `withUnsafePointer` and similar functions. +* Added flow models for `withMemoryRebound`, `assumingMemoryBound` and `bindMemory` member functions of library pointer classes. +* Added a sensitive data model for `SecKeyCopyExternalRepresentation`. +* Added imprecise flow models for `append` and `insert` methods, and initializer calls with a `data` argument. +* Tyes for patterns are now included in the database and made available through the `Pattern::getType()` method. + ## 0.3.5 No user-facing changes. diff --git a/swift/ql/lib/change-notes/2023-10-24-pattern-types.md b/swift/ql/lib/change-notes/2023-10-24-pattern-types.md deleted file mode 100644 index 0288e56ce3ef..000000000000 --- a/swift/ql/lib/change-notes/2023-10-24-pattern-types.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Tyes for patterns are now included in the database and made available through the `Pattern::getType()` method. diff --git a/swift/ql/lib/change-notes/2023-11-27-append.md b/swift/ql/lib/change-notes/2023-11-27-append.md deleted file mode 100644 index b6bc9dfc6bec..000000000000 --- a/swift/ql/lib/change-notes/2023-11-27-append.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added imprecise flow models for `append` and `insert` methods, and initializer calls with a `data` argument. diff --git a/swift/ql/lib/change-notes/2023-12-05-seckey.md b/swift/ql/lib/change-notes/2023-12-05-seckey.md deleted file mode 100644 index 883eedd48a59..000000000000 --- a/swift/ql/lib/change-notes/2023-12-05-seckey.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a sensitive data model for `SecKeyCopyExternalRepresentation`. diff --git a/swift/ql/lib/change-notes/2023-12-07-closure-models.md b/swift/ql/lib/change-notes/2023-12-07-closure-models.md deleted file mode 100644 index 33e0335f1e6f..000000000000 --- a/swift/ql/lib/change-notes/2023-12-07-closure-models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added flow models for non-member `withUnsafePointer` and similar functions. -* Added flow models for `withMemoryRebound`, `assumingMemoryBound` and `bindMemory` member functions of library pointer classes. diff --git a/swift/ql/lib/change-notes/2023-12-08-pointermodels.md b/swift/ql/lib/change-notes/2023-12-08-pointermodels.md deleted file mode 100644 index 18073fc04761..000000000000 --- a/swift/ql/lib/change-notes/2023-12-08-pointermodels.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Expanded flow models for `UnsafePointer` and similar classes. diff --git a/swift/ql/lib/change-notes/released/0.3.6.md b/swift/ql/lib/change-notes/released/0.3.6.md new file mode 100644 index 000000000000..0aa8cf50fdef --- /dev/null +++ b/swift/ql/lib/change-notes/released/0.3.6.md @@ -0,0 +1,10 @@ +## 0.3.6 + +### Minor Analysis Improvements + +* Expanded flow models for `UnsafePointer` and similar classes. +* Added flow models for non-member `withUnsafePointer` and similar functions. +* Added flow models for `withMemoryRebound`, `assumingMemoryBound` and `bindMemory` member functions of library pointer classes. +* Added a sensitive data model for `SecKeyCopyExternalRepresentation`. +* Added imprecise flow models for `append` and `insert` methods, and initializer calls with a `data` argument. +* Tyes for patterns are now included in the database and made available through the `Pattern::getType()` method. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 468917f2543f..7bbaa8987dd3 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.5 +lastReleaseVersion: 0.3.6 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 2a4fe611768f..62e132acadeb 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.6-dev +version: 0.3.6 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 689f4e90b87c..9ef921546760 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.3.6 + +### Minor Analysis Improvements + +* Added additional sinks for the "Cleartext logging of sensitive information" (`swift/cleartext-logging`) query. Some of these sinks are heuristic (imprecise) in nature. + ## 0.3.5 No user-facing changes. diff --git a/swift/ql/src/change-notes/2023-11-20-cleartext-logging.md b/swift/ql/src/change-notes/released/0.3.6.md similarity index 80% rename from swift/ql/src/change-notes/2023-11-20-cleartext-logging.md rename to swift/ql/src/change-notes/released/0.3.6.md index 83ecd0fd182e..e9bea70df8b4 100644 --- a/swift/ql/src/change-notes/2023-11-20-cleartext-logging.md +++ b/swift/ql/src/change-notes/released/0.3.6.md @@ -1,5 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.3.6 + +### Minor Analysis Improvements * Added additional sinks for the "Cleartext logging of sensitive information" (`swift/cleartext-logging`) query. Some of these sinks are heuristic (imprecise) in nature. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 468917f2543f..7bbaa8987dd3 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.5 +lastReleaseVersion: 0.3.6 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 180db628f9eb..686a82482a99 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.6-dev +version: 0.3.6 groups: - swift - queries pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy